Introduction to SIEMs Introduction to Continuous Monitoring Continuous Monitoring (Information Security Continuous Monitoring (ISCM)): The processes and technologies used to detect information security risks associated with an organization’s operational environment in real time ISCM provides real-time insight into the current state, vulnerabilities, and effectiveness of current security controls Prioritizing Risks to Monitor Compliance: Requirements for […]

Penetration Testing

Introduction to Pen Testing and Open Source Intelligence What is Penetration Testing? Penetration Testing: The offensive security practice of attacking a network with the same techniques an attacker would use Engagement: Practitioner term for penetration tests Stages of Engagement Planning and Reconnaissance Scanning Exploitation Post-Exploitation Reporting Types of Penetration Testings No-View Pen Testing No-View: Simulates […]

Web Vulnerabilities and Hardening

Injection Vulnerabilities Injections Injection attacks occur when an attacker supplies untrusted input to an application The payload contains malicious data that is processed as part of a query or command that alters the way a program is intended to function Injections commonly occur in fields and forms on web applications Cross-Site Scripting: A submitted user […]

Web Development

HTTP with Sessions and Cookies HTTP Requests and Responses Client-Server Architecture Client-Server Model: The exchange of information through a cycle of requests and responses between clients and servers Typical client-server communication: The client communicates with a server to request resources The server queries the resources from its connected internal servers The server sends a response […]

Cloud Security and Virtualization

Introduction to Cloud Computing Cloud Service Model IaaS (Infrastructure as a Service): Offers pay-as-you-go access to storage, networking, servers, and other computing resources in the cloud PaaS (Platform as a Service): A service provider offers access to a cloud-based environment in which users can build and deliver application SaaS (Software as a Service): A service […]

Network Security

Firewall Architectures Firewalls provide a layer of protection by analyzing data leaving and entering a network They are placed between application servers and routers Firewalls can be used to either control access to a single host (host-based firewall) or an entire network (network firewall) Network firewalls are placed in front of a router, and host-based […]


Introduction to Cryptography Cryptography is the art and science of keeping information secure through the use of mathematical concepts and techniques Cipher: A method of designing secret or hidden messages Key: Parameter specifying how plaintext is converted to ciphertext and vice versa Encryption: Process of modifying a message or information in such a way that […]

Networking Fundamentals

The Client-Server Model Client-Server Model: A network computing model that defines how resources and services are shared across a network Request and Response Method The server hosts the resources and services requested by the client The server returns the resources or executes the service, as requested The request is the process in which the client […]

Windows Administration and Hardening

Task Manager Right click taskbar and select Task Manager To end an task, select it and select End Task at the bottom right of the window The Startup tab lists the programs that are automatically opened during startup CMD Windows Filesystem Structure Program Files: ]64-bit applications installation location Program Files(x86): 32-bit applications installation location Program […]

Bash Scripting and Programming

If Statements and Exit Conditions and Decision Making if: Used as part of a conditional statement, in which based on one or more conditions the script will take certain action(s) Syntax if: initiates the if statement []: Encapsulates the condition then: Runs the following commands if the condition is true fi: Ends the if statement […]