CompTIA Security+ Exam Notes

CompTIA Security+ Exam Notes
Let Us Help You Pass

Thursday, April 25, 2024

Tokenization

 Credit Cards - Tokenization

Tokenization is used to make it easy to reorder a credit card. One such method is the vendor storing the credit card information (not in plaintext) for monthly or yearly subscriptions. 

This process can replace part or all of the original data. The token is located on a token server.

Tokenization is a security technique that replaces sensitive data with a non-sensitive substitute called a token. Tokens are unique identifiers that link to the original data but cannot be deciphered to access the original information.

Tokenization is used in many areas, including:

Payment processing

Tokenization protects credit card and bank account numbers by replacing them with tokens. This removes the connection between the transaction and sensitive data, making transmitting data over wireless networks safer.

Speech recognition

Voice-activated assistants like Siri or Alexa use tokenization to process spoken words. When you ask a question or command, your spoken words are converted into text, which is then tokenized.

Commodities

Tokenization can turn ownership of commodities like oil, gold, or agricultural products into on-chain tokens, making the market for these assets more liquid and accessible.

Tokenization is also known as "masking" or "obfuscation."

Posted by at No comments:
Labels: ,

Wednesday, April 24, 2024

Attack Frameworks:

 Attack Frameworks


MITRE ATT&CK (MITRE Adversarial Tactics, Techniques, and Common Knowledge)
This provides a database of known TTPs (Tactics, Techniques, and Procedures). 
Here is a link to the website: MITRE ATT&CK
Each individual technique is assigned a unique ID. 
The tactics are persistence, command & control, and initial access.

The Diamond Model of Intrusion Analysis
This is used to analyze an intrusion based on four core features:
  • Victim
  • Capability
  • Infrastructure
  • Adversary
Cyber Kill Chain Attack Framework
This is a white paper put out by Lockheed Martin.
This shows the order of the stages of an attack.
1. Reconnaissance—This is the stage where the attacker chooses the methods to use for the attack. The attacker collects information about the target's computer systems, supply chain, and employees.
2. Weaponization - The attacker chooses what exploit and payload code to use for the attack. 
3. Delivery - the attack vector to transmit the attack code to the target, an email attachment, or a USB drive.
4. Exploitation - trick a user into running the code by clicking on an attachment or drive-by-download.
5. Installation - this stage is for persistence
6. Command and Control (C2) - this stage is where the attacker can install additional tools
7. Actions on Objectives - this stage is where data exfiltration occurs.





Posted by at No comments:
Labels: , , , , , ,

Monday, April 22, 2024

Directory Traversal Attack

 Directory Traversal Attack Examples

http://www.sample.com/../../../etc/passwd
http://www.sample.com%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd
http://www.sample.com%2f..%2f..%2f..%2fetc%2fpasswd
http://www.sample.com2f..2f..2f..2fetc2fpasswd
C:\Users\JohnDoe\AppData\Local\Microsoft\Office

Some of these examples used percent encoding. 
%2E is a period "."
%2F is a "/."
Posted by at No comments:
Labels: , ,

Saturday, April 20, 2024

Metadata

 METADATA


Metadata is data about data, such as information about things you used on your mobile device, like taking a picture, the date and time, and the GPS location.
  • GPS Tagging
  • Photographs
  • Video 
Files on your PC, smartphone, laptop, tablet, etc. Multiple attributes are recorded and attached to these files. If the person creating the document backdates the date on the document, you can see the date it was made.
  • Date and time created.
  • When it was modified
  • When it was accessed
Metadata is recorded when you make a phone call or send a text.
  • Incoming and outgoing phone numbers are involved.
  • The date and time of the class.
  • The duration of the calls.
  • SMS text time


Posted by at No comments:
Labels: ,

Thursday, April 18, 2024

Protecting Passwords Against Offline Attacks

 Offline Password Attacks & Preventive Measures


Rainbow table attack
The best protection against this attack type is adding salt (random data) to the password before hashing.

Brute Force & Dictionary
The best method for slowing down the attacker from discovering the password is to use key stretching. This method uses thousands of rounds of hashing. This does not make the key stronger, but the attacker has to do a lot of processing to check each possible key to find the correct one. There are 2 methods on the exam:
PBKDF2 & bcrypt
Posted by at No comments:
Labels: , , , , , , , , ,

Wednesday, April 17, 2024

Port Numbers to know for the exam

 Port Numbers - Associated Protocol


Port Number                      Protocol

21        TCP                 FTP (File Transfer Protocol)
22        TCP                 SSH (Secure Shell)
22        TCP                 SCP  (Secure Copy Protocol)
22        TCP                 SFTP (Secure File Transfer Protocol) 
23        TCP                 Telnet
25        TCP                 SMTP (Simple Mail Transfer Protocol)
53        TCP / UDP      DNS (Domain Name System)
67        UDP                DHCP (Dynamic Host Configuration Protocol - server) 
68        UDP                DHCP (Dynamic Host Configuration Protocol - client)    
69        UDP / TCP      TFTP (Trivial File Transfer Protocol)
80        TCP                 HTTP (Hypertext Transfer Protocol)
110      TCP                 POP (Post Office Protocol)
135      TCP /UDP       RPC (Remote Procedure Call)
139      TCP                 NetBIOS (MS file sharing port - legacy)
143      TCP                 IMAP (Internet Message Access Protocol)
161      UDP                SNMP (Simple Network Management Protocol)
443      TCP                 HTTPS (Hypertext Transfer Protocol Secure)
445      TCP                 SMB (Server Message Block)
587      TCP                 SMTPS (Simple Mail Transfer Protocol Secure)
1812    UDP                RADIUS (Remote Authentication Dial-in User Service)
3389    TCP                 RDP (Remote Desktop Protocol)
Posted by at No comments:

Saturday, April 13, 2024

Brute Force, Dictionary, Spraying Attacks

 Password Discovery Methods


All of these attacks covered in the section are online attacks. 

BRUTE-FORCE:
  • Uses an exhaustive list trying to guess the passwords.
  • Password guessing programs used for brute force attacks can check anywhere from 10,000 to 1 billion passwords per second. 
  • Brute force attacks are run against a single username with multiple password guesses.
EXAMPLE:
cbgto1gpy
cbgto2gpy
cbgto3gpy
cbgto4gpy
cbgto5gpy
cbgto6gpy

In this example, the sixth character changes when the program has completed all possible combinations with the sixth character and has not discovered the password. Then, the fifth character changes to the letter "p" and continues the process. 

DICTIONARY:
  • A dictionary attack will go through common words out of the dictionary and does not use complexity.
  • Dictionary attacks are run against a single username with multiple password guesses. This is also an automated program.

SPRAYING ATTACK:
  • A spraying attack is one password, normally simple or commonly used against multiple accounts (2 or more usernames). 
  • The attacker waits a period such as 30 minutes or longer. 
  • This is done to bypass account lockout. 
  • Most account lockouts reset the failed login counter back to "0" at that point.
There are two primary ways to prevent brute-force or dictionary attacks:
  • Account lockout after 3 to 5 failed login attempts
  • The other is to use MFA (Multi-Factor Authentication)
Posted by at No comments:
Labels: , , , ,
Subscribe to: Posts (Atom)