[Pluralsight.com] CompTIA Security+ (SY0-401) Threats and Vulnerabilities [2015, ENG]

Types of Malware
Course Overview and Adware
Virus
Spyware
Trojans and Remote Access Tools (RAT)
Rootkits
Backdoors
Logic Bombs
Botnets and Ransomware
Polymorphic Malware and Armored Virus

Types of Attacks
Overview
Man-in-the-Middle
DDoS
Spoofing
Spam
Phishing
Spim
Vishing
Spear Phishing
Xmas Attack
Pharming
Privilege Escalation
Malicious Insider Threat
Transitive Access
Client-Side Attacks
Password Attacks
Typo Squatting/URL Hijacking
Watering Hole Attack
Module Review

Effectiveness of Social Engineering Attacks
Module Overview
What Is Social Engineering?
Shoulder Surfing
Dumpster Diving
Tailgating
Impersonation
Hoaxes
Whaling
Vishing
Principles (Reasons for Effectiveness)/Authority
Intimidation
Consensus/Social Proof
Familiarity/Liking
Trust
Scarcity/Urgency
Module Review

Wireless Attacks
Rogue Access Points and Captive Portals
War Driving and War Chalking
Bluejacking and Bluesnarfing
IV Attacks
Packet Sniffing
Near Field Communication
Replay Attacks
WPS Attacks
WEP and WPA Attacks

Application Attacks
Module Overview
Cross-Site Scripting
Cross-Site Request Forgery
SQL and XML injection Attacks
Directory Traversal/Command Injection
Buffer Overflow Attacks
Integer Overflow Attacks
Zero-Day Attacks
Cookies and Attachments
Locally Shared Objects (LSO)
Flash Cookies
Malicious Add-ons
Session Hijacking
Header Manipulation
Arbitrary/Remote Code Execution

Mitigation and Deterrent Techniques
Module Overview
Monitoring System Logs
Hardening Systems and Applications
Network Security
Disabling Unused Interfaces and Services
Rogue Machine Detection
Security Posture
Reporting
Detection vs. Prevention Controls
Module Review

Discovering Security Threats and Vulnerabilities
Module Overview and Interpreting Assessment Tools Results
Protocol Analyzers and Vulnerability Scanners
Honeypots and Honeynets
Port Scanners
Banner Grabbing
Passive vs. Active Tools
Risk Calculations
Assessment Types
Assessment Techniques and Baseline Reporting
Code Review
Determine Attack Surface
Review Architecture
Review Designs
Module Review

Penetration Testing vs. Vulnerability Scanning
Module Overview
Verifying Threats and Bypassing Security Controls
Actively Testing Security Controls
Exploiting Vulnerabilities
Vulnerability Scanning
Testing Security Controls and Identifying Vulnerabilities
Identify Common Misconfigurations
Intrusive vs. Non-intrusive and Credentialed vs. Non-credentialed
False Positive
Black, White, and Gray Box Testing
Things to Remember
Module Review