CySA+
  • Introduction
  • Exam Objectives
    • Quiz
      • Threat and Vulnerability Management Competency
        • Questions
  • 1.0 Threat and Vulnerability Management
    • 1.1 Explain the importance of threat data and intelligence
      • Page 1
      • Intelligence Sources
      • Confidence Levels
      • Indicator Management
        • Trusted Automated eXchange of Indicator Information (TAXII)
        • OpenIoC
      • Threat classification
        • Known threat vs. unknown threat
        • Zero-day
        • Advanced persistent threat
      • Open-source intelligence
      • Proprietary / closed-source intelligence
      • Timeliness, Relevancy, Accuracy
    • 1.2 Given a scenario, utilise threat intelligence to support organisational security
    • 1.3 Given a scenario, perform vulnerability management activities
    • 1.4 Given a scenario, analyse the output from common vulnerability assessment tools
    • 1.5 Explain the threats and vulnerabilities associated with specialised technology
    • 1.6 Explain the threats and vulnerabilities associated with operating in the cloud
    • 1.7 Given a scenario, implement controls to mitigate attacks and software vulnerabilities
  • 2.0 Software and Systems Security
    • 2.2 Explain software assurance best practices
    • 2.1 Given a scenario, apply security solutions for infrastructure management
    • 2.3 Explain hardware assurance best practices
Powered by GitBook
On this page
  1. 1.0 Threat and Vulnerability Management

1.4 Given a scenario, analyse the output from common vulnerability assessment tools

  • Web application scanner:

  • OWASP ZAP

  • Burp suite

  • Nikto

  • Arachni: evaluate web application security; scanning, scripted audits, vulnerability scans

  • Infrastructure vulnerability scanner:

    • Nessus

    • OpenVAS

    • Qualys

  • Software assessment tools and techniques:

    • Static analysis

    • Dynamic analysis

    • Reverse engineering

    • Fuzzing

  • Enumeration:

    • Nmap: returns port listing, MAC address, OS/kernel version, network distance, runtime

    • hping: sends TCP/UDP/ICMP/RAW-IP; firewall testing, TCP/IP auditing, network testing

    • Active vs passive

    • Responder: LLMNR/NBT-NS poisoner/rogue authentication server => steal NTLM hashes

  • Wireless assessment tools:

    • Aircrack-ng: suite of WiFi monitoring, attacking, testing & cracking (WEP/WPA) tools

    • Reaver: brute force against WPS PINs to recover WPA/WPA2 passphrases

    • oclHashcat: GPU-based hash cracker with dictionaries, masks, rules etc.

  • Cloud infrastructure assessment tools:

    • ScoutSuite: security posture assessment of cloud environments, highlights risks

    • Prowler: AWS security best practices assessment, auditing, hardening, forensics

Previous1.3 Given a scenario, perform vulnerability management activitiesNext1.5 Explain the threats and vulnerabilities associated with specialised technology

Last updated 2 years ago