Discover credentials utilizing hash dumpsPerform pass-the-hash attacksDocument results of the penetration testUtilize currently exploited systems to gain access to others.Configure exploitation tools to pivot through a target environment

Apply methodology to penetration tests to ensure they are consistent, reproducible, rigorous, and under quality control.Analyze the results from automated testing tools to validate findings, determine their business impact, and eliminate false positives.Discover key application flaws.Use programming to create testing and exploitation scripts during a penetration test.Discover and exploit SQL Injection flaws to determine true risk to the victim organization.Create configurations and test payloads within other web attacks.Fuzz potential inputs for injection attacks.Explain the impact of exploitation of application flaws.Analyze traffic between the client and server application using tools.Discover and exploit Cross-Site Request Forgery (CSRF) attacks.

Explain what information is collected and analyzed through network security monitoring, and why monitoring is importantDefine network security monitoringSummarize the policies used in network security monitoringDefine an Intrusion Detection System/Intrusion Prevention System, and provide a real-world analogy for an IDSDefine the base rate fallacy and summarize an exampleSummarize the options for deploying an IDSDescribe common strategies attackers use to evade an IDSList potential indicators of a security attackDefine honeypots and honeynets and list their benefits to organizationsSummarize the goals of a firewallList and define four types of firewallsSummarize an example of a filtering ruleExplain the primary function of NATSummarize the advantages and disadvantages of proxy gatewaysExplain the process for setting up firewalls using IPTables and Netfilter in LinuxList the steps in an incoming packet’s journey through a Linux firewallSummarize the challenges that led to the development of IPv6 and explain how IPv6 addresses those challengesList the differences in IPv4 and IPv6 services and headersDifferentiate between IPv4 and IPv6 address formatsList and define IPv6 address typesList the differences between IPv4 and IPv6 address provisioningList the differences between DHCPv4 and DHCPv6Summarize dual-stack techniques for IPv4 and IPv6 devicesIdentify security threats common to IPv4 and IPv6, as well as threats exclusive to IPv6Describe how reconnaissance methods will change under IPv6List tools that can be use to compromise IPv6 networksDescribe the security considerations needed in dual-stack host environments

Define and apply a substitution cipherDefine cryptanalysisExplain at a high level the process by which a plaintext message is encrypted, transmitted, and decrypted.Describe at least two strategies for breaking an encryption schemeIdentify the differences between public key encryption, symmetric key encryption, and hashingList and summarize the characteristics of good ciphersDescribe the vulnerabilities of stream ciphersDefine AES and explain why it is recommended over 3DESDefine cipher block chainingList the steps in creating an RSA public/private key pairExplain why RSA is secureDefine message integrity and explain how it is ensuredDefine IPSec and list its servicesDefine authentication header and ESPExplain the primary goal of IKE and describe its sub-protocolsSummarize the five steps of IPSec OperationSummarize the history of SSLExplain how closure alerts can prevent a truncation attackIdentify the protocols that make up the SSL architectureDescribe how SSL/TLS provides protected channelsState the differences between IPSec and SSL VPN connectionsExplain why it’s important to consider Layer 2 securityDefine common Layer 2 attacksIdentify tools used in Layer 2 attacksDescribe countermeasures to Layer 2 attacks and security best practices to prevent attacksExplain the differences between the 2.4GHz and 5GHz spectrumsProvide definitions of basic wireless termsExplain how 802.11ac differs from earlier 802.11 standardsIdentify and define the types of 802.11 framesList and define the states of 802.11 sessionsList the steps in establishing an 802.11 sessionSummarize the existing wireless security protocols and state which protocols should not be usedSummarize WPA, WPA Enterprise, and generalized WiFi attacks

Describe how “social engineering” can be used to compromise securityDefine the CIA triadIdentify and plan to manage risks in common situationsDefine a threat tree and threat matrix and explain how they are usedDefine an attack tree, explain how boolean and continuous node values are used in attack trees, and demonstrate how an attack tree can be used to determine vulnerabilitiesExplain why it is important for network engineers to understand cyber attack strategies.List and summarize the stages of network attack methodologyIdentify the information an attacker might collect during network reconnaissanceDescribe at least two “low tech” ways of performing reconnaissance on a targetPerform a WHOIS query and extract the IP address of a DNS serverList at least three publicly available tools used for gathering information on targetsDefine port scanning and describe the process used to determine whether a port is openDefine a proxy serverDefine IP spoofing, ingress filtering, and session hijackingDefine a Denial of Service attack and explain the difference between a DoS and DDoS attackState the relationship between DoS attacks and geopolitical eventsList at least two vulnerability attacks used in DoS attacksDefine SYN flooding and explain how it can be protected againstDescribe what happens during a standard DDoS attackExplain how DNS poisoning can be used in phishing attacksDescribe how URLs can be obfuscated to make a phishing attack more likely to succeedList at least two tools used to assess vulnerabilities in networksSummarize the typical goals of post-exploitation activityDescribe the strategies attackers use to maintain access to a compromised systemDefine trojans, viruses, worms, and blended threatsList the typical objectives of trojan creatorsDefine rootkitsGive examples of common uses of NetcatDefine wrappersSummarize common data exfiltration methodsSummarize how attackers can remove evidence of system compromise in Windows and Unix systems

Define Same-Origin PolicyDescribe SQL Injection and Common defensesDescribe Cross Site Request Forgery (XSRF) and Common DefensesDescribe Cross Site Scripting (XSS) and Common DefensesDiscuss different definitions of PrivacyDefine anonymityDefine contextual integrityDescribe Differential PrivacyDescribe Mix NetworksDescribe how Tor Provides AnonymityDefine Digital CertificatesDescribe the Trusted Platform Module (TPM)Describe DNS AmplificationDistinguish between Watermarking and SteganographyDescribe How Bit-Coin Prevents an Attacker from Faking a ChainDescribe Why Minors Validate TransactionsDescribe Why BitCoin Mining Consumes So Much Power and Some AlternativesDescribe Threats to the BitCoin EcoSystem

Describe Strengths and Weaknesses of Data Encryption Standard (DES)Describe Strengths and Weaknesses of Advanced Encryption Standard (AES)Describe Public Key CryptographyDescribe Asymmetric Key AlgorithmsDefine Hash FunctionsDescribe Public Key SignaturesDescribe the Benefits of the Different Types of AuthenticationDefine access controlApply four types of access control (Discretionary, Mandatory, Role Based, and Unix/Linux File Access Control)Describe the use of the SetUID permission in Unix/LinuxAnalyze an access control scenario using an Access Control MatrixDifferentiate between ACL and CapabilitiesDescribe the use of a Reference MonitorDescribe the Security Mechanisms built into Chromium OSGive Examples of Covert Channels including both Timing Channels and Storage ChannelsDescribe the Purpose of an Operating System (OS)Differentiate between Type 1 and Type 2 HypervisorsDescribe Containers and their PurposeDescribe Sandbox Computation