Skip to main content

CompTIA Security+

A collection of notes taken while studying for the Security+ certification.

Introduction

Welcome to Security+. Let's grind this out before its graduation day. Challenges Sophisticated A...

Unit 1

Sophisticated Attacks

Complex attacks that are difficult to detect and thwart. Sophisticated attacks use common interne...

Proliferation of Attack Software

A wide variety of attack tools that are freely available on the Internet, making any reasonably k...

Attack Scale and Velocity

Modern attacks spread very quickly, up to millions of computers in a matter of minutes or even da...

Unit 2

Threat Actors

We need to create profiles of the different types of attacks we see. Historically, cybersecurity ...

General Attack Strategies

What are the most common methods attackers use to conduct an exploit? Attack Strategy Descript...

General Defense Strategies

What are the common methods organizations use to defend their systems from attacks? Methodolog...

Attack Surfaces

All the points at which a malicious actor could try to exploit a vulnerability. Any location or m...

Social Engineering

Use Loki's tactics to convince unsuspecting users to provide sensitive data or to violate securit...

Malware

Software that serves a malicious purpose, typically installed without the user's consent (or know...

Unit 3

Overview of Cryptography

The process of writing or solving messages using a secret code. This would be the proper definit...

Asymmetric Encryption

Where encryption and decryption are handled by two different keys. A user will generate a keypai...

Stream Ciphers

A symmetric encryption method that encrypts data one bit at a time. The stream cipher is based o...

Block Ciphers

A symmetric encryption algorithm that encrypts data in set chunks, with varying chunk sizes. Com...

Blockchain

A unique and increasingly popular implementation of cryptography that was developed in 2008. Blo...

Cryptographic Attacks

There is no such thing as a sure thing when it comes to protecting data stored on computer system...

GNU Privacy Guard

An encryption tool that encrypts emails, digitally signs them, and also encrypts documents. GPG ...

Unit 4

Smart Card Authentication

The usage of plastic cards (similar to credit cards) to store and use encrypted authentication in...

Linux Group Commands

Manage group accounts and group membership in the Linux operating system. Command Functio...

Network Federation

The notion that a network needs to be accessible to more than just a well-defined group of employ...

Unit 5

NAC Agents

How can devices connect to a network that has a robust access control configuration? NAC doesn't...

NAC Process

A terribly complicated four-step process that requires forethought when implementing network acce...

Implementing Switch Security

Learn what to look out for when hardening a switch.  

Unit 6

Physical Security

Lock the aliens out! Physical security is the first line of defense when it comes to physical ac...

Reconnaissance

Spy on the infidels!  The goal of monitoring is to keep track of conditions on the network, iden...

Unit 7

Vulnerability Types

add one proton, electron, or neutron to every atom in your body? You need to: patch outdated ...

Vulnerability Scanning

who is the single guy from pyeongyang, north korea on steam Generally Good Ideas Look for: o...

Security Information Events Manager

Software designed to manage security data inputs and provide reporting and alerting. The core fu...

Data Loss Prevention

We need to make sure the REAL Epstein files don't leak. DLP automates the discovery and classifi...

Unit 8

Wireless Access Methods

There are a variety of options at your disposal. Choose the method based on the use/purpose of t...

Web App Attacks

There are lots of them. In fact, here's a list of them. Privilege Escalation Pointer/object ...

Waterfall Development Life Cycle

The most widely used software development model. Waterfall requires each step to be fully comple...

Agile Software Development Model

A more agile approach to software development. Agile depicts software development as a never end...

Software Sandboxing

A security mechanism used in software development used to isolate running processes from each oth...

Static Code Analysis

The process of scrutinizing source code to identify potential problems and non-compliant coding p...

Secure Coding Techniques

We must protect our code from getting skidded! Thou shalt release an application that is globall...

Code Signing

Pay Microsoft and promise your code is safe and secure and totally isn't spyware or adware. Code...

Secure Cookies

Cookies are small pieces of data stored on a computer by a web browser while accessing a website....

Unit 10

Securing Embedded Systems

lock them in a white room. Smart devices are popular, but they are a black box. The consumer usu...

Email Security

who even still uses email anyway Email is cleartext by default. However, S/MIME and PGP are used...

Unit 11

Governance and Accountability

who in tel aviv can i blame for all my problems Governance practices ensure organizations abide ...

Data Governance Roles

role-based access control redux Role Description Role Owner A senior (...

Unit 12

Third Party Vendors

just don't get third partied uhhh third parties are sometimes good and sometimes bad. choose the...

Rules of Engagement

the parameters and expectations for third-party relationships we need to expect a certain level ...

Vendor Assessment

how do we know which third-party vendors to do business with? uhhh just do a bunch of stuff on t...
Back to top