Scribd
Upload
152 views17 pages

SecureFlag Lab Catalogue

Uploaded by

amolgcp2022
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
152 views17 pages

SecureFlag Lab Catalogue

Uploaded by

amolgcp2022
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 17

‭●‬ ‭Java‬ ‭●‬ ‭Docker‬

‭●‬ ‭Java / Spring Boot‬ ‭●‬ ‭Kubernetes‬


‭●‬ ‭Java / Spring Boot 3‬ ‭●‬ ‭AWS‬
‭●‬ ‭C#‬ ‭●‬ ‭AWS / Terraform‬
‭●‬ ‭.NET‬ ‭●‬ ‭AWS / CloudFormation‬
‭●‬ ‭.NET / ASP.NET‬ ‭●‬ ‭Azure / Terraform‬
‭●‬ ‭Python‬ ‭●‬ ‭Azure / Bicep‬
‭●‬ ‭Python / Flask‬ ‭●‬ ‭Azure / Resource Manager‬
‭●‬ ‭Python / FastAPI‬ ‭●‬ ‭COBOL‬
‭●‬ ‭JavaScript‬ ‭●‬ ‭Threat Modeling‬
‭●‬ ‭TypeScript‬ ‭●‬ ‭QA Security Testing‬
‭●‬ ‭PHP‬ ‭●‬ ‭QA Security Testing / Selenium‬
‭●‬ ‭PHP / Symfony‬ ‭●‬ ‭QA Security Testing / Python‬
‭●‬ ‭PHP / Laravel‬ ‭●‬ ‭QA Security Testing / Postman‬
‭●‬ ‭Frontend‬ ‭●‬ ‭Go Lang‬
‭●‬ ‭Frontend / Angular‬ ‭●‬ ‭AI/LLM / Prompt Injection‬
‭●‬ ‭Frontend / React‬ ‭●‬ ‭AI/LLM / Langchain‬
‭●‬ ‭Frontend / Vue.js‬ ‭●‬ ‭Smart Contracts / Solidity‬
‭●‬ ‭Kotlin‬ ‭●‬ ‭Exploitation for Developers‬
‭●‬ ‭Kotlin / Spring Boot‬ ‭●‬ ‭CI/CD‬
‭●‬ ‭Pseudocode‬ ‭●‬ ‭CI/CD / Jenkins‬
‭●‬ ‭Scala‬ ‭●‬ ‭SQL‬
‭●‬ ‭Scala / Play‬ ‭●‬ ‭SQL / MySQL‬
‭●‬ ‭Ruby‬ ‭●‬ ‭SQL / PL/SQL‬
‭●‬ ‭Ruby / Rails‬ ‭●‬ ‭SQL / T-SQL‬
‭●‬ ‭Ruby / Sinatra‬ ‭●‬ ‭SQL / PostgreSQL‬
‭●‬ ‭Android‬ ‭●‬ ‭Server Hardening‬
‭●‬ ‭Android / React Native‬ ‭●‬ ‭Server Hardening / Linux‬
‭●‬ ‭Android / Kotlin‬ ‭●‬ ‭Server Hardening / SQL‬
‭●‬ ‭Android / Java‬ ‭●‬ ‭Server Hardening / Web‬
‭●‬ ‭Android / Flutter‬ ‭●‬ ‭Server Hardening / Proxy‬
‭●‬ ‭C‬ ‭●‬ ‭Server Hardening / NoSQL‬
‭●‬ ‭C++‬ ‭●‬ ‭Server Hardening / IoT‬
‭●‬ ‭iOS‬ ‭●‬ ‭Server Hardening / Java‬
‭●‬ ‭iOS / Swift‬ ‭●‬ ‭ABAP‬
‭●‬ ‭iOS / Objective-C‬ ‭●‬ ‭Apex‬
‭●‬ ‭Log Analysis for SOC Analysts (add-on‬ ‭●‬ ‭Security Awareness‬
‭to subscription)‬

‭Public information - Last Updated January 2024‬


‭Audience:‬‭Frontend Developers, Backend Developers,‬‭API Developers, and‬
‭QA Engineers.‬

‭●‬ ‭Abrupt Termination‬ ‭●‬ ‭Dangerous Open Redirect‬


‭●‬ ‭Arbitrary File Access‬ ‭●‬ ‭Directory Traversal‬
‭●‬ ‭Arbitrary File Deletion‬ ‭●‬ ‭Document Upload‬
‭●‬ ‭Arbitrary File Download‬ ‭●‬ ‭Double Free‬
‭●‬ ‭Arbitrary File Upload‬ ‭●‬ ‭Excessive Data Exposure‬
‭●‬ ‭Archive Upload Allow Arbitrary File‬ ‭●‬ ‭Exposed Elasticsearch‬
‭Overwrite‬ ‭●‬ ‭Exposed H2 Console‬
‭●‬ ‭Argument Injection‬ ‭●‬ ‭Exposed JWT Generation‬
‭●‬ ‭Authentication Bypass‬ ‭●‬ ‭Exposed Padding Validation‬
‭●‬ ‭Authorization Bypass‬ ‭●‬ ‭Exposed Sensitive Folder‬
‭●‬ ‭Blind SQL Injection‬ ‭●‬ ‭Exposed Spring Boot Actuators‬
‭●‬ ‭Broken Authentication‬ ‭●‬ ‭File Inclusion‬
‭●‬ ‭Broken Authorization‬ ‭●‬ ‭Format String Injection‬
‭●‬ ‭Broken Input Validation‬ ‭●‬ ‭HTTP Response Splitting‬
‭●‬ ‭Broken JSON Web Token‬ ‭●‬ ‭Heap Overflow‬
‭●‬ ‭Broken Memory Management‬ ‭●‬ ‭Incomplete Admin Authorization‬
‭●‬ ‭Broken OAuth‬ ‭Control‬
‭●‬ ‭Broken Regular Expression Results‬ ‭●‬ ‭Incorrect Access-Control Headers‬
‭●‬ ‭Broken Session Management‬ ‭●‬ ‭Incorrect Content Security Policy‬
‭●‬ ‭Bypass IP-Based Access Control‬ ‭●‬ ‭Incorrect Referrer Policy‬
‭●‬ ‭CSS Injection‬ ‭●‬ ‭Insecure Debug Functionality Exposed‬
‭●‬ ‭Clickjacking‬ ‭●‬ ‭Insecure Design‬
‭●‬ ‭Code Injection‬ ‭●‬ ‭Insecure Direct Object Reference‬
‭●‬ ‭Compromised Passwords Permitted‬ ‭●‬ ‭Insecure Functionality Exposed‬
‭●‬ ‭Cross-Site Request Forgery‬ ‭●‬ ‭Insecure Password Hashing Storage‬
‭●‬ ‭Cross-Site Scripting‬ ‭●‬ ‭Insufficient Input Validation‬
‭●‬ ‭Cross-Site WebSocket Hijacking‬ ‭●‬ ‭Insufficient Logging‬
‭●‬ ‭DOM Cross-Site Scripting‬ ‭●‬ ‭Insufficient Transport Layer Security‬
‭●‬ ‭Integer Overflow‬ ‭●‬ ‭Insufficient postMessage Origin Check‬
‭●‬ ‭Invalidated Iterator‬ ‭●‬ ‭Parameter Tampering‬
‭●‬ ‭JWT "None" Algorithm Permitted‬ ‭●‬ ‭Password Hash Disclosure‬
‭●‬ ‭JWT Expiry Not Checked‬ ‭●‬ ‭Privilege Escalation‬
‭●‬ ‭JWT Signature Not Verified‬ ‭●‬ ‭Prototype Pollution‬
‭●‬ ‭Lack of Content Security Policy‬ ‭●‬ ‭Race Condition‬

‭Public information - Last Updated January 2024‬


‭●‬ ‭Lack of Content-Type Headers‬ ‭●‬ ‭Reflected Cross-Site Scripting‬
‭●‬ ‭Lack of HTML Link Security Attributes‬ ‭●‬ ‭Remote Code Execution‬
‭●‬ ‭Lack of Jailbreak/Root Check‬ ‭●‬ ‭Remote File Inclusion‬
‭●‬ ‭Lack of Resources and Rate Limiting‬ ‭●‬ ‭Reused IV-Key Pair‬
‭●‬ ‭Lack of Sanitization‬ ‭●‬ ‭Reused JWT Secret‬
‭●‬ ‭Lack of Server-side Checks‬ ‭●‬ ‭Reused Secret‬
‭●‬ ‭Lack of Subresource Integrity Check‬ ‭●‬ ‭SQL Injection‬
‭●‬ ‭Leftover Debug Functionality Exposed‬ ‭●‬ ‭Security Misconfiguration‬
‭●‬ ‭Local File Inclusion‬ ‭●‬ ‭Sensitive Information Disclosure‬
‭●‬ ‭Log Injection‬ ‭●‬ ‭Server-Side Request Forgery‬
‭●‬ ‭Mass Assignment‬ ‭●‬ ‭Server Side Template Injection‬
‭●‬ ‭Memory Leak‬ ‭●‬ ‭Server-Side Request Forgery‬
‭●‬ ‭Mismatched Deallocation‬ ‭●‬ ‭Server-Side Template Injection‬
‭●‬ ‭Missing Anti-Brute Force Protection‬ ‭●‬ ‭Session Fixation‬
‭●‬ ‭Missing Common Passwords Check‬ ‭●‬ ‭Session Not Invalidated‬
‭●‬ ‭Missing Rate-Limiting‬ ‭●‬ ‭Stack Overflow Using Sprintf‬
‭●‬ ‭Missing Server Side Encryption‬ ‭●‬ ‭Stack Overflow When Reading Into a‬
‭●‬ ‭Missing Weak Passwords Check‬ ‭Char Array‬
‭●‬ ‭NULL Pointer Dereference‬ ‭●‬ ‭Stack Overflow Using gets‬
‭●‬ ‭NoSQL Injection‬ ‭●‬ ‭Stack Trace Disclosure upon Server‬
‭●‬ ‭Non-const String Literals‬ ‭Error‬
‭●‬ ‭OAuth Account Impersonation‬ ‭●‬ ‭Stored Cross-Site Scripting‬
‭●‬ ‭OAuth Client Secret Disclosure‬ ‭●‬ ‭String Truncation‬
‭●‬ ‭OAuth Cookie Stealing‬ ‭●‬ ‭Type Juggling‬
‭●‬ ‭OAuth Phishing‬ ‭●‬ ‭UI Redressing‬
‭●‬ ‭OS Command Injection‬ ‭●‬ ‭Unauthenticated Account Enumeration‬
‭●‬ ‭Open Redirect‬ ‭●‬ ‭Unauthorized Access to Admin Panel‬
‭●‬ ‭Outdated Package‬ ‭●‬ ‭Unchecked Origin in postMessage‬
‭●‬ ‭PCI Compliance Violation‬ ‭●‬ ‭Unchecked postMessage Origin‬
‭●‬ ‭PII Exposure‬ ‭●‬ ‭Unfinished Account Lockout‬
‭●‬ ‭Padding Oracle‬ ‭●‬ ‭Unprotected Access to Message Board‬
‭●‬ ‭Unrestricted File Upload‬ ‭●‬ ‭Unrestricted File Download‬
‭●‬ ‭Unsafe Deserialization‬ ‭●‬ ‭Unrestricted File Read‬
‭●‬ ‭Use After Free‬ ‭●‬ ‭Weak Cipher Mode‬
‭●‬ ‭Use of Dangerous Functionality‬ ‭●‬ ‭Weak Hashing Algorithm‬
‭●‬ ‭Use of Hardcoded JWT Secret‬ ‭●‬ ‭Weak Password Policy‬
‭●‬ ‭User Not Reauthenticated‬ ‭●‬ ‭XML Entity Expansion‬
‭●‬ ‭Weak Cipher‬

‭More topics on the roadmap…‬

‭Public information - Last Updated January 2024‬


‭Audience:‬‭DevOps Engineers, System Administrators,‬‭Platform Engineers,‬
‭Kubernetes Engineers, Docker Engineers, and CI/CD Engineers‬

‭Server Hardening‬

‭●‬ ‭Argument Injection‬ ‭●‬ ‭Permissive MySQL Remote Access‬


‭●‬ ‭Exposed Database‬ ‭●‬ ‭Poor IP-Based Remote Access Control‬
‭●‬ ‭Exposed JDWP Debug Server‬ ‭●‬ ‭Privilege Escalation‬
‭●‬ ‭Exposed JMX Debug Server‬ ‭●‬ ‭Race Condition‬
‭●‬ ‭Exposed MQTT Server‬ ‭●‬ ‭Readable Credential File‬
‭●‬ ‭Exposed Port‬ ‭●‬ ‭SUID Interpreter‬
‭●‬ ‭Exposed Redis Database‬ ‭●‬ ‭SUID With Path Manipulation‬
‭●‬ ‭Frontjacking‬ ‭●‬ ‭Sudo-Enabled Monitoring Tool‬
‭●‬ ‭Implanted Backdoor‬ ‭●‬ ‭Unencrypted File Transfer Service‬
‭●‬ ‭Insecure MySQL Remote Access‬ ‭●‬ ‭Use of Nginx $uri‬
‭●‬ ‭Insecure Path‬ ‭●‬ ‭Use of Weak Ciphers‬
‭●‬ ‭Insecure Settings‬ ‭●‬ ‭Use of Weak SSL Protocols‬
‭●‬ ‭Lack of TLS Client Authentication‬ ‭●‬ ‭Weak Redis Password‬
‭●‬ ‭Lack of Transport Layer Security‬ ‭●‬ ‭Weak Users Configuration‬
‭●‬ ‭Logging Setting Leading to Information‬ ‭●‬ ‭Writable Cron Script‬
‭Disclosure‬ ‭●‬ ‭Writable Home Directory‬
‭●‬ ‭Misconfiguration That Allows Password‬ ‭●‬ ‭Writable System File‬
‭Transmission‬
‭●‬ ‭Misconfiguration That Allows Remote‬
‭Access‬
‭●‬ ‭Misconfigured Nginx Root Location‬
‭●‬ ‭Off-By-Slash Misconfiguration‬
‭●‬ ‭Permissive MySQL Privileges Lead to‬
‭Arbitrary File Write‬
‭●‬ ‭Permissive MySQL Privileges Lead to‬
‭Password Hash Disclosure‬

‭More topics on the roadmap…‬

‭Public information - Last Updated January 2024‬


‭Kubernetes‬

‭●‬ ‭Blocking Wildcard Ingress Using‬ ‭●‬ ‭Permissive RBAC‬


‭Gatekeeper‬ ‭●‬ ‭Publicly Exposed Kubectl Proxy‬
‭●‬ ‭Broken Authentication‬ ‭●‬ ‭RBAC Misconfiguration Allows‬
‭●‬ ‭Broken Authorization‬ ‭Anonymous Secrets Access‬
‭●‬ ‭Enforcing Resource Limits‬ ‭●‬ ‭Sensitive Information Disclosure‬
‭●‬ ‭Etcd's Certificates Disclosure‬ ‭●‬ ‭Supply Chain Security‬
‭●‬ ‭Exposed Docker Socket‬ ‭●‬ ‭Unrestricted Access to Kubelet API‬
‭●‬ ‭Exposed Internal Service‬ ‭●‬ ‭Use of Dangerous Functionality‬
‭●‬ ‭Exposed Kubelet Read-Only Port‬ ‭●‬ ‭Using Gatekeeper to Block Untrusted‬
‭●‬ ‭Exposed Secrets File‬ ‭Image Repos‬
‭●‬ ‭Improper Use of Namespaces‬ ‭●‬ ‭Writing Basic Ingress Rules With‬
‭●‬ ‭Insecure Functionality Exposed‬ ‭Prometheus‬
‭●‬ ‭Networks‬

‭Docker‬

‭●‬ ‭Container Breakout‬ ‭●‬ ‭Secrets Disclosure‬


‭●‬ ‭Exposed Docker Port‬ ‭●‬ ‭Secrets Exposure‬
‭●‬ ‭Exposed Service Port‬ ‭●‬ ‭Sensitive Information Disclosure‬
‭●‬ ‭Hardcoded Secrets at Build Time‬ ‭●‬ ‭Unrestricted User Privileges‬
‭●‬ ‭Insecure File Inclusion‬
‭●‬ ‭Insecure Functionality Exposed‬
‭●‬ ‭Privilege Escalation‬
‭●‬ ‭Rogue NTP Server Allows Sandbox‬
‭Breakout‬
‭●‬ ‭Secret Disclosure‬
‭●‬ ‭Secrets Disclosure‬
‭●‬ ‭Secrets Exposure‬
‭●‬ ‭Sensitive Information Disclosure‬
‭●‬ ‭Unrestricted User Privileges‬

‭Public information - Last Updated January 2024‬


‭CI/CD‬

‭●‬ ‭Broken Authentication‬ ‭●‬ ‭Unrestricted Jenkins Access‬


‭●‬ ‭Broken Authorization‬ ‭●‬ ‭Build on Controller Node‬
‭●‬ ‭Exposed Jenkins Instance‬ ‭●‬ ‭Build with SYSTEM User‬
‭●‬ ‭Insecure Functionality Exposed‬ ‭●‬ ‭Outdated Plugin‬
‭●‬ ‭Insufficiently Scoped Secrets‬
‭●‬ ‭Open Sign Up Allows for Dangerous‬
‭Control‬
‭●‬ ‭Permissive Read Access‬
‭●‬ ‭Secret Credentials Revealed to‬
‭Authenticated Users‬
‭●‬ ‭Sensitive Information Disclosure‬
‭●‬ ‭Unprivileged Users May Execute‬
‭Commands‬

‭More topics on the roadmap…‬

‭Public information - Last Updated January 2024‬


‭Audience:‬‭Cloud Engineers, AWS Engineers, Azure Engineers,‬‭and DevOps‬
‭Engineers.‬

‭AWS‬

‭●‬ ‭Broken Authentication‬ ‭●‬ ‭Plaintext Secrets Stored‬


‭●‬ ‭Broken Authorization‬ ‭●‬ ‭Publicly Accessible Lambda Function‬
‭●‬ ‭CloudFormation Security‬ ‭●‬ ‭Publicly Callable Lambda‬
‭●‬ ‭IMDSv1‬ ‭●‬ ‭Publicly Writable SQS Queue‬
‭●‬ ‭Incorrect S3 Grants Lead to Web Assets‬ ‭●‬ ‭Restricted IAM User Has Full Lambda‬
‭Compromise‬ ‭Access‬
‭●‬ ‭Insecure Functionality Exposed‬ ‭●‬ ‭S3 Security‬
‭●‬ ‭Insufficient Logging‬ ‭●‬ ‭SNS Security‬
‭●‬ ‭Lack of KMS Encryption‬ ‭●‬ ‭SQS Missing Encryption‬
‭●‬ ‭Lack of KMS Key Usage‬ ‭●‬ ‭SQS Security‬
‭●‬ ‭Lack of KMS Usage‬ ‭●‬ ‭Sensitive Information Disclosure‬
‭●‬ ‭Lack of Logging‬ ‭●‬ ‭Unrestricted AMI Allows Public Access‬
‭●‬ ‭Lack of Password Policy‬ ‭●‬ ‭Unrestricted S3 Public Access‬
‭●‬ ‭Lambda Admin Has Full AWS‬ ‭●‬ ‭Using KMS to Store Plaintext Secrets‬
‭Permissions‬ ‭●‬ ‭Writable SQS Queue‬
‭●‬ ‭Lambda Secrets Stored‬ ‭●‬ ‭Wrong User Policy‬
‭●‬ ‭Load Balancer Running Over HTTP‬
‭●‬ ‭Misconfigured IP-Based SQS Access‬
‭Policy‬
‭●‬ ‭Missing Deny‬
‭●‬ ‭Missing Encryption‬
‭●‬ ‭Missing Group Level Access Control‬
‭●‬ ‭Missing SQS Server-Side Encryption‬
‭●‬ ‭Missing Server Side Encryption‬
‭●‬ ‭No Logging of Events‬
‭●‬ ‭Over Privileged Lambda IAM Admin‬
‭●‬ ‭Permissive Action‬
‭●‬ ‭Permissive S3 ACL Leaks Vendor Names‬

‭Public information - Last Updated January 2024‬


‭Azure‬

‭●‬ ‭Broken Authentication‬ ‭●‬ ‭Misconfigured Immutable Storage‬


‭●‬ ‭Broken Authorization‬ ‭●‬ ‭Disabled Secure Transfer in Storage‬
‭●‬ ‭Insufficient Certificate Key Size‬ ‭●‬ ‭Missing redirection to HTTPS in Web‬
‭●‬ ‭Missing Storage Double Encryption‬ ‭Apps‬
‭●‬ ‭Outdated Transport Security Settings‬ ‭●‬ ‭Missing HTTP Logging in App Service‬
‭●‬ ‭Publicly Accessible Certificates Storage‬ ‭●‬ ‭Lack of Soft Delete in Storage‬
‭●‬ ‭Lack of Alerts‬ ‭●‬ ‭Exposed UDP Ports‬
‭●‬ ‭Over-Privileged Monitoring Role‬
‭●‬ ‭Permissive Action‬
‭●‬ ‭Missing Key Vault Secret Key Expiration‬
‭●‬ ‭Missing Key Vault Encryption Key‬
‭Expiration‬
‭●‬ ‭Lack of Resource Lock‬
‭●‬ ‭Misconfigured TLS in Flexible Database‬
‭Server‬
‭●‬ ‭Lack of In-Transit Encryption in Flexible‬
‭Database Server‬
‭●‬ ‭Weak Network Security Group‬
‭●‬ ‭Exposed NetBIOS Access‬
‭●‬ ‭Exposed RDP Access‬
‭●‬ ‭Outdated Framework Version in App‬
‭Service‬

‭More topics on the roadmap…‬

‭Public information - Last Updated January 2024‬


‭Audience:‬‭Mobile Developers, Android Developers, and‬‭iOS Developers.‬

‭●‬ ‭API Key Leak‬ ‭●‬ ‭Insufficient Transport Layer Security‬


‭●‬ ‭Application Allows Backup of Sensitive‬ ‭●‬ ‭Intent Redirection‬
‭Data‬ ‭●‬ ‭Lack of Certificate Pinning‬
‭●‬ ‭Authentication Bypass‬ ‭●‬ ‭Lack of Jailbreak/Root Check‬
‭●‬ ‭Authorization Bypass‬ ‭●‬ ‭Lack of Root Check‬
‭●‬ ‭Authorization Header Sent Over‬ ‭●‬ ‭Missing Emulation Check‬
‭Insecure HTTP Connection‬ ‭●‬ ‭Missing Root Check‬
‭●‬ ‭Broken Authentication‬ ‭●‬ ‭NoSQL Injection‬
‭●‬ ‭Broken Authorization‬ ‭●‬ ‭Non-Obfuscated Release APK‬
‭●‬ ‭Directory Traversal‬ ‭●‬ ‭Non-obfuscated APK‬
‭●‬ ‭Exported Components‬ ‭●‬ ‭SQL Injection‬
‭●‬ ‭Exposed Backend URL‬ ‭●‬ ‭Secrets Disclosure‬
‭●‬ ‭Extraneous Functionality‬ ‭●‬ ‭Sensitive Activity Exported‬
‭●‬ ‭HTML Manipulation‬ ‭●‬ ‭Sensitive Information Disclosure‬
‭●‬ ‭Hardcoded Credentials‬ ‭●‬ ‭Unrestricted File Download‬
‭●‬ ‭Hardcoded Encryption Key‬ ‭●‬ ‭Unsecured Content Provider‬
‭●‬ ‭Information Leakage‬ ‭●‬ ‭Unsecured WebView‬
‭●‬ ‭Insecure Authentication‬ ‭●‬ ‭Weak Host Validation‬
‭●‬ ‭Insecure Broadcast Receiver‬
‭●‬ ‭Insecure Communication‬
‭●‬ ‭Insecure File Paths‬
‭●‬ ‭Insecure Functionality Exposed‬
‭●‬ ‭Insecure Token Storage‬
‭●‬ ‭Insufficient Cryptography‬

‭More topics on the roadmap…‬

‭Public information - Last Updated January 2024‬


‭Audience:‬‭SOC Analysts and Threat Hunters.‬

‭●‬ ‭Access Token Manipulation‬ ‭●‬ ‭Introduction to Malware Analysis‬


‭●‬ ‭Account Discovery‬ ‭●‬ ‭Introduction to the Elastic Stack‬
‭●‬ ‭Achieving Remote Execution with WMI‬ ‭●‬ ‭Kerberoasting and Silver Ticket‬
‭●‬ ‭Alan: injection into a legitimate process‬ ‭●‬ ‭Kill-Chain Model‬
‭●‬ ‭Analyze binary behavior with‬ ‭●‬ ‭Kill-Chain Model & Diamond Model‬
‭speakeasy‬ ‭Comparison‬
‭●‬ ‭Analyze binary with objdump‬ ‭●‬ ‭LDAP Domain Discovery‬
‭●‬ ‭Analyzing Malware Network Traffic‬ ‭●‬ ‭LOLBAS: AppLocker Bypass‬
‭●‬ ‭Analyzing malware network traffic‬ ‭●‬ ‭MITRE ATT&CK Containers Matrix‬
‭●‬ ‭Analyzing malware persistence‬ ‭●‬ ‭Maintain access through Golden Ticket‬
‭●‬ ‭Application Layer Protocol‬ ‭●‬ ‭Malicious email extensions analysis‬
‭●‬ ‭Binary format‬ ‭●‬ ‭Malware Behaviours‬
‭●‬ ‭Binary's .text section analysis‬ ‭●‬ ‭Malware Functionalities‬
‭●‬ ‭Brute Force‬ ‭●‬ ‭Man‬
‭●‬ ‭Building an Open Source SOAR‬ ‭●‬ ‭Man-in-the-Middle‬
‭●‬ ‭CERT versus CSIRT‬ ‭●‬ ‭Management Plan‬
‭●‬ ‭Calculate hashes of a given file‬ ‭●‬ ‭Masquerading‬
‭●‬ ‭Code Injection‬ ‭●‬ ‭Memory dump importance for IoC‬
‭●‬ ‭Collecting logs with Sysmon‬ ‭auditing‬
‭●‬ ‭Common Persistence Techniques‬ ‭●‬ ‭Metrics for team evaluation‬
‭●‬ ‭Comparing Malware Signatures‬ ‭●‬ ‭Models Comparison‬
‭●‬ ‭Computer Security Incident Handling‬ ‭●‬ ‭Modern SOC‬
‭●‬ ‭Containers‬ ‭●‬ ‭Monitoring logs with Sigma‬
‭●‬ ‭Credential Dumping: DCSync‬ ‭●‬ ‭Network Communication‬
‭●‬ ‭Credential Theft‬ ‭●‬ ‭OS Credential Dumping‬
‭●‬ ‭Cyber Threat Intelligence‬ ‭●‬ ‭OS Exhaustion Flood‬
‭●‬ ‭Cyber Threat Intelligence Platforms‬ ‭●‬ ‭Obfuscation‬
‭●‬ ‭Defensive Technologies‬ ‭●‬ ‭Operating Procedures‬
‭●‬ ‭Detecting Backdoor in Linux‬ ‭●‬ ‭Orchestrators‬
‭Environment‬ ‭●‬ ‭PE format‬
‭●‬ ‭Detecting Business Email Compromise‬ ‭●‬ ‭Packers‬
‭●‬ ‭Detecting Remote Access Software‬ ‭●‬ ‭Parse Executable Header with readelf‬
‭installed as a service‬ ‭command‬
‭●‬ ‭Detecting Remote Access Software‬ ‭●‬ ‭Password Spraying against LDAP and‬
‭network activity‬ ‭Kerberos‬

‭Public information - Last Updated January 2024‬


‭●‬ ‭Detecting Windows Persistence‬ ‭●‬ ‭Identifying backdoor‬
‭Technique‬ ‭●‬ ‭Identifying known malware with YARA‬
‭●‬ ‭Detecting a compromised container‬ ‭●‬ ‭Password Spraying against SMTP‬
‭performing a DOS attack‬ ‭●‬ ‭Phishing‬
‭●‬ ‭Detecting evidences with YARA‬ ‭●‬ ‭Playbook - Phishing‬
‭●‬ ‭Detecting malicious Cryptominer‬ ‭●‬ ‭Privilege Escalation‬
‭●‬ ‭Detecting malicious USB HID attacks‬ ‭●‬ ‭Privilege Escalation inside a container‬
‭●‬ ‭Detecting phishing with Sigma‬ ‭with Dirty Pipe vulnerability‬
‭●‬ ‭Detection Swiss Knife‬ ‭●‬ ‭Process Injection‬
‭●‬ ‭Diamond Model‬ ‭●‬ ‭Remote Access Software‬
‭●‬ ‭Difference between program and‬ ‭●‬ ‭Remote Code Execution‬
‭process‬ ‭●‬ ‭Resource Hijacking‬
‭●‬ ‭Dynamic Analysis‬ ‭●‬ ‭Retrieve DLL‬
‭●‬ ‭ELF format‬ ‭●‬ ‭Retrieve information‬
‭●‬ ‭Email attachment hash analysis‬ ‭●‬ ‭Retrieving STIX data with Python‬
‭●‬ ‭Escape to Host‬ ‭●‬ ‭SOC versus MDR versus MSSP‬
‭●‬ ‭Escape to host‬ ‭●‬ ‭SOC, CSIRT & CERT teams‬
‭●‬ ‭Event Classification‬ ‭●‬ ‭Sandboxes‬
‭●‬ ‭Event Log Clearing‬ ‭●‬ ‭Scheduled Task/Job‬
‭●‬ ‭Exfiltration Over Alternative Protocol‬ ‭●‬ ‭Security Incident Management Process‬
‭●‬ ‭Exfiltration Over‬ ‭●‬ ‭Security Incident Reporting‬
‭Unencrypted/Obfuscated protocol‬ ‭●‬ ‭Security Orchestration, Automation,‬
‭towards C2‬ ‭and Response‬
‭●‬ ‭Exploit Public-Facing Application‬ ‭●‬ ‭Sharing Cyber Threat Intelligence‬
‭●‬ ‭Exploitation for Privilege Escalation‬ ‭●‬ ‭Sigma‬
‭●‬ ‭Exploitation of Remote Services‬ ‭●‬ ‭Signed Binary Proxy Execution‬
‭●‬ ‭Exploiting PetitPotam vulnerability‬ ‭●‬ ‭Static Analysis‬
‭●‬ ‭Exploiting PrintNightmare Vulnerability‬ ‭●‬ ‭Steal or Forge Kerberos Tickets‬
‭●‬ ‭Exploiting Zerologon vulnerability‬ ‭●‬ ‭Suspicious mail header‬
‭●‬ ‭Extract Malicious DLL Path‬ ‭●‬ ‭Technologies‬
‭●‬ ‭Extract indicators‬ ‭●‬ ‭The Computer Security Incident‬
‭●‬ ‭Extract strings with strings command‬ ‭Response Team‬
‭●‬ ‭Extracting TTPs‬ ‭●‬ ‭The Elastic Stack‬
‭●‬ ‭Extracting TTPs from a CTI report‬ ‭●‬ ‭The MITRE ATT&CK Framework‬
‭●‬ ‭Extracting TTPs from raw data‬ ‭●‬ ‭The Security Operations Centre‬
‭●‬ ‭Extracting Ursnif configuration‬ ‭●‬ ‭Threat Actors, Thread Impacts, and‬
‭●‬ ‭File Identification‬ ‭how to map them‬
‭●‬ ‭File type identification‬ ‭●‬ ‭Types of Binary Analysis‬
‭●‬ ‭Gaining initial access within a network‬ ‭●‬ ‭Using TTPs in Cyber Threat Intelligence‬
‭●‬ ‭Hardware Additions‬ ‭●‬ ‭Using containers with Docker‬
‭●‬ ‭Hashing Functions‬ ‭●‬ ‭Windows Management‬
‭●‬ ‭Identification of known malware‬ ‭Instrumentation‬

‭Public information - Last Updated January 2024‬


‭●‬ ‭Identifying Compressed Malware‬ ‭●‬ ‭YARA‬
‭●‬ ‭Identifying obfuscated malware‬
‭●‬ ‭Incident Management‬
‭●‬ ‭Indicator Removal on Host‬
‭●‬ ‭Intelligence‬
‭●‬ ‭Intro Threat‬

‭More topics on the roadmap…‬

‭Public information - Last Updated January 2024‬


‭Audience:‬‭Technical Managers, Program Managers, Project‬‭Managers, and‬
‭Information Security Managers.‬

‭●‬ ‭Safe Home Working (Video + Knowledge Base Article)‬


‭●‬ ‭Safe Internet (Video + Knowledge Base Article)‬
‭●‬ ‭Mobile Device Security (Video + Knowledge Base Article)‬
‭●‬ ‭Physical Devices Security (Video + Knowledge Base Article)‬
‭●‬ ‭Malware (Video + Knowledge Base Article)‬
‭●‬ ‭Phishing (Video + Knowledge Base Article)‬
‭●‬ ‭Cyber Fundamentals (Video + Knowledge Base Article)‬
‭●‬ ‭Account Takeover (Video + Knowledge Base Article)‬
‭●‬ ‭Data Breach (Video + Knowledge Base Article)‬
‭●‬ ‭Ransomware (Video + Knowledge Base Article)‬
‭●‬ ‭CEO Impersonation Fraud (Video + Knowledge Base Article)‬
‭●‬ ‭Data Protection and GDPR (Video + Knowledge Base Article)‬
‭●‬ ‭Online Self Defence (Video + Knowledge Base Article)‬
‭●‬ ‭Password Security (Video + Knowledge Base Article)‬
‭●‬ ‭Identity Theft (Video + Knowledge base Article)‬
‭●‬ ‭Credit Card Fraud (Video + Knowledge Base Article)‬
‭●‬ ‭Online Shopping (Video + Knowledge Base Article)‬
‭●‬ ‭Social Media Security (Video + Knowledge Base Article)‬
‭●‬ ‭Social Engineering (Video + Knowledge Base Article)‬
‭●‬ ‭Passphrases (Video + Knowledge Base Article)‬
‭●‬ ‭Spear Phishing (Video + Knowledge Base Article)‬

‭More topics on the roadmap…‬

‭Public information - Last Updated January 2024‬


‭Audience:‬‭Technical Managers, Program Managers,‬‭Project Managers, and‬
‭Information Security Managers.‬

‭●‬ ‭Web Security (Knowledge Base Article)‬


‭●‬ ‭What Is OWASP? (Knowledge Base Article)‬
‭●‬ ‭Broken Authorization (Video + Knowledge Base Article + Pseudocode Lab)‬
‭Broken Cryptography (Video + Knowledge Base Article + Pseudocode Lab)‬
‭●‬ ‭SQL Injections (Video + Knowledge Base Article + Pseudocode Lab)‬
‭●‬ ‭Insecure Design (Video + Knowledge Base Article + Pseudocode Lab)‬
‭●‬ ‭Broken Authentication (Video + Knowledge Base Article + Pseudocode Lab)‬
‭●‬ ‭Security Misconfiguration (Video + Knowledge Base Article + Pseudocode Lab)‬
‭●‬ ‭Insufficient Logging & Monitoring (Video + Knowledge Base Article + Pseudocode‬
‭Lab)‬

‭More topics on the roadmap…‬

‭Public information - Last Updated January 2024‬


‭Audience:‬‭Developers, DevOps Engineers,‬‭QA Engineers, Program Managers,‬
‭Technical Managers, Project Managers, and Information Security Managers.‬

‭●‬ ‭Secure SDLC Essentials (14 Chapters)‬


‭●‬ ‭Secure Software Concepts (17 Chapters)‬
‭●‬ ‭Secure Software Requirements (12 Chapters)‬
‭●‬ ‭Secure Software Design (8 Chapters)‬
‭●‬ ‭Secure Software Implementation (5 Chapters)‬
‭●‬ ‭Secure Software Testing (10 Chapters)‬
‭●‬ ‭Secure Software Acceptance (7 Chapters)‬
‭●‬ ‭Secure Software Operations (11 Chapters)‬
‭●‬ ‭Supply Chain & Software Acquisitions (10 Chapters)‬

‭More topics on the roadmap…‬

‭Public information - Last Updated January 2024‬


‭Public information - Last Updated January 2024‬

You might also like