Back to Course

CompTIA Security+ SY0-701 Course

0% Complete
0/0 Steps
  1. 1.0: About the course and exam

    About the course and certification
  2. About the course author
  3. Pre-requisites
  4. Tools and tips to help you study more efficiently
  5. Study techniques that will help you pass
  6. 1.1: Compare and contrast social engineering techniques
    What is social engineering?
  7. Principles
  8. Spam
  9. Blocking and Managing Spam
  10. Phishing
  11. Smishing
  12. Vishing
  13. Spear Phishing
  14. Whaling
  15. Impersonation
  16. Dumpster diving
  17. Shoulder surfing
  18. Pharming
  19. Tailgating
  20. Eliciting information
  21. Prepending
  22. Identity fraud
  23. Invoice scams
  24. Credentials harvesting
  25. Reconnaissance
  26. Hoax
  27. Watering hole attack
  28. Typo squatting and URL hijacking
  29. Influence campaigns
  30. Hybrid warfare
  31. Practical knowledge check: 1.1
  32. 1.2: Analyze potential indicators to determine the type of attack
    What is malware?
  33. Malware classification
  34. Virus
  35. Worms
  36. Backdoor
  37. Trojans
  38. Remote Access Trojan (RAT)
  39. Ransomware and Crypto Malware
  40. How does ransomware work?
  41. Potentially unwanted programs (PUPs)
  42. Spyware
  43. Adware and Malvertising
  44. Bloatware
  45. Keyloggers
  46. Fileless malware
  47. Logic bombs
  48. Rootkit
  49. Bots and Botnets
  50. Command and control
  51. What are password attacks?
  52. Plaintext, encrypted, and hashed passwords
  53. Brute force
  54. Dictionary attacks
  55. Spraying attacks
  56. Rainbow and hash tables
  57. Credential stuffing
  58. What are physical attacks?
  59. Malicious universal serial bus (USB) cable
  60. Malicious flash drive
  61. Card cloning
  62. Skimming
  63. What is adversarial AI and tainted training for ML?
  64. Supply-chain attacks
  65. Cloud-based vs. on-premises attacks
  66. Cryptography concepts
  67. Cryptographic attacks
  68. Quiz: 1.2
    3 Quizzes
  69. 1.3: Analyze potential indicators associated with application attacks
    Privilege escalation
  70. Improper input handling
  71. Improper error handling
  72. Cross-Site Scripting (XSS)
  73. Structured Query Language (SQL) injections
  74. Dynamic Link Library (DLL) Injections
  75. Lightweight directory access protocol (LDAP) Injections
  76. Extensible Markup Language (XML) and XPATH Injections
  77. XXE Injections
  78. Directory traversal
  79. Request forgeries (server-side, client-side, and cross-site)
  80. Application Programming Interface (API) attacks
  81. Secure Sockets Layer (SSL) stripping
  82. Replay attacks (session replays)
  83. Pass the hash
  84. Race conditions (time of check and time of use)
  85. Resource exhaustion
  86. Memory leak
  87. Pointer/object dereference
  88. Integer overflow
  89. Buffer overflows
  90. Driver manipulation (shimming and refactoring)
  91. Quiz 1.3
    2 Quizzes
  92. 1.4: Analyze potential indicators of network attacks
    What are wireless attacks?
  93. Distributed Denial of Service (DDoS)
  94. Rogue access point and Evil Twin
  95. Bluesnarfing and Bluejacking
  96. Disassociation and Jamming
  97. Radio Frequency Identifier (RFID) attacks
  98. Near Field Communication (NFC)
  99. Initialization Vector (IV)
  100. Man in the middle (on-path)
  101. Man in the browser (on-path browser)
  102. Network Attacks (credential replay)
  103. What are layer 2 attacks?
  104. Address resolution protocol (ARP)
  105. Media access control (MAC) flooding
  106. MAC cloning
  107. What are Domain Name System (DNS) attacks and defenses?
  108. Domain hijacking
  109. DNS poisoning
  110. Universal resource locator (URL) redirection
  111. Domain reputation
  112. Quiz 1.4
    1 Quiz
  113. 1.5: Explain threat actors, vectors, and intelligence sources
    What are actors and threats?
  114. Attributes of actors
  115. Vectors
  116. Insider threats
  117. State actors
  118. Hacktivists
  119. Script kiddies
  120. Hackers (white hat, black hat, gray hat)
  121. Criminal syndicates
  122. Advanced persistent threats (APTs)
  123. Shadow IT
  124. Competitors
  125. Threat intelligence sources (OSINT and others)
  126. Using threat intelligence
  127. Research sources
  128. Quiz 1.5
    1 Quiz
  129. 1.6: Security concerns associated with various vulnerabilities
    Cloud-based vs. on-premises vulnerabilities
  130. Zero-day vulnerabilities
  131. Weak configurations
  132. Weak encryption, hashing, and digital signatures
  133. Third-party risks
  134. Improper or weak patch management
  135. Legacy platforms
  136. Impacts
  137. Gap analysis
  138. Validation of remediation
  139. Quiz 1.6
    1 Quiz
  140. 1.7: Summarizing techniques used in security assessments
    Threat hunting
  141. Vulnerability scans
  142. Identification methods
  143. Security information and event management (SIEM) and Syslog
  144. Security orchestration, automation, and response (SOAR)
  145. Indicators of malicious activity
  146. Reporting and monitoring
  147. Quiz 1.7
    1 Quiz
  148. 1.8: Explaining techniques used in penetration testing
    Important pentesting concepts
  149. Bug bounties
  150. Exercise types (red, blue, white, and purple teams)
  151. Passive and active reconnaissance
  152. Quiz 1.8
    1 Quiz
  153. 1.9: Explaining the importance of security concepts in an enterprise environment
    Confidentiality, Integrity, and Availability (CIA)
  154. Configuration management
  155. Data sovereignty
  156. Data protection
  157. Data Format Types
  158. Hardware security module (HSM) and Trusted Platform Module (TPM)
  159. Geographical considerations
  160. Cloud access security broker (CASB)
  161. Response and recovery controls
  162. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) inspection
  163. Hashing
  164. API considerations
  165. Site resiliency
  166. Deception and disruption
  167. Introduction to Zero Trust and the control plane
  168. The data plane and Zero Trust
  169. Quiz 1.9
    1 Quiz
  170. 2.0: Virtualization and cloud computing concepts
    Comparing cloud models
  171. Cloud service providers
  172. Virtualization
  173. Containers
  174. Microservices and APIs
  175. Serverless architecture
  176. MSPs and MSSPs
  177. On-premises vs. off-premises
  178. Edge computing
  179. Fog computing
  180. Thin client
  181. Infrastructure as Code
  182. Services integration
  183. Resource policies
  184. Transit gateway
  185. Quiz 2.0
    1 Quiz
  186. 2.1: Secure application development, deployment, and automation concepts
    Understanding development environments
  187. Automation and scripting
  188. Version control
  189. Secure coding techniques
  190. Open Web Application Security Project (OWASP)
  191. Integrity measurement
  192. Software diversity
  193. Provisioning and deprovisioning
  194. Elasticity
  195. Scalability
  196. Quiz 2.1
    1 Quiz
  197. 2.2: Authentication and authorization design concepts
    Important authentication and authorization concepts
  198. Multifactor authentication (MFA) factors and attributes
  199. Quiz: MFA factors and attributes
    1 Quiz
  200. Authentication technologies
  201. Biometrics techniques and concepts
  202. Authentication, authorization, and accounting (AAA)
  203. Cloud vs. on-premises requirements
  204. Quiz 2.2
    1 Quiz
  205. 2.3: Implementing cybersecurity resilience
    What is redundancy?
  206. Disk redundancy (RAID levels)
  207. Network redundancy
  208. Power redundancy
  209. Replication
  210. Backup types (full, incremental, differential, and snapshot)
  211. Backup types practice scenarios
  212. Backup devices and strategies
  213. Quiz: Backup types, devices, and strategies
    1 Quiz
  214. Non-persistence
  215. Restoration order
  216. Diversity
  217. Quiz 2.3
    1 Quiz
  218. 2.4: Security implications of embedded and specialized systems
    What are embedded systems?
  219. System on a Chip (SoC)
  220. SCADA and ICS
  221. Internet of Things (IoT)
  222. Specialized systems
  223. VoIP, HVAC, Drones/AVs, MFP, RTOS, Surveillance systems
  224. Communication considerations
  225. Important constraints
  226. 2.5: Importance of physical security controls
    Bollards/barricades, Mantraps, Badges, Alarms, Signage
  227. Lighting and fencing
  228. Cameras and Closed-circuit television (CCTV)
  229. Industrial camouflage
  230. Personnel, robots, drones/UAVs
  231. Locks
  232. Different sensors
  233. Fire suppression
  234. Protected cable distribution (PCD)
  235. Secure areas (air gap, faraday cages, DMZ, etc…)
  236. Hot and cold aisles
  237. Secure data destruction
  238. USB data blocker
  239. Quiz 2.5
    1 Quiz
  240. 2.6: Basics of cryptography
    Common use cases
  241. Key length
  242. Key stretching
  243. Salting, hashing, digital signatures
  244. Perfect forward secrecy
  245. Elliptic curve cryptography
  246. Ephemeral
  247. Symmetric vs. asymmetric encryption
  248. Key exchange
  249. Cipher suites
  250. Modes of operation
  251. Lightweight cryptography and Homomorphic encryption
  252. Steganography
  253. Blockchain
  254. Quantum and post-quantum
  255. Limitations
  256. Encryption for different data types
  257. Quizzes 2.6
    2 Quizzes
  258. 2.7: Implement Secure Protocols
    Important protocols to know and use cases
  259. Important email secure protocols
  260. IPsec and VPN
  261. FTPS, SFTP, SCP
  262. DNSSEC
  263. SRTP and NTPsec
  264. DHCP
  265. SNMP and SNMPv3
  266. Quiz 2.7
    1 Quiz
  267. 2.8: Implement host or application security solutions
    Endpoint protection
  268. Self-encrypting drive (SED), full disk encryption (FDE), and file-level encryption
  269. Boot integrity
  270. Database and data security
  271. Application security
  272. Hardening hosts
  273. Sandboxing
  274. Quiz 2.8
    1 Quiz
  275. 2.9: Implement secure network designs
    DNS
  276. Load balancing
  277. High availability (clustering)
  278. Network segmentation
  279. East-West and North-South
  280. Jump servers (bastion hosts)
  281. Network Address Translation (NAT) Gateway
  282. Proxy servers
  283. Out-of-band management
  284. Secure communication and access
  285. Quiz 2.9.1
    1 Quiz
  286. Virtual Private Networks (VPNs) and IPsec
  287. Network Access Control (NAC)
  288. Port security
  289. Network-based intrusion detection system (NIDS) and network-based intrusion prevention system (NIPS)
  290. Firewalls
  291. Next-Generation Firewalls
  292. Access Control List (ACL) and Security Groups (SGs)
  293. Quiz 2.9.2
    1 Quiz
  294. Quality of Service (QoS)
  295. Implications of IPv6
  296. Port scanning and port mirroring
  297. File integrity monitors
  298. Quiz 2.9.3
    1 Quiz
  299. 3.0: Install and configure wireless security settings
    Cryptographic protocols
  300. Methods
  301. Authentication protocols
  302. Installation considerations
  303. Quiz 3.0
    1 Quiz
  304. 3.1: Implement secure mobile solutions
    Connection methods and receivers
  305. Mobile deployment models
  306. Mobile device management (MDM)
  307. Mobile devices
  308. Enforcement and monitoring
  309. Secure enclave
  310. Quiz 3.1
    1 Quiz
  311. 3.2: Apply cybersecurity solutions to the cloud
    Cloud security controls
  312. Secure cloud storage
  313. Secure cloud networking
  314. Secure cloud compute resources
  315. Secure cloud solutions
  316. Quiz 3.2
    1 Quiz
  317. 3.3: Implement identity and account management controls
    Understanding identity
  318. Account types to consider
  319. Account policies to consider
  320. Quiz 3.3
    1 Quiz
  321. 3.4: Implement authentication and authorization solutions
    Authentication management
  322. Authentication protocols and considerations
  323. Extensible Authentication Protocol (EAP)
  324. RADIUS and TACACS+
  325. Kerberos, LDAP, and NTLM
  326. Federated Identities
  327. Access control schemes
  328. Recap notes from this section
  329. Quiz 3.4
    1 Quiz
  330. 3.5: Implement public key infrastructure
    What is public key infrastructure?
  331. Types of certificates
  332. Certificate formats
  333. Important concepts
  334. Quiz 3.5
    1 Quiz
  335. 3.6: Use the appropriate tools to assess organizational security
    Network reconnaissance and discovery part 1
  336. Network reconnaissance and discovery part 2
  337. File manipulation
  338. Shell and script environments
  339. Packet capture and replay
  340. Forensics tools
  341. Exploitation frameworks
  342. Password crackers
  343. Data sanitization
  344. Quiz 3.6
    1 Quiz
  345. 3.7: Policies, processes, and procedures for incident response
    Incident response plans
  346. Incident response process
  347. Important exercises
  348. Important attack frameworks
  349. Business processes impacting security operations
  350. Technical implications
  351. Privileged access management tools
  352. BCP, COOP, and DRP
  353. Incident response team and stakeholder management
  354. Retention policies
  355. Quiz 3.7
    1 Quiz
  356. 3.8: Using appropriate data sources to support investigations after an incident
    Vulnerability scan outputs
  357. SIEM dashboards
  358. Log files
  359. Syslog, rsyslog, syslog-ng
  360. Journald and journalctl
  361. NXLog
  362. Bandwidth and network monitors
  363. Important and useful metadata
  364. Activities
  365. Quiz 3.8
    1 Quiz
  366. 3.9: Applying mitigation techniques or controls to secure environments during an incident
    Reconfiguring endpoint security solutions
  367. Configuration changes
  368. Isolation, containment, and segmentation
  369. Secure Orchestration, Automation, and Response (SOAR)
  370. Quiz 3.9
    1 Quiz
  371. 4.0: Key aspects of digital forensics
    Documentation and evidence
  372. E-discovery, data recovery, and non-repudiation
  373. Integrity and preservation of information
  374. Acquisition
  375. On-premises vs. cloud
  376. Strategic intelligence and counterintelligence
  377. Quiz 4.0
    1 Quiz
  378. 4.1: Compare and contrast various types of controls
    Categories
  379. Control types
  380. Types of governance structures
  381. Quiz 4.1
    1 Quiz
  382. 4.2: Applicable regulations, standards, or frameworks that impact organizational security posture
    Regulations, standards, and legislation
  383. Key frameworks to know about
  384. Benchmarks and secure configuration guides
  385. Compliance (part 1)
  386. Compliance (part 2)
  387. Internal vs. external compliance
  388. Quiz 4.2
    1 Quiz
  389. 4.3: Importance of policies to organizational security
    Personnel
  390. User training
  391. Third-party risk management
  392. Vendor monitoring
  393. Questionnaires
  394. Data
  395. Credential policies
  396. Organizational policies
  397. Quiz 4.3
    1 Quiz
  398. 4.4: Risk management processes and concepts
    Types of risks
  399. Risk management strategies
  400. Risk appetite
  401. Risk analysis
  402. Disasters
  403. Business impact analysis
  404. Quiz 4.4
    1 Quiz
  405. 4.5: Privacy and sensitive data concepts in relation to security
    Organizational consequences of privacy breaches
  406. Notifications of breaches
  407. Data Classification Categories
  408. Privacy enhancing technologies
  409. Roles and responsibilities
  410. Quiz 4.5
    1 Quiz
  411. Course Recap and Next Steps
    Looking for the practice exams?
  412. Receiving your Certificate of Completion
Lesson 37 of 412
In Progress

Trojans

Christophe March 17, 2025

If you’ve ever heard the story of the Trojan War, the Trojan Horse was a wooden horse used by the Greeks to enter the city of Troy and win the war.

It is said that the city of Troy was so well defended, that the Greeks simply couldn’t penetrate its walls. As a last-ditch effort, the Greek army came up with a clever trick. They were going to build a large wooden horse as a supposed peace gift, and then pretend to have retreated via their ships. When the Trojans saw the horse and saw that the Greeks had left, they brought the horse within their walls and had a long night of celebrations.

After most of the city fell asleep, Greek soldiers hidden and stuffed within the wooden horse broke out, opened the city gates, and signaled to the rest of the hidden Greek army. Within hours, the Greek army had control of the city.

It turns out that this is a mythical story, but the meaning of the Trojan Horse has extended far beyond this story.

In cybersecurity, it’s used to describe a form of malware that pretends to be something harmless, when in reality, it’s designed to take over control of your devices.

Examples of trojan horses

For example, an attacker could build a trojan horse to look like an image file or video file. The unsuspecting victim, thinking they were receiving a legitimate image, would open the file, which would trigger the hidden malware to execute.

Trojan horses don’t always have to be completely fake, however. For example, someone may be offering a premium application for free that you can download via torrents. Also known as a cracked application. Someone goes to download that application, and when they open the application, maybe it functions properly. However, they may not realize that a piece of malware also executed and silently took control of their device.

This could also happen with fake video downloads of movies, online courses, or even “PDF downloads” of books, to name just a few examples.

Impact of trojan horses

This type of malware is typically designed to:

  • Steal information from a device (ie: harvest credentials)
  • Monitor what gets typed on your keyboard
  • Take over control of your peripherals, such as your keyboard, mouse, webcam, etc…
  • Install additional malware, such as ransomware
  • and more, which we’ll explore in other lessons

So trojan malware is typically used to gain access to a device through deception, and only then do something else.

Important concepts

In fact, important concepts to keep in mind with Trojans are:

  1. A Trojan is a form of malware that disguises itself
  2. Trojans are usually “door openers” — meaning that they give an attacker access to the device in order to then do something else
  3. Trojans are not considered viruses, because they do not self-replicate

Defenses against trojans

What are effective defenses? They’re similar to what we’ve already mentioned:

  • Ensure you have up-to-date defensive software — for example, make sure you keep Windows Defender updated
  • Don’t blindly open files from complete strangers — especially if the file extension looks odd (for example, if an image file has a .exe file extension)
  • Be very careful what you download from the Internet in general
  • Be on the lookout for social engineering attacks that we covered in the prior section, and which will oftentimes be used to try and get you to download and open trojans

Case studies

As we wrap up this lesson, let’s a quick look at some examples of real-world trojans.

Qbot

According to RedCanary.com, Qbot is one of the top-most seen trojans currently in the wild, and it is considered a banking trojan that focuses on stealing user data and banking credentials. So at its core, it’s a credentials harvester. But, over time, additional functionality has been added.

It now also adds something called command and control (aka C2 or C&C) which we will talk about later. It’s also added anti-analysis features. It has the ability to move laterally within an environment in order to spread further, and it’s now also added the ability to execute ransomware.

The most common way that this trojan gains initial entry is through phishing.

If you’re interested, this article also outlines detection opportunities, although this gets a little bit more technical and is beyond the scope of this course, so I’ll leave that up to you.

Emotet

One more example we’ll look at is the Emotet trojan. Despite having what I think is a pretty cool name, it’s actually a really nasty piece of software. Emotet is primarily known for delivering follow-on payloads. What I mean by that is Emotet is designed to function as a downloader or dropper of other malware. Once it’s been executed on a device, it will then download, or “drop” additional malicious software onto that device, including (but not limited to) that Qbot trojan we talked about previously, TrickBot (which is another trojan), or even the famous Ryuk ransomware.

Conclusion

As you can see, some of the most common trojans nowadays focus on harvesting credentials, enabling the attacker to deploy ransomware, or even on turning devices into bots.

The credentials can then be used to steal funds from bank or crypto accounts, they can be sold on the dark web, or they can be used to further exploit a corporate network.

Whereas ransomware is designed to prevent organizations from accessing their data and systems, and then demanding a monetary reward.

Bots, as we’ll talk about in an upcoming lesson, can then be controlled by the attacker.

Either way, trojans have been around for a long time, and they’ll continue to be around, because they are effective ways of spreading additional malware.

Responses

Your email address will not be published. Required fields are marked *