Programma Didattico Corso Ethical Hacker & Security Manager Certificato | CompTIA Security+ e PenTest+

MODULO A: Corso Sicurezza Informatica e Security Manager | Certificato CompTIA Security+ SY-701

1)    Mastering security basic

1. Understanding core security goals
   • Security scenarios
     • Ensure confidentiality
     • Provide integrity
     • Increase availability
   • Resource availability versus security constraints
2. Introducing basic risk concepts
3. Selecting effective security controls
   • Control categories
     • Technical controls
     • Managerial controls
     • Operational controls
     • Physical controls
   • Control types
     • Preventive controls
     • Deterrent controls
     • Detective controls
     • Corrective controls
     • Directive controls
   • Combining control categories and types
4. Logging and monitoring
   • Operating system/endpoint logs
     • Windows logs
     • Linux logs
   • Network logs
     • Firewall logs
     • IDS/IPS logs
     • Packet captures
   • Application logs
     • Metadata
   • Centralized logging and monitoring
     • SIEM system
     • Syslog

Objective covered:

• Compare and contrast various types of security controls

• Categories (technical, managerial, operational, physical)
• Control types (preventive, deterrent, detective, corrective, compensating, directive)
  • Summarize fundamental security concepts
• Confidentiality, integrity, and availability (CIA)

2.5 Explain the purpose of mitigation techniques used to secure the enterprise

• Monitoring
• Least privilege

3.2 Given a scenario, apply security princi­ples to secure enterprise infrastructure

• Selection of effective controls

4.1 Given a scenario, apply common security techniques to computing resources

• Monitoring
  • Explain security alerting and monitoring concepts and tools
• Monitoring computing resources (systems, applications, infrastructure)
• Activities (log aggregation, alerting, scanning, reporting, archiving)
• Alert tuning
• Security Information and Event Management (SIEM)
  • Given a scenario, modify enterprise capabilities to enhance security
• User Behavior Analytics (UBA)

4.9 Given a scenario, use data sources to support an investigation

• Log data(firewall logs, application logs, endpoint logs, os-specific security logs, IPS/IDS logs, network logs, metadata)
• Data sources (automated reports, dashboards, packet captures)

2)    Understanding identity and access management

1. Exploring authentication management
   • Comparing identification and AAA
   • Comparing authentication factors
     • Something you know
     • Something you have
     • Something you are
     • Two-factor and multifactor authentication
     • Passwordless authentication
   • Authentication log files
2. Managing accounts
   • Credential policies and account types
   • Privileged access management
   • Requiring administrators to use two accounts
   • Prohibiting shared and generic accounts
   • Deprovisioning
   • Time-based logins
   • Account audits
3. Comparing authentication services
   • Single sign-on
   • LDAP
   • SSO and a federation
     • SAML
     • SAML and authorization
     • Oauth

4. Authorization models
   • Role-based access control
     • Using roles based on jobs and functions
     • Documenting roles with a matrix
     • Establishing access with group-based privileges
   • Role-based access control
   • Discretionary access control
     • Filesystem permissions
     • SIDs and DACLs
   • Mandatory access control
     • Labels and lattice
     • Establishing access
   • Attribute-based access control
5. Analyzing authentication indicators

Objective covered:

1.2 Summarize fundamental security concepts

• Authentication, authorization, and accounting (AAA) (Authenticating people, Authenticating systems, Authorization models)

2.4 Given a scenario, analyze indicators of malicious activity

• Indicators (account lockout, concurrent session usage, blocked content, impossible travel, resource consumption, resource inaccessibility, out-of-cycle logging, published/documented, missing logs)

2.5 Explain the purpose of mitigation tech­niques used to secure the enterprise

• Access control (Access Control List (ACL), permissions)

4.5 Given a scenario, modify enterprise capa­bilities to enhance security

• Operating system security (SElinux)
  • Given a scenario, implement and maintain identity and access management
• Provisioning/de-provisioning user accounts
• Permission assignments and implications
• Identity proofing
• Federation
• Single sign-on (SSO) (open authorization (OAuth) , Security Assertions Markup Language, (SAML) )
• Interoperability
• Attestation
• Access controls (mandatory, discretionary, role-based, rule-based, attribute-based, time-of-day restrictions, least privilege)
• Multifactor authentication (implementations, biometrics, hard/soft authentication tokens, security keys)
• Factors (something you know, something you have, something you are, somewhere you are)
• Password concepts
• Password best practices (length, complexity, reuse, expiration, age)
• Password managers
• Passwordless
• Privileged access management tools (just-in-time permissions, password vaulting, ephemeral credentials)

3)    Exploring network technologies and tools

1. Reviewing basic networking concepts
   • OSI model
   • Basic networking protocols
   • Implementing protocols for use cases
     • Data in transit use cases
     • Email and web use cases
     • Directory use cases
     • Voice and video use cases
     • Remote access use cases
     • Time synchronization use cases
     • Network address allocation use cases
     • Domain name resolution use cases

2. Understanding basic network infrastructure
   • Switches
     • Hardening switches
   • Routers
     • Hardening routers
   • Simple Network Management Protocol
   • Firewalls
     • Host-based firewalls
     • Network-based firewalls
   • Failure modes
3. Implementing network designs
   • Security zones
     • Screened subnet
     • Network address translation gateway
     • Physical isolation and air gasp
     • Logical separation and segmentation
   • Network appliances
   • Proxy servers
     • Caching content for performance
     • Content filtering
     • Reverse proxy
   • Unified threat management
   • Jump server
4. Zero trust
   • Control plane vs. Data plane
   • Secure access service edge

Objective covered:

• Summarize fundamental security concepts

• Zero trust (control plane: adaptive identity, threat scope reduction, policy-driven access control, policy administrator, policy engine; data plane: implicit trust zones, subject/system, policy enforcement point )

2.5 Explain the purpose of mitigation techniques used to secure the enterprise

• Isolation
• Hardening techniques (host-based firewall)

3.1 Compare and contrast security implications of different architecture model

• Network infrastructure (physical isolation, air-gapped, logical segmentation)

3.2 Given a scenario, apply security principles to secure enterprise infrastructure

• Device placement
• Security zones
• Attack surface
• Connectivity
• Failure modes (fall-open, fall-closed)
• Network appliances (jump server, proxy server, load balancer)
• Firewall types (web application firewall (WAF), unified threat management (UTM), next-generation firewall (NGFW), layer 4/layer 7 )
• Secure communication/access (Tunneling Transport Layer Security (TLS), Secure Access Service Edge (SASE))

3.3 Compare and contrast concepts and strategies to protect data

• Methods to secure data (segmentation)

4.1 Given a scenario, apply common security techniques to computing resources.

• Hardening targets (switches, routers)

4.4 Explain security alerting and monitoring concepts and tools

• Simple Network Management Protocol (SNMP) traps

4.5 given a scenario, modify enterprise capabilities to enhance security

• Firewall (rules, access lists, ports/protocols, screened subnets)
• Web filter (agent based, centralized proxy, universal resource locator scanning, content categorization, block rules, repuration)
• Operating system security (group policy chapter)
• Implementation of secure protocols (protocol selection, port selection, transport met-hod)
• Email security (domain-based message authentication reporting and conformance (dmarc), Domain Keys Identified Mail (dkim), Sender Policy Framework (SPF), gateway)

4) Securing your network

1. Exploring advanced security devices
   • Understanding idss and ipss
     • HIDS
     • NIDS
     • Sensor and collector placement
     • Detection methods
     • Data sources and trends
     • Reporting based on rules
     • Alert response and validation
   • IPS versus IDS in line versus passive
   • Honeypots
   • Honeynets
   • Honeyfile
   • Honeytokens
2. Securing wireless networks
   • Reviewing wireless basics
     • Band selection and channel overlaps
     • MAC filtering
   • Site surveys and heat maps
   • Access point installation considerations
   • Wireless cryptographic protocols
     • WAP2 and CCMP
     • Open, psk, and enterprise modes
     • WPA3 and simultaneous authentication of equals
   • Authentication protocols
   • IEEE 802.1x security
   • Controller and access point security
   • Captive portals
3. Understanding wireless attacks
   • Disassociation attacks
   • Wi-fi protected setup
   • Rogue access point
   • Evil twin
   • Jamming attacks
   • IV attacks
   • Near field communication attacks
   • RFID attacks
     • Wireless replay attacks
     • War driving and war flying

4. Using VPNs for remote access
   • VPNs and VPN concentrators
   • Remote access VPN
   • IPSEC as a tunneling protocol
   • SSL/TLS as a tunneling protocol
   • Split tunnel versus full tunnel
   • Site-to-site VPNs
   • Always-on SPN
   • L2TP as a tunneling protocol
   • HTML5 VPN portal
5. Network access control
   • Host health checks
   • Agent versus agentless NAC
6. Authentication and authorization methods
   • PAP
   • CHAP
   • RADIUS
   • TACACS+
   • AAA protocols

Objective covered:

1.2 Summarize fundamental security concepts

• Deception and disruption technology (honeypot, honeynet, honeyfile, honeytoken)

2.3 Explain various types of vulnerabilities

• Zero-day

2.4 Given a scenario, analyze indicators of malicious activity

• Physical attacks (radio frequency identification (RFID) cloning)
• Network attacks (wireless)

3.2 Given a scenario, apply security princi­ples to secure enterprise infrastructure

• Device attribute (active vs. Passive, inline vs. Tap/monitor)
• Intrusion prevention system (IPD)/ intrusion detection system (IDS)
• Sensors
• Port security (802.1 x , extensible authentication protocol (EAP))
• Secure communication/access (virtual private network (VPN), remote access chapter,

Tunneling (IPSEC)

4.0 given a scenario, apply common security techniques to computing resources

• Wireless device (installation consideration: site surveys, heat maps)
• Wireless security settings (WI-FI protected access 3 (WPA3), AAA/remote authentication dial-in user service (RADIUS), cryptographic protocols, authentication protocols)

4.4 Explain security alerting and monitoring concepts and tools

• Agent / agentless
• Alerting response and remediation / validation (quarantine)

4.5 Given a scenario, modify enterprise capabilities to enhance security

• IDS/IPS (trends, signature)
• Network Access Control (NAC)

5)    Securing hosts and data

1. Virtualization
   • Thin clients and virtual desktop infrastructure
   • Containerization
   • VM escape protection
   • VM sprawl avoidance
   • Resource reuse
   • Replication
   • Snapshots
2. Implementing secure system
   • Endpoint security software
   • Hardening workstations and servers
   • Configuration enforcement
   • Secure baseline and integrity measurements
   • Using master images for baseline configurations
   • Patching and patch management
   • Change management
   • Application allow and block lists
   • Disk encryption
   • Boot integrity
     • Boot security and uefi
     • Trusted platform module
     • Hardware security module
   • Decommissioning and disposal
3. Protecting data
   • Data loss prevention
   • Removable media
   • Protecting confidentiality with encryption
   • Database security
   • Protecting data in use
4. Summarizing cloud concepts
   • Cloud delivery models
     • Software as a service
     • Platform as a service
     • Infrastructure as a service
   • Cloud deployment models
     • Multi-cloud systems
   • Application programming interfaces
   • Microservices and apis
   • Managed security service provider
   • Cloud service provider responsabilities
   • Cloud security considerations
   • On-premises versus off-premises
     • On-premises
     • Off-premises
   • Hardening cloud enviroments
     • Clooud access security broker
     • Cloud-based dlp
     • Next-generation secure web gateway
     • Cloud firewall considerations
     • Infrastructure as code
     • Software-defined networking
     • Edge and fog computing
   • Deploying mobile devices securely
     • Mobile device deployment models
     • Connection methods and receivers
       • Mobile device management
     • Hardening mobile devices
       • Unauthorized software
       • Hardware control
       • Unauthorized connections
     • Exploring embedded systems
       • Understanding internet of things
       • Ics and scada systems
       • Embedded systems components
       • Hardening specialized systems
       • Embedded system constraints

Objective covered:

• Explain the importance of using appropri­ate cryptographic solutions

• Encryption (level: full-disk, partition, file, volume, database, record)
• TPM (trusted platform module)
• HSM (hardware security module)
• Key Management System
• Secure enclave

2.3 Explain various types of vulnerabilities

• Operating systems (os)-based
• Hardware (firmware, end-of-life, legacy)
• Virtualization ( Virtual Machine (VM) escape, resource reuse)
• Cloud-specific
• Misconfiguration
• Mobile device (side loading, jailbreaking)

2.5 Explain the purpose of mitigation techniques used to secure the enterprise

• Segmentation
• Application allow list
• Patching
• Encryption
• Configuration enforcement
• Decommissioning
• Hardening techniques (encryption, installation of endpoint protection, host-based intrusion prevention system (hips), disabling ports/protocols, default password, removal of unnecessary software)

3.1 Compare and contrast security implications of different architecture models

• Cloud (responsibility matrix, hybrid considerations, third-party vendors)
• Infrastructure As Code (IAC)
• Serverless
• Microservices
• Network infrastructure (Software-Defined Networking (SDN))
• On-premises
• Centralized vs. Decentralized
• Containerization
• Virtualization
• IoT (Internet of things)
• Industrial Control Systems (ICS) / Supervisory Control And Data Acquisition (SCADA)
• Real-Time Operating System (RTOS)
• Embedded systems
• Considerations (availability, resilience, cost, responsiveness, scalability, ease of deployment, risk transference, ease of recovery, patch availability, inability to patch, power, compute

3.3 Compare and contrast concepts and strategies to protect data

• Geolocation

4.1 Given a scenario, apply common security techniques to computing resources

• Secure baselines (establish, deploy, maintain)
• Hardening targets (mobile devices, workstation, cloud infrastructure, servers, ICS/SCADA, embedded systems, RTOS, IoT)
• Mobile solutions (Mobile Device Management (MDM); deployment models: Bring Your Own Device (BYOD), Corporate Owned, Personally Enabled (COPE), Choose Your Own Device (CYOD); connection methods: cellular, wi-fi, bluetooth)

4.4 Explain security alerting and monitoring concept and tools

• Antivirus
• DLP (Data Loss Prevention)

4.5 Given a scenario, modify enteprise capabilities to enhance security

• DLP
• Endpoint Detection and Response (EDR)
• eXtended Detection and Response (XDR)

6)    Comparing threats, vulnerabilities and common attacks

1. Understanding threat actors
   • Threat actor types
   • Attacker attributes
   • Threat actor motivations
   • Threat vectors and attack surfaces
   • Shadow it
2. Determining malware types
   • Viruses
   • Worms
   • Logic bombs
   • Trojans
   • Remote access trojan
   • Keyloggers
   • Spyware
   • Rootkit
   • Ransomware
   • Bloatware
   • Potential indicators of a malware attack
3. Recognizing common attacks
   • Social engineering and human vectors
     • Impersonation
     • Shoulder surfing
     • Disinformation
     • Tailgating and access control vestibules
     • Dumpster diving
     • Watering hole attacks
     • Business email compromise
     • Typosquatting
     • Brand impersonation
     • Eliciting information
     • Pretexting
   • Message-based attacks
     • Spam
     • Spam over instant messaging
     • Phishing
     • Whaling
     • Vishing
     • Smishing
   • One click lets them in
4. Blocking malware and other attacks
   • Spam filters
   • Antivirus and anti-malware software
     • Signature-based detection
     • Heuristic-based detection
     • File integrity monitors
   • Why social engineering works
     • Authority
     • Intimidation
     • Consensus
     • Scarcity
     • Urgency
     • Familiarity
     • Trust
   • Threat intelligence sources
   • Research sources

Objective covered:

2.0 Compare and contrast common threat actors and motivations

• Threat actors (nation-state, unskilled attacker, hacktivist, insider threat, organized crime, shadow it )
• Attributes of actors (internal/external, resources/funding, level of sophistication/capability)
• Motivations (data exfiltration, espionage, service disruption, blackmail, financial gain, philosophical/political beliefs, ethical revenge, disruption/chaos, war)

2.2 Explain common threat vectors and attack surfaces

• Message-based (email, short message service (SMS), instant messaging (IM))
• Image-based
• File-based
• Voice call
• Removable device
• Vulnerable software (client-based vs. Agentless)
• Unsupported systems and applications
• Unsecure networks (wireless, wired, bluetooth)
• Open service ports
• Default credentials
• Supply chain (Managed Service Providers (MSP), vendors, suppliers)
• Human vectors/social engineering (phishing, vishing, smishing, misinformation/disinformation, impersonation, business email compromise, pretexting: watering hole, brand impersonation, typosquatting )

2.4 Given a scenario, analyze indicators of malicious activity

• Malware attacks (ransomware, trojan, worm, spyware, bloatware, virus, keylogger, logic bomb, rootkit )
• Malicious code

4.2 Explain various activities associated with vulnerability management

• Threat feed (Open Source INTelligence OSINT, proprietary/third-party, information-sharing organization, dark web)

4.5 Given a scenario, modify enterprise capabilities to enhance security

• File integrity monitoring

7)    Protecting against advanced attacks

1. Identifying network attacks
   • Denial of Service attacks
     • Syn flood attacks
   • Forgery
   • On-path attacks
   • Secure Sockets Layer stripping
   • DNS attacks
     • DNS poisoning attacks
     • Pharming attacks
     • Url redirection
     • Domain hijacking
     • DNS filtering
     • DNS log files
   • Replay attacks
2. Summarizing secure coding concepts
   • Input validation
     • Client-side and server-side input validation
     • Other input validation techniques
   • Avoiding race conditions
   • Proper error handling
   • Code obfuscation
   • Software diversity
     • Outsourced code development
     • Data exposure
     • HTTP headers
     • Secure cookie
     • Code signing
   • Analyzing and reviewing code
   • Software version control
   • Secure development enviroment
   • Database concepts
     • SQL queries
   • Web server logs
3. Other application attacks
   • Memory vulnerabilities
     • Memory leak
     • Buffer overflows and buffer attacks
     • Integer overflow
   • Other injection attacks
     • DLL injection
     • LDAP injection
     • XML injection
   • Directory traversal
   • Cross-site scripting
4. Automation and orchestration for secure operations
   • Automation and scripting use cases
   • Benefits of autmations and scripting

Objective covered:

2.3 Explain various types of vulnerabilities

• Application (memory injection, buffer overflow, race conditions: Time-Of-Check (TOC), Time-Of-Use(TOU))
• Malicious update
• Web based (SQL injection, XSS)

2.4 Given a scenario, analyze indicators of malicious activity

• Network attack (distributed denial of service (DDoS): amplified, reflected; domain name system attack; on-path; credential replay)
• Application attack (injection, buffer overflow, replay, forgery, directory traversal)

4.1 Given a scenario, apply common security techniques to computing resources

• Application security (input validation, secure cookies, static code analysis, code signing)
• Sandboxing
  • Explain the importance of automation and orchestration related to secure operations
• Use cases of automation and scripting (user provisioning, resource provisioning, guard rails, security groups, ticket creation, escalation, enabling/disabling services and access, continuous integration and testing, integrations and application programming interfaces (API s) )
• Benefits (efficiency/time saving, enforcing baselines, standard infrastructure configurations, scaling in a secure manner, employee retention, reaction time, workforce multiplier)
• Other considerations (complexity, cost, single point of failure, technical debt, ongoing supportability)

8)    Using risk management tools

1. Understanding risk management
   • Threats
   • Risk identification
   • Risk types
   • Vulnerabilities
   • Risk managemnt strategies
     • Risk assessment types
     • Risk analysis
     • Supply
     • Chain risks

2. Comparing scanning and testing tools
   • Checking for vulnerabilities
     • Network scanners
     • Vulnerability scanning
     • Credentialed vs. Non-credentialed scans
     • Configuration review
   • Penetration testing
     • Rules of engagement
     • Reconnaissance
     • Footprinting versus fingerprinting
     • Initial exploitation
     • Persistence
     • Lateral movement
     • Privilege escalation
     • Pivoting
     • Known, unknown and partially known testing enviroments
     • Cleanup
   • Responsible disclosure programs
   • System and process audits
   • Intrusive versus non-intrusive testing
   • Responding to vulnerabilities
     • Remediating vulnerabilities
     • Validation of remediation

3. Capturing network traffic
   • Packet capture and replay

• TCPreplay and TCPdump
• Netflow

4. Understanding frameworks and standards
   • ISO standards
   • Industry-specific frameworks
   • NIST frameworks
     • NIST risk management framework
     • NIST cybersecurity framework
   • Reference architecture
   • Benchmarks and configuration guides
5. Audits and assessments

Objective covered:

1.2 Summarize fundamental security concepts

• Gap analysis

2.3 Explain various type of vulnerabilities

• Supply chain (service provider, hardware provider, software provider)

4.3 Eplain various activities associated with vulnerability management

• Vulnerability scan
• Penetration testing
• Responsible disclosure program
• Bug bounty program
• System/process audit
• Analysis (confirmation, false positive, false negative, prioritize, Common Vulnerability Scoring System (CVSS), Common Vulnerability Enumeration (CVE), vulnerability classification, Exposure Factor, environmental variables, industry/organizational impact, risk tolerance )
• Vulnerability response and remediation (patching, insurance, segmentation, compensating controls, exceptions and exemptions)
• Validation of remediation (rescanning, audit, verification)
• Reporting

4.4 Explain security alerting and monitoring concepts and tools

• Security Content Automation Protocol (SCAP)
• Benchmarks
• Netflow
• Vulnerability scanners

5.2 Explain elements of the risk manage­ment process

• Risk identification
• Risk assessment (ad hoc, recurring, one-time, continuous)
• Risk analysis (qualitative; quantitative; Single Loss Expectancy (SLE); Annualized Loss Expectancy (ALE); Annualized Rate of Occurrence (ARO); probability; likelihood; Exposure Factor; impact; risk register: key risk indicators, risk owners, risk threshold; risk tolerance; risk appetite: expansionary, conservative, neutral; risk management strategies: transfer, accept exemption, accept exception, avoid, mitigate)
• Risk reporting

5.5 Explain types and purposes of audits and assessments

• Attestation
• Internal (compliance, audit committee, self-assessments)
• External (regulatory, examinations, assessment, independent third-party audit)
• Penetration testing (physical, offensive, defensive, integrated, known environment, partially known environment, unknown environment)
• Reconnaissance (passive, active)

9)    Implementing controls to protect assets

1. Comparing physical security controls
   • Access badges
   • Increasing security with personnel
   • Monitoring areas with video surveillance
   • Sensors
   • Fencing, lighting and alarms
   • Securing access with barricades
   • Access control vestibules
   • Asset management
     • Hardware asset management
     • Software asset management
     • Data asset management
   • Platform diversity
   • Physical attacks
     • Card skimming and card cloning
     • Brute force attacks
     • Enviromental attacks

2. Adding redundancy and fault tolerance
   • Single Point of Failure
   • Disk redundancies
     • Raid-0
     • Raid-1
     • Raid-5 and raid-6
     • Raid-10
   • Server redundancy and high availability
     • Active/ active load balancers
     • Active/ passive load balancers
   • NIC teaming
   • Power redundancies
3. Protecting data with backups
   • Backup media
   • Online versus offline backups
     • Full backups
     • Recovering a full backup
     • Differential backups
     • Order of recovery for a full/differential backup set
     • Incremental backups
     • Order of recovery for a full/differential backup set
     • Snapshot and image backups
     • Replication and journaling
     • Backup frequency
     • Testing backups
   • Backup and geographic considerations
4. Comparing business continuity elemnts
   • Business impact analysis concepts
     • Site risk assessment
     • Impact
     • Recovery Time Objective
     • Recovery Point Objective
     • Comparing MTBF and MTTR
   • Continuity of operations planning
     • Site resiliency
     • Restoration order
   • Disaster recovery
   • Testing plans with exercises
     • Tabletop exercises
     • Simulations
     • Parallel processing
     • Fail over tests

5. Capacity planning

Objective covered:

1.2 Summarize fundamental security concepts

• Physical security (bollards, access control vestibule, fencing, video surveillance, security guard, access badge, lighting, sensors: infrared, pressure , microwave, ultrasonic)
• Physical attack (brute force, environmental)

3.3 Compare and contrast concepts and strategies to protect data

• General data considerations (data sovereignty)

3.4 Explain the importance of resilience and recovery in security architecture

• High availability (load balancing vs. clustering)
• Site considerations (hot, cold, warm, geographic dispersion)
• Platform diversity
• Continuity of operations
• Capacity planning (people, technology, infrastructure)
• Testing (tabletop exercises, fail over, simulation, parallel processing)
• Backups (onsite/offsite, frequency, encryption, snapshots, recovery, replication, journaling)
• Power (generators, uninterruptible power supply (ups))

4.2 Explain the security implications of proper hardware, software, and data asset management

• Acquisition/procurement
• Assignment/accounting (ownership, classification)
• Monitoring/asset trasking (inventory / enumeration)

5.2 Explain elements of the risk management process

• Recovery Time Objective (RTO)
• Recovery Point Objective (RPO)
• Mean Time To Repair (MTTR)
• Mean Time Between Failures (MTBF)

10) Understanding cryptography and PKI

1. Introducing cryptography concepts
2. Providing integrity with hashing
   • Hash versus checksum
   • MD5
   • Secure hash algorithms
   • Hmac
   • Hashing files
   • Hashing messages
   • Using hmac
   • Hashing passwords
   • Undertanding hash collisions
3. Understanding password attacks
   • Dictionary attacks
   • Brute force attacks
   • Password spraying attacks
     • Pass the hash attacks
   • Birthday attacks
   • Rainbow table attacks
   • Salting passwords
   • Key stretching
4. Providing confidentiality with encryption
   • Symmetric encryption
   • Block versus stream ciphers
   • Common symmetric algorithms
     • AES
     • 3DES
     • Blowfish and twofish
   • Asymmetric encryption
     • Key exchange
     • The reyburn box
   • Certificates
   • Ephemeral keys
   • Elliptic curve cryptography
   • Key lenght
   • Obfuscation
     • Steganography
     • Tokenization
     • Masking

5. Using cryptographic protocols
   • Protecting email
     • Signing email with digital signatures
     • Encrypting email
     • S/mime
   • HTTPS transport encryption
     • TLS versus SSL
     • Encrypting HTTPS traffic with TLS
     • Downgrade attacks on weak implementations
   • Blockchain
   • Identifyng limitations
     • Resource versus security constraints
     • Speed and time
     • Size and computational overhead
     • Entropy
     • Predictability
     • Weak keys
     • Reuse
     • Plaintext attack

6. Exploring PKI components
   • Certificate authority
   • Certificate trust models
   • Registration authority and CSRs
   • Online versus offline CAs
   • Updating and revoking certificates
   • Certificate revocation list
   • Validating a certificate
   • Certificate pinning
   • Key escrow
   • Key management
   • Comparing certificate types
   • Comparing certificate formats

Objective covered:

1.2 Summarize fundamental security concepts

• Non-repudation
  • Explain the importance of using appropriate cryptography solutions
• Public key infrastructure (PKI) (public key, private key, key escrow)
• Encryption (transport/communication, asymmetric, symmetric, key exchange, algorithms, key length)
• Obfuscation (steganography, tokenization, data masking)
• Hashing
• Salting
• Digital signatures
• Key stretching
• Blockchain
• Open public ledger
• Certificates (Certificate Authorities, Certificate Revocation Lists (CRLs), Online Certificate Status Protocol (OCSP), self-signed, third-party, root of trust, Certificate Signing Request (CSR) generation, wildcard )

2.3 Explain various types of vulnerabilities

• Cryptographic
• Cryptographic attacks (downgrade, collision, birthday)
• Password attacks (spraying, brute force)

3.3 Compare and contrast concepts and strategies to protect data

• General data considerations (data states: at rest, in transit, in use)
• Methods to secure data (encryption, hashing, masking, tokenization, obfuscation)

11) Implementing policies to mitigate risks

1. Change management
   • Business processes
   • Technical implications
   • Documentation and version control
2. Protecting data
   • Understanding data types
   • Classifying data types
   • Securing data
   • Data retention
   • Data sanitization
3. Incident response
   • Incident response plan
     • Communication plan
   • Incident response process
   • Incident response training and testing
   • Threat hunting
   • Understanding digital forensics
     • Acquisition and preservation
     • Legal holds and electronic discovery
     • Admissibility of documentation and evidence
     • Reporting
   • Understanding SOAR
     • Playbooks
     • Runbooks

4. Security governance
   • Governance structures
   • External considerations
   • Security policies
   • Security standards
   • Security procedures
   • Security guidelines
   • Data governance
   • Data roles
   • Monitoring and revision
5. Third-party risk management
   • Supply chain and vendors
   • Vendor assessment
   • Vendor selection
   • Vendor agreements
6. Security compliance
   • Compliance monitoring and reporting
   • Privacy
   • Data inventory and retention
7. Security awareness
   • Computer-based training
   • Phishing campaigns
   • Recognizing anomalous behavior
   • User guidance and training
   • Awareness program development and execution

Objective covered:

• Explain the importance of change management processes and the impact to security

• Business processes impacting security operation (approval process, ownership, stakeholders, impact analysis, test results, backout plan, maintenance window, standard operating procedure)
• Technical implications (allow lists/deny lists, restricted activities, downtime, service restart, application restart, legacy applications, dependencies)
• Documentation (updating diagrams,updating policies / procedures)
• Version control
  • Compare and contrast concepts and strategies to protect data
• Data types (regulated, trade secret, intellectual property, legal information, financial information, human-and non-human-readable)
• Data classifications (sensitive, confidential, public, restricted, private, critical)

4.2 explain the security implications of proper hardware, software, and data asset management

• Disposal/decommissioning (sanitization, destruction, certification, data retention)

4.3 explain various activities associated with vulnerability management

• Application security (static analysis, dynamic analysis, package monitoring)
  • Explain appropriate incident response activities
• Process (preparation, detection, analysis, containment, eradication, recovery, lesson learned)
• Training
• Testing (tabletop exercise, simulation)
• Root cause analysis
• Threat hunting
• Digital forensics (legal hold, chain of custody, acquisition, reporting, preservation, e-discovery)

5.1 summarize elements of effective security governance

• Guidelines
• Policies (Acceptable Use Policy (AUP),information security policies ,business continuity , disaster recovery, incident response , Software Development Lifecycle (SDLC), change management)
• Standards (password, access control, physical security, encryption)
• Procedures (change management, onboarding/offboarding, playbooks)
• External considerations (regulatory, legal, industry, local/regional, national, global)
• Monitoring and revision
• Types of governance structures (boards, committees, government entities, centralized/decentralized)
• Roles and responsibilities for systems and data (owners, controllers, processors, custodians/stewards)

5.3 Explain the processes associated with third-party risk assessment and management

• Vendor assessment (penetration testing, right-to-audit clause, evidence of internal audits, independent assessments, supply chain analysis)
• Vendor selection (due diligence, conflict of interest)
• Agreement types (Service-Level Agreement (SLA), Memorandum Of Agreement (MOA), Memorandum Of Understanding (MOU), Master Service Agreement (MSA), Work Order (WO)/Statement Of Work (SOW), Non-Disclosure Agreement (NDA), Business Partners Agreement (BPA)
• Vendor monitoring
• Questionnaires
• Rules of engagement

5.4 Summarize elements of effective security compliance

• Compliance reporting (internal, external)
• Consequences of non-compliance (fines, sanctions, reputational damage, loss of license, contractual impacts)
• Compliance monitoring (due diligence/care, attestation and acknowledgement, internal and external, automation)
• Privacy (legal implications, local/regional, national, global)
• Data subject
• Controller vs. Processor
• Ownership
• Data inventory and retention
• Right to be forgotten

5.6 Given a scenario, implement security awareness practices

• Phishing (campaigns, recognizing a phishing attempt, responding to reported suspicious messages)
• Anomalous behavior recognition (risky, unexpected, unintentional)
• User guidance and training (policy/handbooks, situational awareness, insider threat, password management, removable media and cables, social engineering, operational security, hybrid/remote work environment)
• Reporting and monitoring (initial, recurring)
• Development and Execution

MODULO B: Corso Penetration Test e Hacking Etico | Certificato CompTIA PenTest+

1.1: Professional Conduct and Penetration Testing

Exam Objectives Covered:

• Summarize pre-engagement

Topics:

• Professional Conduct and Penetration Testing
• What Is Penetration Testing?
• Ethics, Legal, and Compliance Considerations of Penetration Testing
• Importance and Examples of Documentation
• Scoping and Authorization
• Overview of the PenTest Report
• Live Lab: Exploring the Lab Environment

1.2: Collaboration and Communication

Exam Objectives Covered:

• Explain collaboration and communication

Topics:

• Collaboration and Communication
• Collaboration and Communication Overview
• PenTest Team Roles and Responsibilities
• Communicating with Clients and Team Members
• Peer Review
• Stakeholder Alignment
• Root Cause Analysis
• Escalation Path
• Secure Distribution
• Articulation of Risk, Severity, and Impact
• Goal Reprioritization
• Business Impact Analysis
• Client Acceptance

1.3: Testing Frameworks and Methodologies

Exam Objectives Covered:

• Compare and contrast testing frameworks and

Topics:

• Testing Frameworks and Methodologies
• Testing Frameworks and Methodologies Overview
• Open Source Security Testing Methodology Manual (OSSTMM)
• Council of Registered Ethical Security Testers (CREST)
• Penetration Testing Execution Standard (PTES)
• MITRE ATT&CK
• Open Web Application Security Project (OWASP) Top 10
• OWASP Mobile Application Security Verification Standard (MASVS)
• Purdue Model
• Threat Modeling Frameworks

1.4: Introduction to Scripting for Penetration Testing

Exam Objectives Covered:

• Summarize pre-engagement 1.2 Given a scenario, modify scripts for reconnaissance and enumeration.

Topics:

• Introduction to Scripting for Penetration Testing
• Scripting Languages
• Bash Shell and Bash Script
• Python
• Powershell
• Use of Libraries, Functions, and Classes
• Logic Constructs
• Create Logic Constructs

2.1: Define the Scope

Exam Objectives Covered:

• Summarize pre-engagement

Topics:

• Define the Scope
• Regulations, Frameworks, and Standards
• Rules of Engagement
• Agreement Types
• Target Selection

2.2: Compare Types of Assessments

Exam Objectives Covered:

• Summarize pre-engagement

Topics:

• Compare Types of Assessments
• Types of Assessments Overview
• Web and Application Assessments
• Network Assessments
• Activity: Assess Environmental Considerations
• Mobile Assessments
• Cloud Assessments
• Wireless Assessments
• IoT Devices and Penetration Testing
• Information Technology Versus Operational Technology

2.3: Utilize the Shared Responsibility Model

Exam Objectives Covered:

• Summarize pre-engagement

Topics:

• Utilize the Shared Responsibility Model
• The Shared Responsibility Model Overview
• Hosting Provider Responsibilities
• Customer Responsibilities
• Penetration Tester Responsibilities
• Third-Party Responsibilities

2.4: Identify Legal and Ethical Considerations

Exam Objectives Covered:

• Summarize pre-engagement

Topics:

• Identify Legal and Ethical Considerations
• Authorization Letters
• Mandatory Reporting Requirements
• Risk to the Penetration Tester
• Documenting Pre-Engagement Activities

3.1: Information Gathering Techniques

Exam Objectives Covered:

• Given a scenario, apply information gathering 2.3 Given a scenario, modify scripts for reconnaissance and enumeration.

Topics:

• Information Gathering Techniques
• Active and Passive Reconnaissance
• Tools for Reconnaissance
• Open-Source Intelligence (OSINT)
• Using Shodan
• Previously Breached Password Lists
• Network Reconnaissance
• Basics of Scanning
• Perform Recon with Nmap
• Certificate Transparency Logs
• Information Disclosure
• Search Engine Analysis/Enumeration
• Network Sniffing
• Data Manipulation

3.2: Host and Service Discovery Techniques

Exam Objectives Covered:

2.1 Given a scenario, apply information gathering techniques.2.2 Given a scenario, apply enumeration techniques.2.3 Given a scenario, modify scripts for reconnaissance and enumeration.2.4 Given a scenario, use the appropriate tools for reconnaissance and enumeration.

Topics:

• Host and Service Discovery Techniques
• What Is Enumeration?
• Host Discovery
• Scripting with Nmap
• Activity: Scripting with Nmap
• Banner Grabbing
• Protocol Enumeration
• Service Discovery
• DNS Enumeration
• Operating System (OS) Fingerprinting
• Perform Enumeration with Nmap
• Live Lab: DNS Enumeration and Reconnaissance

3.3: Enumeration for Attack Planning

Exam Objectives Covered:

• Given a scenario, apply enumeration 2.4 Given a scenario, use the appropriate tools for reconnaissance and enumeration.

Topics:

• Enumeration for Attack Planning
• Attack Path Mapping
• Manual Enumeration
• Simple Network Management Protocol
• Documenting Enumeration Activities
• Activity: Document Enumeration Activities

3.4: Enumeration for Specific Assets

Exam Objectives Covered:

• Given a scenario, apply enumeration 2.4 Given a scenario, use the appropriate tools for reconnaissance and enumeration.3.1 Given a scenario, conduct vulnerability discovery using various techniques.

Topics:

• Enumeration for Specific Assets
• Directory Enumeration
• User Enumeration
• Wireless Enumeration
• Permission Enumeration
• Secrets Enumeration
• Share Enumeration
• Web Application Firewall (WAF) Enumeration
• Perform a Decoy Scan
• Industrial Control Systems (ICS) Vulnerability Assessment
• Web Crawling/HTML Scraping

4.1: Vulnerability Discovery Techniques

Exam Objectives Covered:

• Given a scenario, conduct vulnerability discovery using various 3.2 Given a scenario, analyze output from reconnaissance, scanning, and enumeration phases.

Topics:

• Vulnerability Discovery Techniques
• Tools for Vulnerability Discovery
• Types of Scans
• Container Scans
• Application Scans
• Scan for Cleartext Vulnerabilities
• Network Scans
• Activity: Scan Identified Targets
• Host-Based Scans
• Live Lab: Using Metasploit
• Secrets Scanning
• Wireless Scans
• Use aircrack-ng to Discover Hidden Networks
• Locate a Rogue Wireless Access Point
• Validate Scan, Reconnaissance, and Enumeration Results
• Applied Live Lab: Network Reconnaissance
• Scan for Linux Vulnerabilities

4.2: Analyzing Reconnaissance Scanning and Enumeration

Exam Objectives Covered:

• Given a scenario, analyze output from reconnaissance, scanning, and enumeration

Topics:

• Analyzing Reconnaissance Scanning and Enumeration
• Public Exploit Selection
• Use Scripting to Validate Results

4.3: Physical Security Concepts

Exam Objectives Covered:

• Explain physical security

Topics:

• Physical Security Concepts
• Tailgating
• Site Surveys
• Universal Serial Bus (USB) Drops
• Badge Cloning
• Lock Picking
• Documenting Scanning and Identifying Vulnerabilities Activities
• Activity: Identify Physical Security Concepts

5.1: Prepare and Prioritize Attacks

Exam Objectives Covered:

• Given a scenario, analyze output to prioritize and prepare

Topics:

• Prepare and Prioritize Attacks
• Target Prioritization
• High-Value Asset Identification
• Descriptors and Metrics
• End-of-Life Software and Systems
• Default Configurations
• Running Services
• Vulnerable Encryption Methods
• Defensive Capabilities
• Capability Selection
• Exploit Selection and Customization
• Documentation Procedures for Attacks
• Dependencies
• Consideration of Scope Limitations
• Activity: Customize Exploits
• Live Lab: Evaluate EOL Software & Systems
• Applied Live Lab: Exploiting Default Configurations with Responder

5.2: Scripting Automation

Exam Objectives Covered:

4.10 Given a scenario, use scripting to automate attacks.

Topics:

• Scripting Automation
• Types of Scripting Automation
• PowerShell
• Bash
• Python
• Breach and Attack Simulation (BAS)
• Live Lab: Executing Scripts to Automate Tasks

6.1: Web-based Attacks

Exam Objectives Covered:

• Given a scenario, perform web application attacks using the appropriate

Topics:

• Web-based Attacks
• Web Application Attacks Overview
• Types of Web Application Attacks
• Tools for Performing Web Application Attacks
• Brute-Force Attack
• Collision Attack
• Directory Traversal
• Request Forgery Attacks
• Deserialization Attack
• Injection Attacks
• Activity: Injection Attacks
• Insecure Direct Object Reference
• Session Hijacking
• Arbitrary Code Execution
• File Inclusions
• API Abuse
• JSON Web Token (JWT) Manipulation
• Live Lab: Evaluating a Database Using SQLMap
• Live Lab: Exploiting Directory Traversal
• Live Lab: Performing XSS
• Live Lab: Abusing Insecure Direct Object References
• Live Lab: Performing Lateral Movement
• Live Lab: Performing RFI and LFI Exploitation

6.2: Cloud-Based Attacks

Exam Objectives Covered:

• Given a scenario, perform cloud-based attacks using the appropriate

Topics:

• Cloud-Based Attacks
• Cloud-Based Attacks Overview
• Types of Cloud-Based Attacks
• Tools for Performing Cloud-Based Attacks
• Metadata Service Attacks
• Access Management Misconfigurations
• Third-Party Integrations
• Resource Misconfiguration
• Activity: Conduct Resource Misconfiguration Attacks
• Logging Information Exposure
• Image and Artifact Tampering
• Supply Chain Attacks
• Workload Runtime Attacks
• Container Escape
• Trust Relationship Abuse
• Perform and Analyze a SYN Flood Attack

7.1: Perform Network Attacks                                                        

Exam Objectives Covered:

• Given a scenario, perform cloud-based attacks using the appropriate

Topics:

• Perform Network Attacks
• Network Attack Types
• Tools for Performing Network Attacks
• Default Credentials
• On-Path Attack
• Certificate Services
• Misconfigured Services Exploitation
• Virtual Local Area Network (VLAN) Hopping
• Multihomed Hosts
• Relay Attack
• IDS Evasion
• Live Lab: Sniffing Network Traffic
• Applied Live Lab: Exploring the Power of Nmap NSE
• Live Lab: Discovering Vulnerabilities with Netcat
• Applied Live Lab: Performing a Relay Attack

7.2: Perform Authentication Attacks

Exam Objectives Covered:

• Given a scenario, perform authentication attacks using the appropriate

Topics:

• Perform Authentication Attacks
• Authentication Attack Types
• Tools for Performing Authentication Attacks
• Multifactor Authentication (MFA) Fatigue
• Pass-the-Hash Attacks
• Pass-the-Ticket Attacks
• Pass-the-Token Attacks
• Kerberos Attacks
• Lightweight Directory Access Protocol (LDAP) Injection
• Dictionary Attacks
• Crack a Password with John the Ripper
• Brute-Force Attacks
• Mask Attacks
• Password Spraying
• Credential Stuffing
• OpenID Connect (OIDC) Attacks
• Security Assertion Markup Language (Saml) Attacks
• Live Lab: Cracking Passwords

7.3: Perform Host-Based Attacks

Exam Objectives Covered:

• Given a scenario, perform host-based attacks using the appropriate

Topics:

• Perform Host-Based Attacks
• Types of Host-Based Attacks
• Tools for Performing Host-Based Attacks
• Privilege Escalation
• Credential Dumping
• Circumventing Security Tools
• Clear Audit Policies
• Misconfigured Endpoints
• Payload Obfuscation
• User-Controlled Access Bypass
• Shell Escape
• Kiosk Escape
• Library Injection
• Process Hollowing and Injection
• Log Tampering
• Unquoted Service Path Injection
• Documenting Enterprise Attacks
• Applied Live Lab: Performing an On-Path (AiTM) Attack
• Live Lab: Performing Privilege Escalation
• Live Lab: Implementing Payload Obfuscation
• Live Lab: Performing SQL Injection
• Live Lab: Investigating with Evil-WinRM
• Live Lab: Exploiting LOLBins
• Live Lab: Implementing Credential Dumping

8.1: Wireless Attacks                                                                      

Exam Objectives Covered:

• Given a scenario, perform wireless attacks using the appropriate

Topics:

• Wireless Attacks
• Types of Wireless Attacks
• Tools for Performing Wireless Attacks
• Activity: Explore Wireless Tools
• Wardriving
• Bluetooth
• Evil Twin Attack
• Signal Jamming
• Protocol Fuzzing
• Packet Crafting
• Deauthentication
• Captive Portal
• Wi-Fi Protected Setup (WPS) and Personal Identification (PIN) Attack

8.2: Social Engineering Attacks

Exam Objectives Covered:

• Given a scenario, perform social engineering attacks using the appropriate

Topics:

• Social Engineering Attacks
• Types of Social Engineering Attacks
• Tools for Performing Social Engineering Attacks
• Phishing, Whaling, Spear phishing, and Smishing
• Social Engineering Techniques for Gathering Information
• Watering Hole
• Credential Harvesting
• Live Lab: Performing Social Engineering using SET

8.3: Specialized System Attacks

Exam Objectives Covered:

• Explain common attacks against specialized

Topics:

• Specialized System Attacks
• Types of Specialized System Attacks
• Tools for Performing Specialized System Attacks
• Mobile Attacks
• AI Attacks
• Operational Technology (OT)
• Radio-Frequency Identification (RFID) and Near-Field Communication (NFC)
• Bluejacking
• Conducting Specialized Penetration Testing Attacks

9.1: Establish and Maintain Persistence

Exam Objectives Covered:

• Given a scenario, perform tasks to establish and maintain

Topics:

• Establish and Maintain Persistence
• Principals of Establishing and Maintaining Persistence
• Scheduled Tasks/cron Jobs
• Service Creation
• Reverse and Bind Shells
• Add New Accounts
• Obtain Valid Account Credentials
• Registry Keys
• Command and Control (C2) Frameworks
• Backdoor
• Activity: Maintain Persistence
• Create a Backdoor with Metasploit
• Rootkit
• Browser Extensions
• Tampering Security Controls
• Live Lab: Configuring Reverse and Bind Shells
• Live Lab: Establishing Persistence and Other Post-Exploitation Activities

9.2: Move Laterally through Environments

Exam Objectives Covered:

• Given a scenario, perform tasks to move laterally throughout the

Topics:

• Move Laterally through Environments
• Lateral and Horizontal Movement
• Scan for Open Ports from a Remote Computer
• Techniques for Moving Laterally through Environments
• Tools for Moving Laterally through Environments
• Pivoting
• Relay Creation
• Enumeration
• Perform Enumeration of MSSQL with Metasploit
• Service Discovery
• Perform a Scan Using Zenmap
• Bypass Windows Firewall
• Window Management Instrumentation (WMI)
• Window Remote Management (WinRM)

9.3: Staging and Exfiltration

Exam Objectives Covered:

• Summarize concepts related to staging and

Topics:

• Staging and Exfiltration
• Fundamentals of Staging and Exfiltration
• Getting Data from a Target
• Hide Files with OpenStego
• Alternate Data Streams
• Applied Live Lab: Staging and Exfiltration Using ADS

9.4: Cleanup and Restoration

Exam Objectives Covered:

• Explain cleanup and restoration

Topics:

• Cleanup and Restoration
• Cleanup and Restoration Procedures
• Activity: Implement Cleanup and Restoration Activities
• Documenting Penetration Testing Tasks

10.1 : Penetration Test Report Components

Exam Objectives Covered:

Explain the components of a penetration test report.

Topics:

• Penetration Test Report Components
• Creating the Penetration Test Report
• Reporting Considerations
• Report Components and Definitions
• Documentation Specifications and Format Alignment
• Risk Scoring
• Test Limitations and Assumptions

10.2: Analyze Findings and Remediation Recommendations

Exam Objectives Covered:

Given a scenario, analyze the findings and recommend the appropriate remediation within a report.

Topics:

• Analyze Findings and Remediation Recommendations
• Analyzing Findings and Developing Recommendations Overview
• Technical Controls
• Administrative Controls
• Operational Controls
• Physical Controls
• Activity: Administrative and Operational Controls