Using Certutil

 Using certutil to verify integrity

CompTIA A+ 220-1101 Core 1 - Cat Standards

 

A+ 220-1101 Cat Standards Ethernet

Quantitative Assessments Explained for CompTIA Security+ Exam

 Quantitative Assessments Explained

CompTIA Backups Exaplained

Backup Methods Explained for CompTIA Exams

Email-based attacks

 EMAIL ATTACKS

Phishing

• Email based

• Prevented by DMARC

Spear phishing

• Email based

• Multiple people in the same department/company

• Prevented by DMARC

Whaling

• Email based

• C-Level (CEO, CFO, etc) Board of Directors

• Specific to the person it targets

 WHOIS COMMAND

Whois

·         Too much information

·         The correct amount of information

SQL Injection Attack

 SQLi

SQLi (SQL Injection)

·         Server-side attack

·         A query formatted: ‘ or ‘1’=’1’ -- is a SQL injection attack.

·         SELECT * FROM

·         Prevented by

o   Input validation

o   Removing semi-colons, dashes, quotations, & commas

o   Stored procedures

XSS (Cross-Site Scripting) Attack

 XSS (Cross-Site Scripting)

XSS (Cross-Site Scripting)

• Client-side attack
• JavaScript
• HTML iFrame
• URL ends in .js
• Percent encoding %C (<) & %3E (>)

HSTS (HTTP Strict Transport Security)

 HSTS

HSTS (HTTP Strict Transport Security)

·         Configured on the server

·         Only allows the session to be HTTPS

·         Mitigates SSL stripping, downgrade attacks

·         Also called HTTP security header