About threats, attacks, and vulnerabilities
Welcome to Domain 1, which is all about Threats, Attacks, and Vulnerabilities!
This, I think, is one of the most interesting domains of the CompTIA Security+ because it focuses on various types of attacks that we might perform in our careers if we’re on the red team side, or that we will need to defend against if we’re on the blue team side.
So regardless of what your career aspirations are, understanding the threats, attacks, and vulnerabilities that we as humans will face, or that our IT systems will face, is highly relevant and important.
This domain is broken down into 8 subdomains, so it’s also a fairly lengthy section, which makes sense considering that this domain represents 24% of the exam. It’s the second most important domain after domain 3 which represents 25% of the exam. So between those two domains alone, you’re almost at 50% of what you can expect to be tested on in the exam.
So definitely pay attention in this section!
As you complete the subdomains, you will unlock the digital badges associated with those subdomains, and once you complete the entire domain, you’ll have unlocked all of them.
This is a way to inject a little bit of fun, but also to help you keep track of where you’re at in the course and what all you’ve accomplished. It’s a lengthy course and a hefty exam, so hopefully this provides a little bit of additional structure for your studying.
Let’s take a quick look at each subdomain before we get started.
Subdomain 1 is all about comparing and contrasting social engineering techniques. This is where we’ll learn about the different types of phishing attacks, principles used in social engineering attacks, and more.
Subdomain 2 dives into potential indicators so that you can analyze and determine what type of attack you’re dealing with. Is it malware? If so, what type of malware? What can that type of malware do to systems, and how can you defend against it? Or is it a password attack?
These are the types of questions that we’ll take a look at in subdomain 2.
The 3rd subdomain is all about application attacks. This is one of my personal favorites since I have a background in development and since Cybr was started with web application attack courses. We’ll talk about different types of application attacks, and how to identify those attacks either as they are happening, or after the fact.
Along the same lines, subdomain 4 focuses on networking attacks. This is where we’ll look at various wireless attacks, Man-in-the-middle attacks, DNS attacks, and more.
In subdomain 5, we talk about who might be behind those attacks. Are they malicious? If so, are they well funded, or are they unsophisticated? What vectors are they using?
We’ll also talk about tools, methods, and resources that we can use for intelligence in order to either go on the offense, or to defend ourselves and our applications.
In the 6th subdomain, we talk about the security concerns associated with different types of vulnerabilities. For example, what’s the difference between on-prem vs. cloud-based security? What kinds of vulnerabilities can we expect in those different environments? How can we prevent those vulnerabilities in the first place?
Those are questions we will talk about in that section.
In the second to last subdomain, we will summarize techniques used in security assessments. We’ll talk about threat hunting, vulnerability scanning, using SIEMs, and Security orchestration, automation, and response (aka SOAR).
Finally, in last subdomain for domain 1, we will explain techniques used in penetration testing. We’ll talk about the differences between white box, gray box, and black-box testing. We’ll talk about privilege escalation, persistence, pivoting, and so on…we’ll also talk more about passive versus active reconnaissance and differences between red team, blue team, white team, and purple team exercise types.
Don’t be too overwhelmed by the scope of the first domain. Again, this accounts for 24% of the exam, which is significant, so we are starting with an important domain that will cover a lot of information. Take it one subdomain at a time, and before you know it, you’ll be on domain #2!
That’s it for this introduction. Once you’re ready, go ahead and complete this lesson, and let’s get started!