Overview
-
Learn the basic of penetration testing and incident response, while studying for domain 3 of the CompTIA Advanced Security Practitioner (CASP+) certification exam.
Syllabus
-
Introduction
- Enterprise Security Operations
- What you should know
- About the exam
- What are security assessments?
- Vulnerability assessments
- Physical security assessments
- Malware analysis
- Penetration testing
- Penetration testing methods
- Penetration testing steps: Reconnaissance
- Penetration testing steps: Fingerprinting
- Penetration testing steps: Exploitation
- Penetration testing steps: Pivoting and covering tracks
- Penetration testing steps: Social engineering
- Internal vs. external audits
- Self-assessments: Team exercises
- Code reviews
- What kinds of tools do we use for security assessments?
- Port scanners
- Vulnerability scanners
- Protocol analyzers
- SCAP scanners and tools
- Network enumerator
- Password crackers
- Fuzzer
- HTTP interceptor
- Exploitation tools and frameworks
- Visualization tools
- Log reduction and analysis tools
- File integrity monitoring and antivirus
- Command line tools
- Physical security tools
- Reverse engineering tools
- Why are incident response and recovery so important?
- E-discovery
- Electronic inventory and asset control
- Data retention policies
- Data recovery and storage
- Data ownership
- Data handling
- Legal holds
- Data breach
- Incident detection and response
- Incident and emergency response
- Chain of custody
- Forensic analysis
- Order of volatility
- Continuity of operations and disaster recovery
- Severity of the incident
- Incident response team
- Post-incident response
- Tools used in incident response
- Disk imaging
- Network packet capture and analysis
- nbtstat and netstat
- Netcat
- Memory forensics
- File carving
- FTK and EnCase
- Specialized tools for mobile devices
- Next steps
