Security+ 003 - 1.3 Potential Indicators of an Application Attack

1.0 Attacks, Threats, and Vulnerabilities

1.3 Potential Indicators of an Application Attack

Privilege Escalation - When an attacker is able to gain a higher level access to the system than what their authentication allows.

Cross-site scripting (XSS) - An attack where client-side scripts are able to be injected into web pages viewed by other users.

        Injections - An attacker is able to put their code into existing data

        Structured Query Language (SQL) - Modify SQL data or access non-protected SQL data

        Dynamic-Link Library (DLL) - An attacker has an application run a program.

        Lightweight Directory Access Protocol (LDAP) - Can modify LDAP requests to manipulate app results.

        Extensible Markup Language (XML) - Used to transfer data, man in the middle attacks

Pointer/Object Dereference - Attacker dereferences a portion of memory that’s being used by an application where nothing was stored to cause a crash/denial of service.

Directory Traversal - Attacker is able to read files on the server that the application/website is running on.

Buffer Overflows - Amount of data in the buffer exceeds its storage capacity.

Race Conditions - Situation where a device runs operations at the same time when it should sequence the operations.

        Time of Check/Time of Use - Bug where the attacker can check the state of part of a system (credentials) and use the results elsewhere.

Error Handling - An application's response and recovery procedures from an error condition.

Improper Input Handling - Functions such as validation, sanitization, filtering, or encoding/decoding of input data.

Replay Attack - Attacker eavesdrops on network communication, intercepts it, and delays or resends it to misdirect the receiver.

        Session Replays - Attacker replays the journey a user made on a website, mobile app, or web app.

Integer Overflow - An arithmetic operation attempts to create a numeric value that is outside of the range that can be represented with a given number of digits.

Request Forgeries

        Server-Side (SSRF) - Attacker forces a server to make additional client requests.

        Cross-Site (CSRF) - Attacker forces an authenticated user to submit a request to a web app with their authenticated credentials.

Application Programming Interface (API) Attacks - Attacker abuses or manipulates use of an API (data breach).

Resource Exhaustion - Attacker exploits software to cause it to crash, (denial-of-service).

Memory Leak - Memory gets allocated, but never released/freed causing a crash.

Secure Sockets Layer (SSL) Stripping - Attacker is able to bypass security by downgrading your connection to an insecure one (https to http).

Driver Manipulation - Attacker exploits drivers. (keylogger)

        Shimming - Using things like compatibility mode to exploit vulnerabilities/elevate privileges.

        Refactoring - Attacker adds pointless code to have malware circumvent anti-virus signatures.

Pass the Hash - Attacker captures a password hash and uses it to authenticate.

AZ-500_000 Intro

AZ-500: Microsoft Azure Security Technologies

Microsoft Exam Page

Exam Objectives:

Manage identity and access (30-35%)

Implement platform protection (15-20%)

Manage security operations (25-30%)

Secure data and applications (25-30%)

AWS 002 - Cloud Practitioner Essentials, Module 2

AWS Cloud Practitioner Essentials

Module 2 - Compute in the Cloud

EC2 virtual servers can be optimized for a variety of purposes.

General Purpose Instance - Provides a balance of processing, memory, and networking resources.

Compute Optimized Instance - VM with an emphasis on high-processing power.

Memory Optimized Instance - VM with an emphasis on memory (RAM).

Accelerated Computing Instance - Server with hardware accelerator capabilities.

Storage Optimized Instance - VM with an emphasis on storage.

Amazon EC2 Auto Scaling - AWS Service that provides on-demand scaling based on either dynamic scaling or predictive scaling.

Minimum Capacity - A settable number (minimum 1) for the resting amount of instances running.

Desired Capacity - A settable number for the preferred amount of instances running, default is minimum capacity.

Maximum Capacity - A settable number for the maximum amount of instances Auto Scaling will run.

Elastic Load Balancing - AWS Service that automatically distributes application traffic across multiple resources (EC2 instances).

Tightly Coupled Architecture - Applications that communicate directly with each other (dependent on each other).

Loosely Coupled Architecture - Applications that communicate to each other through a queuing process, if one application fails it will not impact the others.

Amazon Simple Queue Service (Amazon SQS) - AWS Service that can send, receive, and store messages between software components at any volume. Stores messages until they are processed.

Amazon Simple Notification Service (Amazon SNS) - AWS Service that can send messages to software or end-users, uses a publish/subscribe model.

        SNS Topic - A channel for messages to be delivered.

Monolithic Application - Application made of multiple components that communicate with and are dependent on each other. Self-contained application.

Microservicing - Components of an application are decoupled to allow them to continue running even when other individual components an application uses fail.

Serverless - You cannot see or access the underlying infrastructure that are hosting your application.

AWS Lambda - Serverless AWS Service that allows you to upload code to a “Lambda Function” that can be triggered at a configured point and is best for code that takes less than 15 minutes to execute.

Amazon Elastic Container Service (Amazon ECS) - AWS Service container orchestration tool that helps you run your containerized applications at scale.

Amazon Elastic Kubernetes Service (Amazon EKS) - AWS Service container orchestration tool that is similar to ECS but with different tooling and features.

Docker Container - Platform that uses OS level virtualization to deliver software in a container.

Container - Package for your code where you package up your application, its dependencies, and any configurations that it needs to run. Run on a shared EC2 instance host, separated from each other.

Cluster - A number of EC2 instances running together.

Container Orchestration - The process of maintaining processes to start, stop, restart, and monitor containers.

AWS Fargate - Serverless AWS Service that can act as a platform for ECS and EKS.

Network+ 004 - 1.3 Types of Cables and Connectors

1.0 Networking Fundamentals

1.3 Types of Cables and Connectors

Copper

Twisted Pair - A type of wiring in which two conductors of a single circuit are twisted together for the purposes of improving electromagnetic compatibility.




Coaxial/RG-6 - Traditional cable used in residential and commercial installations. (TV cable)

Twinaxial - Similar to coaxial cable, but with two inner conductors instead of one

Termination Standards

Fiber

Single-mode - Optical fiber cable designed to carry a single mode of light over it.

Multi-mode - Optical fiber designed to carry multiple modes of light over it, used for short distances.

Connector Types

Local Connector (LC) - Little Connector, fiber-optic cable connector.


Straight Tip (ST) - Fiber-optic cable connector that uses a bayonet plug and socket.


Subscriber Connector (SC) - Fiber-optic cable connector that uses a push-pull latching mechanism.


Mechanical Transfer (MT) - Small fiber connector, used for small devices.


Registered Jack (RJ)


Angled Physical Contact (APC) - APC Connectors feature a fiber endface that is polished at an eight-degree angle.

Ultra-Physical Contact (UPC) - UPC connectors are polished with no angle, they will reflect light back to the source.

F-Type Connector

Transceivers/Media Converters - Network device that is able to receive and transmit signal; also able to receive and transmit over multiple types of media (cable, wifi, fiber, ect).

Transceiver Type

Small Form-Factor Pluggable (SFP) - A compact, hot-pluggable network interface module. (Ethernet)

Enhanced Form-Factor Pluggable (SFP+) - Supports higher speeds, up to 16 Gbit/s.

Quad Small Form-Factor Pluggable (QSFP) - Compact, hot-pluggable, multi-media capabilities. (Ethernet, fiber, InfiniBand)

Enhanced Quad Small Form-Factor Pluggable (QSFP+) - Supports higher speeds, up to 40 Gbit/s


Cable Management

Patch Panel/Patch Bay - Network hardware that has multiple ports, used to organize groups of cables, each port can be wired to a different location.

Fiber Distribution Panel - Fiber patch panel, used for cable termination and connections.

Punchdown Block - Copper cable termination, cable is physically “punched” into its connection.

66 - Manufactured in four configurations, A, B, E and M, largely obsolete.

110 - Used to terminate runs for an on-prem setup.

Krone - European alternative to 110 block

Bix - Building Industry Cross-connect is a 1970s punchdown block of a telephony cross-connect system.


Ethernet Standards

Copper

10Base-T - 10 Mbps, 100 meters

100Base-TX - 100 Mbps, 100 meters

1000Base-T - 1 Gbps, 100 meters

10GBase-T - 10 Gbps, 100 meters

40GBase-T - 40 Gbps, 30 meters


Fiber

100Base-FX - 125 Mbps, 2000 meters

100Base-SX - 100 Mbps, 115 meters

1000Base-SX - 1 Gbps, 550 meters

1000Base-LX - 1 Gbps, 10000 meters, single-mode

10GBase-SR - 10 Gbps, 300 meters

10Gbase-LR - 10 Gbps, 10000 meters, single-mode

Coarse Wavelength Division Multiplexing (CWDM) - Commonly supports eight wavelengths per fiber and is designed for short-range communications.

Dense Wavelength Division Multiplexing (DWDM) - Supports many more wavelengths, commonly 96 or more, optimal for long range communications.

Bidirectional Wavelength Division Multiplexing (WDM) - Uses the two normal wavelengths 1310 and 1550 nm on one fiber.

AWS 001 - Cloud Practitioner Essentials, Module 1

AWS Cloud Practitioner Essentials

Module 1 - Intro to AWS

Amazon EC2 - Amazon Elastic Compute Cloud, virtual server

Business Model: Only pay for what you use, resources expand only as you need them.

Cloud Computing - The on-demand delivery of IT resources over the internet/a network.

PowerShell 004 - PowerShell Dot Notation

Powershell Dot Notation

Dot notation gives you the ability to access properties nested within an object, this can be used to pull or modify data. I will be using Chrome preferences as my example file, see below.


        $username = (Get-WMIObject -ClassName Win32_ComputerSystem).Username.Split('\')[1]

This will set the variable $username as the currently logged in user without its domain included.


        $pref = Get-Content (“C:\Users\” + $username + ”\AppData\Local\Google\Chrome\User Data\Default\Preferences”) | ConvertFrom-JSON

This will set $pref as the contents of the user’s Chrome preferences and convert it into a more readable format for powershell.




You can use dot notation in conjunction with math operations to lead to expectable results. Anything between (parenthesis) will be done first, you can use a plus (+) as a way to add text together. In the examples above I set the variable “$username” to dynamically update based on who is currently logged in. I used this to add it in between two sets of exact text indicated by quotes (“”), and finally contained it all with parenthesis () to indicate this should be resolved before Get-Content. The piped in ConvertFrom-JSON will format this in a readable format for powershell.

Network+ 003 - 1.2 Network Topologies and Types

1.0 Networking Fundamentals

1.2 Network Topologies and Types

Mesh - Network objects connect directly, dynamically and non-hierarchically to as many other objects as possible and cooperate with one another to efficiently route data.



Star/Hub-and-Spoke - Network objects connect directly to a centralized hub that controls and operates the network.



Bus - Network objects connect to a shared single half-duplex (data can go both directions, one direction at a time) link/cable.



Ring - Each network object connects to only two other network objects forming a single continuous path for each network object.

Hybrid - A network that uses two or more network topologies together.



Network types and characteristics

Peer-to-peer (P2P) - Distributed application architecture that partitions/divides workloads between peers, peers are equally privileged.

Client-Server - Distributed application architecture that partitions workloads between the providers of a resource or service (servers), and service requesters (clients).

Local Area Network (LAN) - A collection of devices connected together in a single location.

Metropolitan Area Network (MAN) - A network spanning a city-sized geographic region.

Wide Area Network (WAN) - A network spanning a large geographic region, not tied to any single location.

Wireless Local Area Network (WLAN) - Wireless connected network devices in single location.

Personal Area Network (PAN) - Network used to connect an individual’s devices located within their vicinity.

Campus Area Network (CAN) - An interconnection of LANs within a limited geographical area.

Storage Area Network (SAN) - A network which provides shared access to data, stored at a block level.

Software-Defined Wide Area Network (SDWAN) - Software defined network, Virtual WAN, automated programmatic approach to enterprise network management.

Multiprotocol Label Switching (MPLS) - A routing technique that uses labels instead of addresses to route data along pre-existing routes between endpoint objects.

Multipoint Generic Routing Encapsulation (mGRE) - Developed by Cisco, Tunneling protocol that can encapsulate a wide variety of network layer protocols.



Service-Related Entry Point

Demarcation Point - The point where a public network ends and a private network begins, used to separate and determine responsibility of network issues based on where they are happening on a network.

Smartjack - Can be a signal converter or repeater, also provides diagnostic capabilities.



Virtual Network Concepts

vSwitch - Virtual Switch, Allows communication between virtual machines.

Virtual Network Interface Card (vNIC) - Virtual Network Interface Card, software emulated NIC used within a virtual machine to allow connections.

Network Function Virtualization (NFV) - Software replacement solution for networking hardware, virtualization, cloud computing.

Hypervisor - Similar to an emulator, runs and manages one or more virtual machines.


Provider Links - Internet Service Providers (ISP)

Satellite - Internet link provided through use of satellites.

Digital Subscriber Line (DSL) - Internet link provided over old phone systems using a modem.

Cable - Internet link provided through traditional coaxial copper cabling.

Leased Line - Contracted private line, dedicated line.

Metro-Optical - Hybrid network that combines Ethernet and Fiber technologies to provide an Internet link for a metro area.

AWS (Amazon Web Services) 000 - Intro

I have recently discovered AWS Training and Certification and plan on trying a few of the free courses to see how they are. I am starting with AWS Cloud Practitioner Essentials which is a 6 hour self-paced course focused on introducing the AWS basics.