What you'll learn

Comprehend Cyber Security
Gain an in-depth understanding of the 'Threats and Vulnerabilities' Domain of the Security+ Exam.

Course content

4 sections • 20 lectures • 2h 55m total length

Course Introduction4:58
Explore threats and vulnerabilities in security plus, covering malware, social engineering, cross-site scripting, DNS vulnerabilities, buffer overflow attacks, threat modeling, vulnerability scanning, wireless security, incident response, and honeypot defenses.
Malware14:25
Explore malware types and concealment techniques, from viruses, worms, and trojans to polymorphic and metamorphic variants, plus ransomware and keyloggers, and learn host and network countermeasures with threat intelligence.
Cyber Attacks17:54
Explore cyber attacks on wifi networks and the web, including shoulder surfing, dumpster diving, tailgating, impersonation, zero-day attacks, man-in-the-middle, spam, christmas tree packets, farming, pharming, and related defenses.
Social Engineering9:27
XSS - Cross-Site Scripting Attacks9:10
Test for cross site scripting vulnerabilities, identify exploits, and protect against XSS by validating and sanitizing user input and enabling server protections against payloads like script injections and cookie theft.
DNS Security4:45
Explore how root and authoritative name servers, caching dns servers, and dns records with ttl enable scalable, secure domain lookups through dnssec and trusted signatures.
Buffer Overflows - Part 112:38
Explore how buffer overflows enable arbitrary code execution by exploiting stack, heap, and memory layout, while reviewing mitigations like ASLR, DEP, and guard features.
Buffer Overflows - Part 211:15
Threat Modeling8:29
Hands-On Creating Your Own Virus Using JPS Virus Maker3:36
Explore how the Jay P.S. worm maker simulates viral behavior—creating self-replicating malware, disabling features, renaming to system executables, and optionally connecting to command-and-control, illustrating trojan-like threats.

Vulnerability Scanning and Pen Testing9:25
Explore the differences between vulnerability assessment and pen testing, including log reviews, synthetic transactions, code reviews, fuzzing, and white/gray/black box testing with SCAP and CVE/NVD references.
Platform Hardening and Baselining8:20
Learn to minimize attack surfaces through platform hardening and baselining, using configuration management to establish and audit secure baselines for operating systems, databases, and apps.
Hands-On Scanning with OpenVAS1:30
Log into the OpenVAS web interface, schedule and run scans on IP ranges, start a simple scan of 192.168.1.1, and review report listing vulnerabilities with host and service IP details.

Honeypots and Honeynets6:36
Security Information and Event Management12:29
Log management and security information and event management enable real-time analysis of logs with aggregation, correlation, alerting, and dashboards for compliance and forensics, including tamper-evident controls and chain of custody.
Hands-On Honeypots with Kippo6:50
Learn to deploy Kippo ssh honeypot in python, emulate an ssh environment with honey fs, capture attacker activity, replay logs, and detect honeypots with nmap scripts.
Course Summary1:49
Summarizes threats and vulnerabilities covered in the security plus course, including malware, cyber attacks, social engineering, dns security, buffer overflows, threat modeling, virus creation, scanning, pen testing, and wireless security.

Requirements

Students should have basic knowledge of operating systems such as Windows and Linux.
No special software is needed for this course.

Description

This course is for beginners and IT pros looking to get certified and land an entry level Cyber Security position paying upwards of six figures! There are currently over a million Cyber Security job openings global and demand is greatly outpacing supply which means more opportunity, job security and higher pay for you!

The Security+ exam covers six domains and this course focuses on the third domain which is 'Threats and Vulnerabilities'' domain.

Malware
Cyber attacks
DNS Security
Social engineering
Wireless attacks
Advanced wireless attacks
XSS - Cross-Site Scripting attacks
Buffer overflows
Security testing tools
SIEM - security information and events management
Platform hardening and baselining
Honeypots and honey nets
Vulnerability scanning and pen testing
Threat modeling

In Malware section we will define Malware categories and characteristics and talk through protective countermeasures to keep networks, systems and data safe from compromise.

There are so many different types of attacks sometimes it can be challenging to address them all within the context of our various lessons. So in the Cyber Attacks lesson I’ve pulled together some attack types that haven’t necessarily been covered in the other sections. When the internet was originally architected services such as DNS weren’t necessarily designed with security in mind. You will learn about DNS vulnerabilities, attacks and DNS Security protocols as part of the DNS Security lesson

Understand social engineering in the context of information security, which refers to psychological manipulation of people into performing actions or divulging confidential information.You will learn the basics of modern wireless security protocols, vulnerabilities, attacks and defense mechanisms in the wireless attacks lesson.Wireless networks represent the softest and most common entry point for hackers. We will talk about advanced wireless attacks and how to prevent them.

XSS and Injection are some of the top techniques used by attackers to compromise websites and user data. Learn how to test for XSS vulnerabilities, identify exploits and protect against them. Attack applications using buffer overflow techniques in order to execute arbitrary malicious code and we will also identify ways to mitigate these attacks.

There are practically an infinite number of security testing tools available both free and paid. In the security testing tools lesson we will begin to scratch the surface of some of these common tools and identify how we categorize them and their uses. Management of logs are a key component of operational security. These days the velocity, variety and volume of data collected via logs has catapulted log management into the realm of Big Data. You will learn how to effectively manage these logs and derive useful security information from them in the lesson on SIEM.

Minimizing the attack surface area of operating systems, databases and applications is a key tenet of operational security. I will show you techniques for OS/DB and App hardening. Luring attackers away from critical data and studying their behavior can help us to protect the data that matters most. You will learn how to use honeypots to tie up attackers and find out what they are up to.

Vulnerability Assessment and Pen Testing are often terms that are used interchangeably. In this section we will walk through some of the differences and commonalities between the two.

Who this course is for:

This course is intended for absolute beginners and IT professionals looking to make the move into the Cyber Security field. No programming experience or prior security knowledge is required. A basic understanding of networking and TCP/IP is helpful. This course is intended for anyone who is interested in a career in Cyber Security

What you'll learn

Explore related topics

Course content

Security Threats and Attacks10 lectures • 1hr 37min

Proactive Security3 lectures • 19min

Wireless Security3 lectures • 32min

Incident Response4 lectures • 28min

Requirements

Description

Who this course is for: