SY0-601: CompTIA Security+ Certification Video Training Course
SY0-601: CompTIA Security+ Certification Video Training Course includes 201 Lectures which proven in-depth knowledge on all key concepts of the exam. Pass your exam easily and learn everything you need with our SY0-601: CompTIA Security+ Certification Training Video Course.
Curriculum for CompTIA Security+ SY0-601 Certification Video Training Course
SY0-601: CompTIA Security+ Certification Video Training Course Info:
The Complete Course from ExamCollection industry leading experts to help you prepare and provides the full 360 solution for self prep including SY0-601: CompTIA Security+ Certification Video Training Course, Practice Test Questions and Answers, Study Guide & Exam Dumps.
In this video, we're going to be talking about something called replay attacks. Now, with replay attacks in particular, we're going to be talking about something called a session replay. Now for this one, I'm going to draw you guys a little diagram just to give you guys a good illustration of this. Now, this is really done by sniffing people's traffic. It's mostly done by using a "man in the middle" attack. Now I'm going to actually do a lab with you guys with a man in the middle attack coming up later in the course in the next section, when I'll actually show you guys how to do a man in the middle attack using a particular piece of software and how we can sniff the line and do ARP spoofing. So for now, I just want you guys to get an understanding of how this attack works. So let us go here to my desktop. And where is my desktop button? There you go. All right. I was teaching the class here. Okay, so here we go with a particular session, a session replay attack. Now, a session replay attack basically builds on the concept of stealing someone's session information and replaying an attack against the server. It's a very simple thing. So let's say you have a client machine. Let's say workstation one So this is workstation one, and the workstation wants to talk to the server. SEO: Verify the client wants to authenticate and talk to the server. So at the bottom, you're going to have a hacker listen into the communication between the workstation and the server. So basically, the workstation wants to authenticate to the server. So what the workstation does is that it sends.Now, if you know how passwords work, you basically hash your passwords, right? Passwords are hashed. So what happens at the workstation? Maybe his name is Bob, and let's say his password is all ones, okay? Three or five of them So, this is the hash. This is not his password. It's the hash of his password. So Bob wants to authenticate to the server. So Bob sends his username and password to the server to authenticate as Bob with five ones. But what happens is the hacker sniffs this information, grabs the hash, and then the username. Now, what the hacker does is replay it against the server, telling the server, "Hey, I'm Bob; replace the hash against the server." And the server believes that it's basically workstation one, right? It's Bob who's trying to login to that particular server. So this is the man. This is why you notice it looks like a man-made object. I was about to say that this is a session replay because it's replaying the credentials of Bob against the server. Very similar is "a man in the middle," and "a man in the middle" is what you're going to use to sniff this data to get it again. There's a whole video on that where I do an actual lab with you, and I'm going to show you more of this when I get there. Okay, so you're probably saying to yourself, "Well, how do we fix this?" One of the ways to fix this is to use what are called session tokens. Session tokens now rely on a challenge process in which the server sends workstations in which the server sends "bob" something bob. Then it rehashes it and computes it, then sends it back to the server. The server already knows the hash, and it will fix it. Just know that, in your case, session tokens are a solution. Encryption, of course, can help with this as well. Okay, so for your exam, just know exactly what a replay attack is and particularly session replay.
In this video, we're going to be talking about application programming interface attacks, or API attacks. Now before I get into the attack, it's really important for you guys to know exactly what an API is. This is a term you're going to probably hear a whole lot of. as you go through your IT career because it's something we use a lot. Let me give you an explanation. Here's what an API is. I'm going to give you a really easy explanation that a lot of people use. So let's say you go to a restaurant. Now you go to a restaurant, and you ask them. Now you ask the waitress for a menu. So the waitress comes to you and gives you a menu, and you start to go through the menu. The waitress will now be your procedurequote unquote procedure quarter, able to communicate with the people preparing your food in the back. So in the back of the restaurant, you have the cooks that are actually preparing the food. So you go through the menu and you tell the cook, and you start to tell the waitress, "Well, I want a hamburger and I want some French fries." So she writes it down. She then goes to the back end. She tells the cooks, "Hey, let's say the cook's name is Bob." She says, "Hey Bob, can you get me a hamburger and some French fries for Andrew?" So Bob makes it and gives it back to her. She comes back and gives it to me. That's a good analogy of an API. Now you wonder: What is the API? API, or application programming interface, is a piece of software that lives in the middle, directly between some kind of server database and some kind of application you're using. It's basically an intermediate piece of software between two different pieces of software. So I'll give you guys an example here on my phone. So I'm going to open up my phone here and go to, and you'll see an API that you're probably pretty familiar with. It's a little hard to see that, but this is an API. How do I know? Well, you'll notice that this is the weather app that comes on my Samsung phone here. Now the Samsung No weather. Are they available in the weather? Whoever made this app, are they the ones who provide the weather? Not really. See if I scroll down to the bottom; it's hard to see there. I know it's a little hard to see that, but just trust me. It says so on the Weather Channel. So how is this app-making procedure linked to the actual weather channel database of information? Well, they use an API, right? So, an API is basically how we get different software to communicate with each other. APIs are all around. You go to any kind of booking or vacation site and book a vacation or something. You'll notice that I want airfare. So the website will show you all the airfares and different planes, different companies that have maybe American Airlines, Southwest, or whoever), How is that site getting all this data? Well, that means there's got to be some kind of connection between that popular website, maybe Expedia, and American Airlines. It has to be some kind of API (application programming interface). So that's what an API is, right? It's a piece of software that lies in between them. Now, there are two APIs, and I'm going to go over this very briefly because I don't think you need to know this for your exam. I think you need to go thatfar in for your particular exam. But I'm going to show you quickly. Now, I do cover this in my cloud security class, my CCSP class. But for your exam, I don't think you need to dive much into it. But I'm going to show you our website here. And of course the links will bein, the links will be with video. Here we go. There are two main APIs. There are two types of APIs: soap API and rest API. So Soap API stands for Simple Object Access Protocol. And this one is more XML base.It uses WS security standards, XML encryption, and XML signatures. Is the other rest or representational? State transfer. This one uses more HTTP, HTTP based on the URL, and so on. It supports SSL authentication and https now; there are a lot of threats to the API, and this is the part of it we need to review now that you know what an API is. So there are a few threats that we need to know about. Number one, the man in the middle attacks. There are ways for an attacker to intercept the connection between you and the API and steal the data to obtain sensitive information. Let's say you're booking a let'ssay you're booking an airfare. You put in your credit card information, and you're rebooking that airfare using this particular application. You can steal the data from that application before it hits the actual airfare company or the plane company. There are API injection attacks, something called XSS or SQLi. In this particular one, they're injecting information into the API. So this is cross site scripting,which we talked about previously. So there are also DDoS attacks against the API systems. Again, you need to go into the specifics here. So some people say, "So what are the best practices?" "What can we do to help fix these APIs, right?" So the best practises we can follow here are to ensure we have good authentication. You won't be able to authenticate the user, identify that particular user, and then authorise it. So, authorization ensures that the user has access to the appropriate set of resources and nothing else. If you're giving too much access, then people can get into the API and take control of it or get access to sensitive data that they don't need. Okay, so now that you have a good understanding of APIs, do understand that they are a tax against APIs. Now, APIs are something that we use in many, many apps. Right now, there are APIs that can call for weather services like I did, or call the GPS. You see them all the time when you open the app and it's like, "Hey, show me your location." But don't forget, they are attacks against these particular APIs.
In this video, we're going to be talking about driver manipulation. So what exactly is this? Well, there are two ways to manipulate rivers that we need to know. For example, number one is Shimmin and number two is refactoring. But before I get into that, let's talk about drivers in particular up.So I'm going to go here to my Device Manager just so we can take a look at drivers. So I'm going to right click on my start button. I'm going to go up here to Device Manager. And here you have all the device drivers. So I'm missing a driver on my wireless LAN adapter. No one that wasn't working. Okay, so let's take a look at some different device drivers. You'll notice I have, let's say, a device driver here. And by the way, this is Device Manager. This is an eight plus if you're not sure how to use it. But if I go in here and I go to the video card and I go to driver, it will tell me that I have this version of the driver that's installed; it's from Nvidia that makes it, and it is Windows compatible. Now I do want to say it's a digital signer. So Microsoft's Windows Hardware Compatibility Publisher has digitally signed this driver. That's going to be important to understand. It's coming up in a little while. So, driver manipulation Now there are two things here. Now your Security Plus exam talks about Shiman and refactoring. So let's talk about this. What exactly is it? So first of all, you saw the driver there. Now, drivers are basically what will sit in the operating system and allow the hardware to communicate with the operating system correctly. So the operating system knows how to use the hardware correctly. Drivers operate at a very low level in the operating system, despite having extensive permissions. So drivers require a very low level of integration into the core, basically, of the OS. So what malicious hackers do, or people that write malicious code, is if they can get their code into a driver, then what happens is the operating system will execute that code at a low level. So the first one up we'll talk about is something called "refactoring." So refactoring is essentially when you take this legitimate driver. But the bad thing is that you have to get the source code for the driver. This is not easy. You have to get the source code to the driver, and you're going to rewrite the source code to contain your malicious code and then give it out to users. And they'll install it, thinking they have a legitimate driver. Now they install it, and then the actual operating system starts to use it, thinking it's a legitimate driver. And before I know it, it's actually executing your malicious code or the hacker's malicious code. So let's refactor it. Now, what the shimmin is Shimonis are basically inserting shims. You may insert a Shimano door or something to hold it there. So Shiman takes a legitimate driver and then writes malware around the driver and gives it to the operating system. So the Shim is going to be writing it around it. Now, your operating system does have Shim. Shims are basically things on top of something. So one mode in Windows is Windows Compatibility, in which case you can run programmes in compatibility mode. I'll show you that right away. If you ever have an old programme that you want to run in Windows that's not working correctly, you can actually right-click on the program. You go to properties. You go to compatibility. So this is a type of shim here. In other words, it's going to wrap this older compatibility mode around the application to make it compatible with this version of Windows. So what Shiman does with the drivers is basically take a good driver and write malicious codes around it, then give it to the operating system. The operating system executes the driver, thinking that, you know what, this is a great driver; this is good stuff. But in actuality, it is not only running the driver, but it's also executing the malicious code. So the question would be: How do we fix this? So the way to fix this is to ensure that a lot of the drivers out there are digitally signed. And because the drivers are digitally signed, any manipulation of the driver will be detectable by the operating system. So that's why you always want to make sure when you download drivers, you download them from good sources, such as straight from the manufacturer's website, where they may come with a CD, memory stick, or something like that. When you buy the actual piece of hardware, just don't download drivers from sources that you're not familiar with.
Download Free CompTIA Security+ SY0-601 Practice Test Questions, CompTIA Security+ SY0-601 Exam Dumps
|CompTIA.realtests.SY0-601.v2023-10-17.by.cooper.197q.vce||5||1.82 MB||Nov 10, 2023|
Similar CompTIA Video Courses
Only Registered Members Can Download VCE Files or View Training Courses
Please fill out your email address below in order to Download VCE files or view Training Courses. Registration is Free and Easy - you simply need to provide an email address.
Log into your ExamCollection Account
Please Log In to download VCE file or view Training Course
Only registered Examcollection.com members can download vce files or view training courses.
SPECIAL OFFER: GET 10% OFF
Pass your Exam with ExamCollection's PREMIUM files!
SPECIAL OFFER: GET 10% OFF
Use Discount Code:
A confirmation link was sent to your e-mail.
Please check your mailbox for a message from email@example.com and follow the directions.
Download Free Demo of VCE Exam Simulator
Experience Avanset VCE Exam Simulator for yourself.
Simply submit your e-mail address below to get started with our interactive software demo of your free trial.