ITPro.TV: CompTIA Security+ (SY0-601) & TryHackMe: Jr. Penetration Tester

ITPro.TV: CompTIA Security+ (SY0-601)

Vulnerability Scans

Nothing new here if you’ve ever been in charge of Nessus/Tenable.io

SIEM And SOAR Systems

SIEM: Security Information and Event Management

SIEMs aggregate, normalize, store, and provide tools to aid in analysis of logs. Sensor data can also be included in the mix. Many SIEMs also pull in external threat intelligence feeds these days; these can then be correlated and searched along with internal logs/data. Sentiment analysis can be included in modern systems.

SOAR: Security Orchestration Automation Response

Basically, a SOAR is a SIEM with automation (or sometimes a plugin or adjunct application to an existing SIEM).

ITPro.TV ends out this episode by demoing Security Onion, which appears to be an open-source SIEM.

Pentesting Techniques

The difference between a vulnerability assessment and a penetration test ultimately lies in whether you attempt to exploit the discovered vulnerabilities.

Another way to think about the blackbox/whitebox distinction: Are you acting as an external attacker (blackbox) or an insider threat (whitebox)?

Phases:

Pentesting Exercise Types

Red teams within organizations typically are less restricted than external pentesters. They have specific goals (not just “identify exploitable vulnerabilities”, but something more like “obtain access to X”) and a lot more latitude.

Purple teams are most common in smaller organizations with constrained resources.

TryHackMe: Jr. Penetration Tester

Introduction to Vulnerabilties

OS/Software vulnerabilities are the most likely to result in privesc.

Scoring Vulnerabilities (CVSS & VPR)

That said, only ~20% of vulnerabilities have an actual exploit, and only ~2% are actually exploited in the wild.

Vulnerability Databases

Finding Manual Exploits