
Corey Charles is a seasoned IT Security professional with ten years of experience. His expertise is in the Vulnerability Management area of IT Security. Mr. Charles has worked on many contracts and projects supporting government, healthcare and private sector clients. He has worked in many infrastructures and applied a large range of compliance standards across many enterprises.
Mr. Charles is the Founder/CEO/Owner of DreamVision IT LLC. He is recognized for diligence, attention to detail and skills accessing vulnerabilities in environments such as linux, unix, citrix and windows. Mr. Charles has been recognized by multiple clients as a subject matter expert in vulnerability management. Corey, has taught on the college level, teaching ethical hacking, network security, fundamentals of networking and web application development to name a few courses.
In closing, Mr. Charles is an industry certified, educational verified and client based testified expert in vulnerability management and IT Security.
Master the basics of vulnerability management by defining a vulnerability as a weakness in an application, including design flaws and template implementations, and identifying how attackers harm stakeholders.
Explore the risk management framework for selecting and tailoring security controls to manage organizational risk across systems, from categorization to monitoring.
Explore the five principles of threat-based security for network protection, from post-compromise detection and behavior-based indicators to evolving threat models, iteration by design, and realistic production-network testing.
Explore the CIA triad of confidentiality, integrity, and availability and it guides information security policies. Understand access controls, data handling, and backups that protect data integrity and ensure reliable availability.
Explore how vulnerability management rates attack vectors by network, adjacent, local, and physical access, linking exploitability metrics to the vulnerable component and potential attack paths.
Explore post compromised threats, attacker tactics, and attack categories, detailing techniques like persistence, privilege escalation, defense evasion, discovery, and lateral movement.
Explore physical vulnerabilities from natural disasters and human threats, and examine defenses like fences, gates, and badge kiosks, alongside patching, strong passwords, firewall rules, and application risks like SQL injection.
Explore tcp/ip vulnerabilities across the core protocol suite, from legacy insecure tools like rcp and remote login to worm-driven attacks, highlighting password sniffing, denial of service, and cross-platform weaknesses.
Explore IP vulnerabilities that threaten networks, including spoofing of source addresses and MAC address mapping, man-in-the-middle and eavesdropping, spoofed emails, and denial-of-service attacks like ping floods and teardrop fragmentation.
Explore ICMP as a connectionless network-layer protocol that carries diagnostic messages, including echo requests and time-to-live expired notices, and reports errors when routes or hosts are inaccessible.
Examine TCAP vulnerabilities in IP networks, compare TCAP reliability with UDP, and study acknowledgments, three- and four-way handshakes, flow control, and firewall defenses against spoofing and flood attacks.
Explore tcp session hijacking by predicting sequence numbers and spoofing ip or mac addresses, overcoming authentication. Examine application-level hijacking through stolen session ids and http session access.
Highlight how UDP's lack of reliability, flow control, and error recovery enables spoofing and eavesdropping, enabling resource exhaustion and attacker exploitation via SQL Server keepalive attacks.
In this lecture, we are walking thru the patch management process step by step.
Predicting vulnerabilities uses local sensitivity and adaptive capacity to identify gaps, map potential impacts, and integrate vulnerability assessments with change management, scans, and patching to protect systems.
This lecture covers poor logging vulnerability, promoting a single shared logger and frequent password changes for training, and explains vulnerability assessment versus testing with end users as the primary threat.
Learn how to perform preliminary network scanning with Nmap, identify the network range, run aggressive scans and OS/version detection, and produce targeted reports of open ports and services.
Launch and read a Nessus scanner lab scan, configure policies and targets, and interpret the vulnerability report by critical, high, medium, and low severities.
Learn to capture ethernet traffic between Windows and Linux VMs with Wireshark, verify connectivity using ping and UDP packets, and observe handshake and MAC address resolution.
Learn to perform vulnerability analysis through real-time security data review, correlate synchronized alerts, inspect packet data and TCAP traffic, and use sandbox malware analysis to assess indicators and persistence.
Perform a cryptography lab by navigating a server, manipulating directories, copying the Art of War file, and computing MD5 digests to explore hash collisions.
Introduction to vulnerability management introduces basic scanning as a foundation for evaluating vulnerabilities across systems and environments.
Identify network vulnerabilities using OpenVAS, perform discovery scans, generate reports, and guide remediation to strengthen vulnerability management.
Analyze a sql injection attack by examining network traffic and a packet capture, identify the attacker's methods, and reconstruct the vulnerable page to understand the exploit vector.
We will cover the Vulnerability Management and Assessment Process.
Provide entry to vulnerability management and fundamentals of network security through a special $10 course offer, using the graduate code for current and future courses.
The course covers the basics of Vulnerability Management. The course dives into detail information of on the critical issues of vulnerabilities. It covers risk management and covers the basis of penetration testing vs vulnerability management as well. The course also includes lab simulation of vulnerability management processes. The lab introduces the students to Nessus and how vulnerabilities are tracked in the security scanner based on the respective critical level.