Scribd
Upload
66 views152 pages

Conptia Security Study Guide SYO-601

The document is a comprehensive study guide for the CompTIA Security+ exams (SY0-601 and SY0-701), covering various aspects of information security including frameworks, threat actors, security assessments, and incident response procedures. It outlines key concepts such as the CIA triad, security roles, and responsibilities, as well as technical, operational, and managerial security controls. Additionally, it addresses regulations, standards, and the importance of secure network and application designs.

Uploaded by

makhokhaashley
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF or read online on Scribd
66 views152 pages

Conptia Security Study Guide SYO-601

The document is a comprehensive study guide for the CompTIA Security+ exams (SY0-601 and SY0-701), covering various aspects of information security including frameworks, threat actors, security assessments, and incident response procedures. It outlines key concepts such as the CIA triad, security roles, and responsibilities, as well as technical, operational, and managerial security controls. Additionally, it addresses regulations, standards, and the importance of secure network and application designs.

Uploaded by

makhokhaashley
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF or read online on Scribd
You are on page 1/ 152
Comptia Security + (Syo-601 & Syo - 701) Exam Study Guide Table of Contents Section 1 - Intro To Information Security And Security Roles & Responsibilities 11 Introduction To Information Security 1.2 Cybersecurity Framework 13 Security Roles & Responsibilities 14 Security Control Categories 1.5 Security Control Functional Types 1.6 Iso And Cloud Frameworks 1.7 Bench Marks & Secure Configuration Guides 1.8 Regulations, Standards & Legislation Section 2- Explaining Threat Actors And Threat Vectors 21 Vulnerability, Threat And Risk 22 Attributes Of Threat Actors 23 Threat Actors 24 Attack Surface & Attack Vectors 25 Threat Research Sources 26 Threat Intelligence Providers 27 Tactics, Techniques & Procedures 2.8 Threat Data Feeds Section 3- Performing Security Assessments 3.1 Network Reconnaissance Tools 3.2 Other Reconnaissance & Discovery Tools 3.3 Weak Host & Network Configurations 3.4 Vulnerability Impacts 3.5 Third Party Risks 36 Pen Test Attack Life Cycle Section 4 - Social Engineering Techniques & Malware 4.- Intro To Social Engineering 422 - Malware Classification 43 - Computer Viruses 4.4~ Computer Worms & Fileless Malware 45 - Spyware, Keyloggers, Rootkits, Backdoors, Ransomware & Logic Bombs 4.6 - Malware Indicators & Process Analysis Section 5 - Cryptographic Concepts, Hashing, Ciphers & Encryption 5.1- Introduction To Cryptography And Hashing 5.2- Encryption 5.3 - Cryptographic Modes Of Operation & Cipher Suites worvra 10 10 v 2 B 4 4 6 6 16 16 7 7 9 9 20 2B 24 24 27 28 29 30 a a 32 35 5.4 - Cryptographic Use Cases 36 55 - Longevity, Salting , Stretching & Other Types Of Cryptographic Technologies 36 Section 6 - Implementing Public Key Infrastructure 6.1- Certificates, Pkis, Ras & Csrs 62 - Digital Certificates, 63 - Key Management 64 - Certificate Management Section 7- Authentication Design Concepts 71 - Identity Access Management 7.2- Authentication Factors, Design And Attributes 7.4 - Authentication Technologies And Protocols 75 - Biometric Authentication Section 8- Identity and Management Controls 8,1 - Identity Management Controls 8.2 - Account Attributes & Access Policies 8.3 - Authorization Solutions - Part 1 8.4- Authorization Solutions - Part 2 85 - Personnel Policies Section 9 - Implementing Secure Network Designs 9.1 - Secure Network Designs 9.2 - Network Segmentation, Topology & Dmzs 93 - Secure Switching And Routing 9.4 - Routing & Switching Protocols 9.5 - Wi-Fi Authentication Methods 9.6 - Network Attacks 9.7 - Network Attacks Mitigation Section 10 - Firewalls and Proxy Servers 10.1 - Firewalls 10.2 - Firewall Implementation 10.3 - ACLs, Nat & Virtual Firewalls, 10.4 - Network Security Monitoring 10.5 - Monitoring Services & Siem Section 11 - Implement Secure Network Operations Protocols 11.1 - Secure Network Operations Protocols 11.2 - Dns Security, Directory Services & Snmp_ 113 - Secure Application Operations Protocols 11.4 - Remote Access Architecture Section 12 - Implement Host Security Solutions 38 38 40 4B BSERRR 50 50 54 56 BEBS 6 64 66 SBBS n 74 75 76 76 78 80 80 83 12. - Hardware Root Of Trust & Boot Integrity 83 12.2 - Disk Encryption 84 123 - Third-Party Risk Management & Security Agreements 85 12.4 - Endpoint Security 86 12.5 - Embedded Systems. 87 12.6 - Industrial Control Systems & Internet Of Things 89 12.7 - Specialized Systems 89 Section 13 - Implement Secure Mobile Solutions 90 13.1 - Mobile Device Management 90 13.2 - Secure Mobile Device Connections, 3 Section 14 - Application Attacks 94 14.1 - Privilege Escalation & Error Handling 94 14.2 - Overfiows, Resource Exhaustion, Memory Leaks & Race Conditions 95 14.3 - Uniform Resource Locator Analysis & Percent Encoding 97 14.4 - Api & Replay Attacks, Cross-Site Request Forgery, Clickjacking & Ssl Strip Attacks 99 14.5 - Injection Attacks 101 146 - Secure Coding Techniques 102 147 - Implementing Secure Script Environments 104 14.8 - Deployment And Automation Concepts 106 Section 15 - Implement Secure Cloud Solutions no 15.1- Cloud Deployment Models no 15.2 - Virtualization Techs & Hypervisor Types m 153 - Cloud Security Solutions m2 15.4 - Infrastructure As Code Concepts ms Section 16 - Data Privacy & Protection Concepts u7 16.1 - Privacy & Sensitive Data Concepts 17 16.2 - Data Sovereignty, Privacy Breaches & Data Sharing 9 16.3 - Privacy And Data Controls 1 Section 17 - Incident Response Procedures 123 171 - Incident Response Process 123 172 - Cyber Incident Response Team 123 173 - Incident Response Plan 124 17.4 - Incident Response Exercises, Recovery And Retention Policy 126 175 - Incident Identification 127 176 - Mitigation Controls 130 Section 18 - Digital Forensics 132 18.1 - Digital Forensics Documentation 132 18.2 - Digital Forensics Evidence Acquisition 134 Section 19 - Risk Management Processes & Concepts 19. - Risk Management Process 19.2 - Risk Controls 193 - Business Impact Analysis, Section 20 - Implement Cyber Security Resilience 20.1- Implementing Redundancy Strategies 20.2 - Backup Strategies & Storage 20.3 - Cyber Security Resilient Strategies Section 21 - Implement Physical Security 211 - Physical Security Controls 21.2 - Physical Host Security Controls 37 37 138 140 143 143 145 147 150 150 152 Section 1 - Intro To Information Security And Security Roles & Responsibilities 1.1 Introduction To Information Security Information security is based on the cia and dad triads. information and cyber security professionals strive to accomplish the cia triad. * Confidentiality - data is accessed by only those with the right permit and can be achieved with the use of encryption, passwords, biometrics, 2fa and so on. * integrity - this ensures that data has not been tampered or altered in any way with the use of hashing, checksums etc * availability - data and resources are available to be accessed or shared at all times. This can be achieved with network access, server and data availability. Black hat hackers and cyber criminals aim for the dad triad. * disclosure - here data is accessed by non-authorized users with the use of trojans, brute force attacks and theft * alteration - this means data has been compromised or tampered with. This can be attained by malware, viruses and attacks like sql injection. * deniability - this means data is not made available to those who need it with the use of attacks like dos and ddos as well as ransomware. Non-repudiation - means a subject cannot deny something such as creating, modifying or sending a resource. 1.2 Cybersecurity Framework Information security and cyber tasks can be classified as five functions following the framework developed by the national institute of standards and technology (nist). The Nist Framework Has 5 Parts 9 Identify - Evaluate Risks, Threats & Vulnerabilities And Recommend Security Controls To Mitigate Them. Protect - Procure/Develop, Install, Operate And Decommission It Hardware & Software Assets With Security As An Embedded Requirement At Every Stage. Detect - Perform Ongoing Proactive Monitoring To Ensure That Security Controls Are Effective And Capable Of Protection Against New Types Of Threats. Respond - Identify, Analyze, Contain And Eradicate Threats To Systems And Data Security Recover - implement Cyber Security Resilience To Restore Systems And Data If Other Controls Are Unable To Prevent Attacks 1.3 Security Roles & Responsibilities Security Professionals Must Be Competent In A Wide Range Of Disciplines From Network To Application Design And Procurement Of Security Resources. Participate In Risk Assessments Source, Install And Configure Security Devices And Software Set Up And Maintain Document Access Control Monitor Audit Logs And Review User Privileges Manage Security-Related Incident Response And Reporting Create And Test Business Continuity And Disaster Recovery Plans Participate In Security Training And Education Programs Asecurity policy is a formalized statement that defines how security will be implemented within an organization and can contain multiple individual policies. Overall internal responsibility might be allocated to a dedicated department run by a director of security, chief security officer or chief information security officer Managers may have responsibility for a domain such as building control, ict or even accounting. Security Operations Center (Soc) - This Is A Location Where Security Professionals Monitor And Protect Critical Information Assets Across Other Business Functions Such As Finance, Operations And Marketing. Typically Employed By Larger Corporations Such As Government Agencies Or A Healthcare Company. 9 Devsecops - Devopsis a cultural shift within an organization to encourage much more collaboration between developers and system admins. Devsecops extends the boundary to security specialists reflecting the principle that security is a primary consideration at every stage of software development (known as shift left) Incident Response - A Dedicated Cyber Incident Response Team (Cirt) / Computer Security Incident Response Team (Csirt) / Computer Emergency Response Team (Cert) As A Single Point-Of-Contact For The Notification Of Security Incidents. 1.4 Security Control Categories A Security Control Is Something Designed To Give A System Or Digital Asset The Properties Of Cia & Non-Repudiation. There Are Three Main Security Control Categories * Technical - Implemented As A System Such As Firewalls, Anti-Malware And Os Access Control. They Can Also Be Referred To As Logical Controls. * Operational - Implemented Primarily By People Rather Than Systems E.G Security Guards And Training Programs * Managerial - These Controls Give Oversight Of The Information System E.G Risk Identification Tools Or Security Policies. 1.5 Security Control Functional Types ‘* Preventive - These Controls Act To Eliminate Or Reduce The Likelihood That An Attack Can Succeed E.G Acls, Anti-Malware. Directives And Standard Operating Procedures (Sops) Can Be Regarded As Administrative Versions Of Preventative Controls. * Detective - These Controls May Not Deter Access But Will Identify And Record Any Attempted Or Successful Intrusion E.G Logs & Audits * Corrective - These Controls Act To Eliminate Or Reduce The Impact Of An Intrusion Event E.G Backups And Patch Management. * Physical - These Include Alarms, Security Cameras And Guards And Can Be Used To Deter Physical Access To Premises And Hardware * Deterrent - These Controls Can Psychologically Discourage An Attacker From Attempting An Intrusion E.G Signs And Warnings Of Legal Penalties. * Compensating - These Controls Serve As A Substitute For A Principal Control By A Security Standard And Affords The Same (Or Better) Level Of Protection But Uses A Different Methodology Or Technology. 1.6 ISO and Cloud Frameworks Iso 27k - The International Organization For Standardization (Iso) Has Produced A Cybersecurity Framework In Conjunction With The International Electrotechnical Commission (lec). Unlike The Nist Framework, The Iso 27001 Must Be Purchased. The Iso 27001 Is Part Of An Overall 27000 Series Of Information Security Standards Also Known As 27k. There Are 3 Main Versions Of The Iso 27k * 27002 - Security Controls 27017 & 27018 - Cloud Security 27701 - Personal Data & Privacy Iso 31k - This Is An Overall Framework For Enterprise Risk Management (Erm). Erm Considers Risks And Opportunities Beyond Cybersecurity By Including Financial, ‘Customer Service And Legal Liability Factors. Cloud Security Alliance (Csa) - The Not-For-Profit Organization Produces Various Resources To Assist Cloud Service Providers (Csp) In Setting Up And Delivering Secure Cloud Platforms. * Security Guidance - A Best Practice Summary Analyzing The Unique Challenges Of Cloud Environments And How On-Premises Controls Can Be Adapted To Them. «Enterprise Reference Architecture - Best Practice Methodology And Tools For Csps To Use In Architecting Cloud Solutions. * Cloud Controls Matrix - Lists Specific Controls And Assessment Guidelines That Should Be Implemented By Csps. Statements On Standards For Attestation Engagements (Ssae) - the SSAE are audit specifications developed by the american institute of certified public accountants (aicpa). These audits are designed to assure consumers that service providers (notably cloud providers) meet professional standards. Within Ssae No. 18, There Are Several Levels Of Reporting: Service Organization Control (Soc2) - Soc2 Evaluates The Internal Controls Implemented By The Service Provider To Ensure Compliance With Trust Services Criteria (Tse) When Storing And Processing Customer Data, ‘An Soc Type 1 Report Assesses The System Design, While A Type 2 Report Assesses The Ongoing Effectiveness Of The Security Architecture Over A Period Of 6-12 Months. Soc2 Reports Are Highly Detailed And Designed To Be Restricted. Soc 3 - A Less Detailed Report Certifying Compliance With Soc2. They Can Be Freely Distributed. 1.7 Bench Marks & Secure Configuration Guides Although frameworks provide a "high-level" view of how to plan its services, they generally don't provide detailed implementation guidance. Ata system level, the deployment of servers and applications is covered by benchmarks and secure configuration guides. Center For Internet Security (Cis) Anon profit organization that publishes the well-known (the cis critical security controls). They also produce benchmarks for different aspects of cybersecurity e.g benchmarks for compliance with it frameworks include pci dss and iso 27000. There are also product-focused benchmarks such as windows desktop, windows server, macos and web & email servers. Os/Network Appliance Platform/Vendor-Specific Guides Operating System (Os) Best Practice Configuration Lists The Settings And Controls That Should Be Applied For A Computing Platform To Work In Defined Roles Such ‘As Workstation, Server, Network Switch/Router Etc. Most Vendors Will Provide Guides, Templates And Tools For Configuring And Validating The Deployment Of Network Appliances And Operating Systems And These Configurations Will Vary Not Only By Vendor But By Device And Version As Well. * Department Of Defense Cyber Exchange Provides Security Technical Implementation Guides (Stigs) With Hardening Guidelines For A Variety Of Software And Hardware Solutions. * National Checklist Program (Ncp) By Nist Provides Checklists And Benchmarks For A Variety Of Operating Systems And Applications. Application Servers Most Application Architectures Use A Client/Server Model Which Means Part Of The Application Is A Client Software Program Installed And Run On Separate Hardware To The Server Application Code. Attacks Can Therefore Be Directed At The Client, Server Or The Network Channel Between Them. Open Web Application Security Project (wasp) Aon Profit Online Community That Publishes Several Secure Application Development Resources Such As The Owasp Top 10 That Lists The Most Critical Application Security Risks. 1.8 Regulations, Standards & Legislation Key Frameworks, Benchmarks And Configuration Guides May Be Used To Demonstrate Compliance With A Country's Legal Requirements. Due Diligence Is A Legal Term Meaning That Responsible Persons Have Not Been Negligent In Discharging Their Duties. * Sarbanes-Oxley Act (Sox) Mandates The Implementation Of Risk Assessments, Internal Controls And Audit Procedures. * The Computer Security Act (1987) Requires Federal Agencies To Develop Security Policies For Computer Systems That Process Confidential Information. ‘* In 2002, The Federal Information Security Management Act (Fisma) Was Introduced To Govern The Security Of Data Processed By Federal Government Agencies. ‘Some Regulations Have Specific Cybersecurity Control Requirements While Others Simply Mandate "Best Practice" As Represented By A Particular Industry Or International Framework. Personal Data And General Data Protection Regulation (GDPR) This legislation focuses on information security as it affects privacy or personal data. 9 GDPR means that personal data cannot be collected, processed or retained without the individual's informed consent. ‘Compliance issues are complicated by the fact that laws derive from different sources e.g gdpr does not apply to american data subjects but it does apply to american companies that collect or process the personal data of people in eu countries. National, Territory Or State Laws In the US there are federal laws such as the gramm-leach-bliley act (GLBA) for financial services and the health insurance portability and accountability act (HIPAA). Section 2- Explaining Threat Actors And Threat Vectors 2.1 Vulnerability, Threat And Risk Vulnerability - This Is A Weakness That Could Be Triggered Accidentally Or Exploited Intentionally To Cause A Security Breach. Threats Can Exist Even When There Are No Vulnerabilities. Threats Can Exist Without Risks But A Risk Needs An Associated Threat To Exist The Path Or Tool Used By A Malicious Threat Actor Can Be Referred To As The Attack Vector. Risks Are Often Measured Based On The Probability That An Event Might Occur As Well As The Impact Of The Event On The Business. Threat Assessment Is The Combination Of A Threat Actor's Intentions To Harm ‘Combined With An Assessment Of That Actor's Capability To Carry Out Those Intentions. 9 Risk Assessment Involves Identification Of Security Risks Through The Analysis Of Assets, Threats And Vulnerabilities, Including Their Impacts And Likelihood. Risks Are Event Focused (The Database Server Goes Down) While Threats Focus On Intentions (A Hacker Wants To Take Down The Database Server) 2.2 Attributes Of Threat Actors Location - an external threat or actor is one that has no account or authorized access to the target system. such threats must use malware and or social engineering to infiltrate the security system. Conversely, an internal or insider threat actor is one that has been granted permissions on the system and typically means either an employee or a third party contractor. Intent/motivation - intent describes what an attacker hopes to achieve from the attack while motivation is the reason for perpetuating the attack.motivation could be driven by greed, curiosity or grievance. Threats can either be structured or unstructured. A criminal gang attempting to steal financial data is a structured targeted threat while a script kiddie launching a series of spam emails is unstructured and opportunistic. Level of sophistication/capability - the technical abilities and resources/funding the adversary possesses must also be considered. capability refers to a threat, actor's ability to craft novel exploit techniques and tools. 2.3 Threat Actors * script kiddie - use hacker tools without necessarily understanding how they work or have the ability to craft new attacks. black hats - very skilled and have financial interests ‘* white hat - hack systems and networks with full authorization typically to discover vulnerabilities and test current security setup. © gray hats - are very skilled and typically employ black hat tactics for white hat objectives + hacktivists "* - hacking for a cause. they might attempt to obtain and release confidential information to the public or deface a website. (anonymous, wikileaks) 9 ‘* state actors & advanced persistent threats - the term atp was coined to understand the behavior underpinning modern types of cyber adversaries. it refers to the ongoing ability of an adversary to compromise network security and maintain access by using a variety of tools and techniques. * criminal syndicates - criminal syndicates can operate across the internet from different jurisdictions than its victim, increasing the complexity of prosecution. * insider threats - these include, compromised employees, disgruntled employee (ex,) second streamer, spy/saboteur, shadow it, unintentional 2.4 Attack Surface & Attack Vectors Attack Surface - this refers to all the points at which a malicious threat actor could try to exploit a vulnerability. The attack surface for an external actor is and should be far smaller than that for an insider threat. Minimizing the attack surface means restricting access so that only a few known endpoints, protocols/ports and services are permitted. The attack vector is the path that a threat actor uses to gain access to a secure system and can include Direct Access Removable Media Email Remote & Wireless Supply Chi Web & Social Media Cloud 2.5 Threat Research Sources Threat Research Is A Counterintelligence Gathering Effort In Which Security ‘Companies And Researchers Attempt To Discover The Tactics, Techniques And Procedures (Ttps) Of Modern Cyber Adversaries. Another Primary Source Of Threat Intelligence Is The Deep Web. The Deep Web Is Any Part Of The World Wide Web That Is Not Indexed By A Search Engine E.G Registration Pages, Unlinked Pages And Pages That Block Search Indexing. 2.6 Threat Intelligence Providers The outputs from the primary research undertaken by security solutions providers can take three main forms. behavioral threat research - narrative commentary describing examples of attacks and TTPs gathered through primary research sources. reputational threat intelligence - list of ip addresses and domains associated with malicious behavior threat data - computer data that can correlate events observed on a customer's ‘own networks and logs with known TTP and threat actor indicators. Threat data can be packaged as feeds that integrate with a security information and event management (SIEM) platform. These feeds are usually described as cyber threat intelligence (cti) data. Threat intelligence platforms and feeds are supplied as one of four different commercial models ‘* closed/proprietary - the threat research and cti data is made available as a paid subscription to a commercial threat intelligence platform. * vendor websites - this is proprietary threat intelligence that is not provided at a cost but is provided as a general benefit to customers e.g microsoft's security intelligence blog. * public/private information sharing centers - in many critical industries, information sharing and analysis centers (isacs) have been set up to share threat intelligence and promote best practice. * open source intelligence (OSINT) - some companies operate threat intelligence services on an open-source basis earning income from consultancy ‘* other threat intelligence research resources include - academic journals, conferences, request for comments (RFC) and social media 2.7 Tactics, Techniques & Procedures ATactic, Technique Or Procedure (Ttp) Is A Generalized Statement Of Adversary Behavior. Ttps Categorize Behaviors In Terms Of Campaign Strategy And Approach (Tactics), Generalized Attack Vectors (Techniques) And Specific Intrusion Tools And Methods (Procedures). An Indicator Of Compromise (loc) Is A Residual Sign That An Asset Or Network Has Been Successfully Attacked. In Other Words, An loc Is Evidence Of A Ttp. Examples Of locs Include Unauthorized Software And Files Suspicious Emails Suspicious Registry And File System Changes Unknown Port And Protocol Usage Excessive Bandwidth Usage Rouge Hardware Service Disruption And Defacement Suspicious Or Unauthorized Account Usage Strictly Speaking An loc Is Evidence Of An Attack That Was Successful. The Term Indicator Of Attack (loa) Is Sometimes Also Used For Evidence Of An Intrusion Attempt In Progress. 2.8 Threat Data Feeds There Are Various Ways That A Threat Data Feed Can Be Implemented. Structured Threat Information Expression (Stix) - Describes Standard Terminology For locs And Ways Of Indicating Relationships Between Them. Indicator Indicates, Indicates YC Targets Attributed to Vulnerability Campaign Threat Actor Trusted automated exchange of indicator information (taxii) - protocol provides a means for transmitting cti data between servers and clients. Automated indicator sharing (ais) - is a service offered by the dhs for companies to participate in threat intelligence sharing. ais is based on the stix and ta standards and protocols. Threat map -a threat map is an animated graphic showing the source, target and type of attacks detected by a cti platform. File/code repositories - such a repository holds signatures of known malware code. Vulnerability databases & feeds - another source of threat intelligence is identifying vulnerabilities in os, software applications and firmware code. vulnerability databases include the common vulnerabilities and exposure (CVE). Artificial Intelligence - ai is the science of creating machine systems that can simulate or demonstrate a similar general intelligence capability to humans. Predictive analysis - this refers to when a system can anticipate an attack and possibly identify the threat actor before the attack is fully realized. Section 3- Performing Security Assessments 3.1 Network Reconnaissance Tools Topology Discovery (Footprinting) Means Scanning For Hosts, Ip Ranges And Routes Between Networks To Map Out The Structure Of The Target Network. * Ipconfig - Shows The Ip And Mac Addresses Assigned To Network Interfaces In Windows. Ifeonfig - For Linux Ping - Probes A Host On A Particular Ip Address Or Host Name Using Iemp. Arp - Display’s The Local Machine's Address Resolution Protocol (Arp) Cache Which Will Show The Mac Address Of The Interface Associated With Each Ip Address The Local Host Has Communicated With Recently. Route - View And Configure The Host’s Local Routing Table Tracert (Windows) - Uses Icmp Probes To Report The Round Trip Time (Rtt) For Hops Between The Local Host And A Host On A Remote Network. Traceroute (Linux}- Uses Udp Probes Instead. Pathping (Windows) - Provides Stats For Latency And Packet Loss Along A Route Over A Longer Measuring Period. Mtr (Linux) An Ip Scanner Performs Host Discovery And Identifies How The Hosts Are Connected Together In An Internetwork. ‘The Nmap Security Scanner Is One Of The Most Popular Open-Source Ip Scanners Which Can Use Diverse Methods For Host Discovery And Is Available For Windows, Linux And Macos. Service Discovery & Nmap * Tep Syn (-Ss) - Fast Technique (Half Open) Where The Scanning Host Requests A Connection Without Acknowledging It. The Target's Response To The Scan's Syn Packet Identifies The Port State. ‘© Udp Scans (-Su) - Scan Udp Ports And Needs To Wait For A Response To Determine The Port State. ‘+ Port Range (-P) - By Default, Nmap Scans 1000 Commonly Used Ports And -P Argument Can Be Used To Specify A Port Range. 9 Nmap Can Also Be Used For Fingerprinting Which Is The Process Of Discovering Detailed Analysis Of Services On A Particular Host. Nmap Can Be Used To Discover: Protocols Application Name & Version Os Type And Version * Device Type Netstat And Nslookup Netstat - Shows The State Of Tep/Udp Ports On The Local Machine. Can Be Used On Both Windows And Linux. You May Also Be Able To Identify Suspect Remote Connections To Services On The Local Host Or From The Host To Remote Ip Addresses. Nslookup/Dig - Query Name Records For A Given Domain Using A Particular Dns Resolver Under Windows (Nslookup) Or Linux (Dig) 3.2 Other Reconnaissance & Discovery Tools * Theharvester - A Tool For Gathering Open-Source Intelligence (Osint) For A Particular Domain Or Company. * Dnsenum - Packages Queries For Name Requests And Hosting Details Into A Single Query * Scanless - Provides The Option To Avoid Port Scanning Detection By Disguising The Source Of Probes. * Curl - Command Line Client For Performing Data Transfers Over Many Types Of Protocols * Nessus - A Very Powerful Vulnerability Scanner Packet Capture And Tcpdump Packet Analysis - Refers To Deep-Down Frame-8y-Frame Scrutiny Of Captured Frames Protocol Analysis - Means Using Statistical Tools To Analyze A Sequence Of Packets (Or Packet Trace. 9 Packet And Protocol Analysis Depends On A Sniffer Tool To Capture And Decode The Frames Of Data. Network Traffic Can Be Captured From A Host Or From A, Network Segment. ‘Tepdump Is A Command Line Packet Capture Utility For Linux. The Basic Syntax Of The Command Is Tepdump -| EthO Where Eth0 Is The Interface To Listen On. The Utility Will Then Display Captured Packets Until Halted Manually. The Following Command Filters Frames To Those With The Source Ip 10.1.0.100 And Destination Port 53 Or 80: Tepdump -| EthO “Src Host 10.1.0.100 And (Dst Port 53 Or Dst Port 80)” Packet Injection And Replay Some Reconnaissance Techniques And Tests Depend On Sending Forged Or Spoofed Network Traffic. There Are Also Tools That Allow For Different Kinds Of Packets To Be Crafted And Manipulated. Hping Is An Open-Source Spoofing Tool That Provides A Penetration Tester With The Ability To Craft Network Packets To Exploit Vulnerable Firewalls And Idss. Exploitation Frameworks A Remote Access Trojan (Rat) Is A Malware That Gives An Adversary The Means Of Remotely Accessing The Network. An Exploitation Framework Uses The Vulnerabilities Identified By An Automated Scanner And Launches Scripts Of Software To Attempt To Deliver Matching Exploits. This Might Include Disruption To The Target, Including Service Failure And Risk The Framework Comprises A Database Of Exploit Code, Each Targeting A Particular Cve. The Best Known Exploit Framework Is Metasploit. It's Open Source But Also Has Pro And Express Commercial Editions Of The Framework. Sniper Is A Framework Designed For Penetration Test Reporting And Evidence Gathering. It Can Integrate With Tools Like Metasploit To Run Automated Suites Of Tests. (Other Exploitation Frameworks Include Fireelf Routersploit Browser Exploitation Framework (Beef) Zed Attack Proxy (Zap) Pacu Netcat This Is A Tool Used For Testing Connectivity Available On Both Windows And Linux And Can Also Be Used For Port Scanning And Fingerprinting. The Following Command Attempts To Connect To The Http Port On A Server And Return Any Banner By Sending The “Head” Http Keyword. Echo “Head” | Nc 10.1.0.1-V 80 3.3 weak host & network configurations Using the default manufacturer settings is an example of weak configuration. The root account or the default admin account typically has no restrictions set over system access and can have an extremely serious impact if an attacker gains control of it. Open Permissions - this refers to provisioning data files or applications without differentiating access rights for user groups. This can lead to permitting unauthenticated guests to view confidential data or allowing write access to read only files. servers must operate with at least some open ports but security best practice dictates that these should be restricted to only necessary services. Weak encryption - this can arise from the following: the key is generated from a simple password making it easy to brute-force the algorithm or cipher used for the encryption has known weaknesses the key is not distributed securely and can easily fall into the attacker's hands. Errors - weakly configured applications may display unformatted error messages under certain conditions and can provide threat actors with valuable information. 9 3.4 Vulnerability Impacts These Types Of Events Can Have Serious Impacts In Terms Of Cost And Damage To The Organization's Reputation. * Data Breaches And Data Exfiltration Impacts * Identity Theft Impacts * Data Loss And Availability Loss Impacts * Financial And Reputation Impacts Data Breaches And Data Exfiltration Impacts A Data Breach Event Is Where Confidential Data Is Read, Modified, Transferred To Deleted Without Authorization. A Privacy Breach Is Where Personal Data Is Not Collected, Stored Or Processed In Full Compliance With Laws Governing Personal Information. Data Exfiltration Is The Methods And Tools By Which An Attacker Transfers Data Without Authorization From The Victim's System To An External Network Or Media. Data Loss & Availability Loss Impacts Compared To Data Breaches, Data Loss Is Where Information Is Unavailable And Can Result In The Company Unable To Perform Crucial Workflows. 3.5 Third Party Risks Vendor Management Is The Process Of Choosing Supplier Companies And Evaluating The Risks Inherent In Relying On A Third Party Product Or Service. Within Vendor Management, System Integration Refers To The Process Of Using ‘Components From Multiple Vendors To Implement A Business Workflow. There Are Two Main Data Risks When Using Third Parties * Vendor May Need To Be Granted Access To Your Data * The Vendor May Have To Be Used To Host The Data Or The Data Backups Data Storage The Following Precautions Should Be Taken: 9 ‘* Ensure The Same Protections For Data As Though It Were Stored On-Premises, Monitor And Audit Third-Party Access To The Data Evaluate Compliance Impacts From Storing Personal Data On A Third-Party System 3.6 PenTest Attack Life Cycle ‘* reconnaissance - is typically followed by an initial exploitation phase where a software tool is used to gain some sort of access to the target's network. * persistence - this is the tester's ability to reconnect to the compromised host and use it as a remote access tool (rat) or backdoor. * privilege escalation - the tester attempts to map out the internal network and discover the services running on it. lateral movement - gaining control over other hosts and usually involves executing the attack or scripting tools such as powershell. ‘* pivoting - if a pen tester achieves a foothold on a perimeter server, a pivot allows them to bypass a network boundary and compromise servers on an inside network. ‘* actions on objectives - for a threat actor, this means stealing data while for a tester it would be a matter of the scope definition. * cleanup - for an attacker, this means removing evidence of the attack while for a pen tester, this means removing any backdoors or tools and ensuring the system is not less secure than its pre-engagement state. Section 4 - Social Engineering Techniques & Malware 4.1- Intro To Social Engineering This is the exploitation of human emotions and interactions to extract valuable information. more dangerous than traditional methods of hacking as it relies on human error which is subjective & less predictable than software/hardware vulnerabilities. Social engineering relies heavily on human emotions such as fear, curiosity, excitement, anger and guilt. phishing - relies on creating a sense of excitement or panic in the target using emails. spear phishing - a phishing attack against a very specific individual or organization angler phishing - a phishing attack directed specifically at social media users whaling - a phishing attack targeted at senior executives of an organization vishing - relies on creating a sense of excitement or panic in the target using a phone call smishing - relies on creating a sense of excitement or panic in the target using a text message hoaxes - the hacker impersonates an employee or angry customer baiting - dropping infected usb drives in the parking lot to influence employees. piggybacking - an attacker enters a secure building with the permission of an employee tailgating - the attacker without access authorization closely follows an authorized person in a reserved area shoulder surfing - obtaining sensitive information by spying dumpster diving - obtaining sensitive information by going through the company trash credential harvesting - using phishing emails and spamming campaigns to gather information which can then be sold. pharming - redirecting victims to a malicious website using dns cache poisoning. 9 watering hole attack - an attack that aims to compromise a specific group of end-users by infecting existing websites or creating a new one that will attract them. typo squatting/ url hijacking - hackers register misspelled domain names of popular websites hoping to capture sensitive information. e.g facbook.com. instagarm.com influence campaigns - a major program launched by an adversary with a high level of capability such as a nation-state actor or terrorist group. the goal is to shift public opinion on some topic and when deployed along with espionage, disinformation/fake news and hacking, it can be characterized as hybrid warfare. 4.2 - Malware Classification Some Malware Classifications Such As Trojan, Virus And Worm Focus On The Vector Used By The Malware. The Vector Is The Method By Which The Malware Executes ‘On A Computer And Potentially Spreads To Other Network Hosts. The Following Categories Describe Some Types Of Malware According To Vector: * Viruses & Worms - Spread Without Any Authorization From The User By Being Concealed Within The Executable Code Of Another Process. Trojan - Malware Concealed Within An Installer Package For Software That Appears To Be Legitimate * Potentially Unwanted Programs/Applications (Pups/Puas) - These Are Software Installed Alongside A Package Selected By The User. Unlike A Trojan, Their Presence Isn't Necessarily Malicious. They Are Sometimes Referred To As Grayware. Other Classifications Are Based On The Payload Delivered By The Malware. The Payload Is The Action Performed By The Malware Examples Of Payload Classification Include: Spyware Rootkit Remote Access Trojan (Rat) Ransomware 4.3 - Computer Viruses This Is A Type Of Malware Designed To Replicate And Spread From Computer To ‘Computer Usually By “Infecting” Executable Applications Or Program Code. * Non-Resident/File Infector - The Virus Is Contained Within A Host Executable File And Runs With The Host Process. The Virus Will Try To Infect Other Process Images On Persistent Storage And Perform Other Payload Actions. * Memory Resident - When The Host File Is Executed, The Virus Creates A New Process For Itself In Memory. The Malicious Process Remains In The Memory Even If The Host Process Is Terminated. * Boot - The Virus Code Is Written To The Disk Boot Sector And Executes As A Memory Resident Process When The Os Starts. ‘* Script And Macro Viruses - The Malware Uses The Programming Features Available In Local Scripting Engines For The Os And/Or Browser Such As Powershell, Javascript, Microsoft Office Documents Or Pdf Documents With Javascript Enabled. The Term Multipartite Is Used For Viruses That Use Multiple Vectors And Polymorphic For Viruses That Can Dynamically Change Or Obfuscate Their Code To Evade Detection. Viruses Must Infect A Host File Or Media. An Infected File Can Be Distributed Through Any Normal Means - On A Disk, On A Network, A Download From A Website Or Email Attachment. 4.4 - Computer Worms & Fileless Malware ‘Computer Worms - this is a memory resident malware that can run without user intervention and replicate over network resources. viruses need the user to perform an action but worms can execute by exploiting a vulnerability in a process and replicate themselves. Worms can rapidly consume network bandwidth as the worm replicates and they may be able to crash an operating system or server application. worms can also carry a payload that may perform some other malicious action. Fileless malware - as security controls got more advanced so did malware and this new sophisticated modern type of malware is often referred to as fileless. * Fileless Malware Do Not Write Their Code To Disk. The Malware Uses Memory Resident Techniques To Run Its Qwn Process Within A Host Process Or Dynamic Link Library (Dll). The Malware May Change Registry Values To Achieve Persistence. + Fileless Malware Uses Lightweight Shellcode To Achieve A Backdoor Mechanism On The Host. The Shellcode Is Easy To Recompile In An Obfuscated Form To Evade Detection By Scanners. It Is Then Able To Download Additional Packages Or Payloads To Achieve The Actor's Objectives. * Fileless Malware May Use “Live Off The Land” Techniques Rather Than Compiled Executables To Evade Detection. This Means That The Malware Code Uses Legitimate System Scripting Tools Like Powershell To Execute Payload Actions. 4.5 - Spyware, Keyloggers, Rootkits, Backdoors, Ransomware & Logic Bombs spyware - this is malware that can perform adware-like tracking but also monitor local application activity, take screenshots and activate recording devices. adware - grayware that performs browser reconfigurations such as allowing cookies, changing default search engines, adding bookmarks and so on. tracking cookies - can be used to record pages visited, the user's ip address and various other metadata. keylogger - spyware that actively attempts to steal confidential information by recording keystrokes. backdoors & rats - a backdoor provides remote user admin control over a host and bypasses any authentication method. A remote access trojan is a backdoor malware that mimics the functionality of legitimate remote control programs but is, designed specifically to operate covertly. a group of bots under the same control of the same malware are referred to as a botnet and can be manipulated by the herder program. rootkits - this malware is designed to provide continued privileged access to a computer while actively hiding its presence. it may be able to use an exploit to escalate privileges after installation.software processes can run in one of several “rings”. * ring 0 is the most privileged and provides direct access to hardware 9 ring 3 is where user-mode processes run ring 1 or 2 is where drivers and i/o processes may run. ransomware - this type of malware tries to extort money from the victim by encrypting the victim's files and demanding payment. ransomware uses payment methods such as wire transfer or cryptocurrency. logic bombs - logic bombs are not always malware code. a typical example is a disgruntled admin who leaves a scripted trap that runs in the event his or her account is disabled or deleted. anti-malware software is unlikely to detect this kind of script and this type of trap is also referred to as a mine. 4.6 - Malware Indicators & Process Analysis There Are Multiple Indicators Of Malware: Antivirus Notifications Sandbox Execution Resource Consumption - Can Be Detected Using Task Manager Or Top Linux Utility. File System because shellcode is easy to obfuscate, it can easily evade signature-based a-v products, Threat hunting and security monitoring must use behavioral-based techniques to identify infections. Along with observing how a process interacts with the file system, network activity is one of the most reliable ways to identify malware. Section 5 - Cryptographic Concepts, Hashing, Ciphers & Encryption 5.1- Introduction To Cryptography And Hashing Cryptography Is A Secure Communication Technique That Allows Only The Sender And Receiver Of A Message To View It. 9 Plaintext - An Unencrypted Message Ciphertext - An Encrypted Message Cipher - The Process (Algorithm) Used To Encrypt And Decrypt A Message Cryptanalysis - The Art Of Cracking Cryptographic Systems There Are Three Main Types Of Cryptographic Algorithms: * Hashing Algorithms * Symmetric Encryption Cipher ‘Asymmetric Encryption Cipher Hashing Algorithms - The Simplest Type Of Cryptographic Operation And Produces A Fixed Length String From An Input Plaintext That Can Be Of Any Length. A Hashing Collision Occurs When Two Different Plain Texts Produce The Exact Same Hash Value. Encryption Algorithms Must Demonstrate Collision Avoidance. Bob downloads the file and records the reference hash value o Alice publishes a file and reference hash value Bob Bob computes a Zit ! hash and compares gre ito the reference value “Helloworld” “iH” (File) (Hash) Mallory injects a malicious download, but cannot change the reference hash value Bob computes a hash, but it does not match the reference, so he rejects the file 7 A matiory fl : cee, 2 >Re v6 “HelloWorld” “HelloWorld” “24 Hashing Algorithms * Secure Hash Algorithm (Sha) - Considered To Be The Strongest Algorithm With The Most Popular Being The Sha-256 Which Produces A 256-Bit Digest. © Message Direct Algorithm #5 (Md5) - Produces A 128-Bit Digest Birthday Attack - A Brute Force Attack Aimed At Exploiting Collisions In Hash Functions. Could Be Used For Forging A Digital Signature 5.2 - Encryption An encryption algorithm is a type of cryptographic process that encodes data so that it can be recovered or decrypted. the use of a key, with the encryption cipher ensures that decryption can only be performed by authorized persons. A substitution cipher involves replacing units in the plaintext with different ciphertext. e.g rotl3 rotates each letter 13 places so a becomes n the ciphertext "uryyb jbeyq" means "hello world” In contrast to substitution ciphers, the units in a transposition cipher stay the same in plaintext and ciphertext but their order is changed according to some mechanism. consider the ciphertext "hloolelwrd" hlool elwrd The letters are simply written as columns and the rows are concatenated. symmetric encryption - here both encryption and decryption are performed by the same secret key and can be used for confidentiality. It is very fast and is used for bulk encryption of large amounts of data but can be vulnerable if the key is stolen. Alice Alice and Bob share Bob asymmetric key e a Alce encrypts fle using Ace sends the Z--3 3g [2-2 “HelloWorld” “rWoeldlolH" “rWoeldlolH” “rWoeldlolH" “HelloWorld” (File) (Encrypted File) ED ee cecorsite ciphertext using the same symmetric key there are two types - stream ciphers & block ciphers stream cipher - the plaintext is combined with a separate randomly generated message calculated from the key and an initialization vector (iv). each byte or bit of data is encrypted one at a time. block cipher - the plaintext is divided into equal-size blocks (usually 126-bit). if there is not enough data in the plaintext, it is padded to the correct size. e.g, a 1200-bit plaintext would be padded with an extra 80 bits to fit into 10 x 128-bi blocks. asymmetric encryption - here both encryption and decryption are performed by two different but related public and private keys in a key pair. Each key is capable of reversing the operation of its pair and they are linked in such a way as to make it impossible to derive one from the other. Bob generates an Alice Bob publishes the public asymmetric key pair Bob > key and alice keeps a and keeps the copy of it G3 private key secret i sing Bob's public key Alice encrypts a message .” Alice sends the Bh ee ceenrstte iphertextto Bob Wall ciphertext using his private key Z2>G Z ZUurg Z Z BZ —-fZ Z A AT ZB Z BZ “HelloWorld” “rWoeldiol” ! “rWoelalolH” “AWoeldlollt” “HelloWorld” ile) (Encrypted File). } A Mallory cannot use Bob's public key to reverse the | sree Ze) Can Be Used To Prove Identity As The Holder Of The Private Key Cannot Be Impersonated By Anyone Else. The Major Drawback Of This Encryption Is That It Involves Substantial Computing Resources. Mostly Used For Authentication And Non-Repudiation And For Key Agreement And Exchange. Asymmetric Encryption Is Often Referred To As Public Key Cryptography And The Products Are Based On The Rsa Algorithm. Ron Rivest, Adi Shamir And Leonard Adleman Published The Rsa Cipher In 1977. 5.3 - Cryptographic Modes Of Operation & Cipher Suites ‘A Mode Of Operation Is A Means Of Using A Cipher Within A Product To Achieve A Security Goal Such As Confidentiality Or Integrity. Public Key Cryptography Can Authenticate A Sender While Hashing Can Prove Integrity. Both Can Be Combined To Authenticate A Sender And Prove The Integrity Of A Message And This Usage Is Called A Digital Signature. Symmetric Encryption Can Encrypt And Decrypt Large Amounts Of Data But It's ifficult To Distribute The Secret Key Securely. Asymmetric (Pkc) Encryption Can Distribute The Key Easily But Cannot Be Used For Large Amounts Of Data. Digital Certificates - Public Keys Are Used And Are Freely Available But How Can Anyone Trust The Identity Of The Person Or Server Issuing A Public Key? A Third Party Known As A Certificate Authority (Ca) Can Validate The Owner Of The Public Key By Issuing The Subject With A Certificate. The Process Of Issuing And Verifying Certificates Is Called Public Key Infrastructure (Pki) Cipher Suite - This Is The Combination Of Ciphers Supported And Is Made Up OfF ‘¢ Signature Algorithm - Used To Assert The Identity Of The Server's Public Key And Facilitate Authentication * Key Exchange/Agreement Algorithm - Used By The Client And Server To Derive The Same Bulk Encryption Symmetric Key. 5.4 - Cryptographic Use Cases cryptography supporting authentication & non-repudiation - a single hash function, symmetric or asymmetric cipher is called a cryptographic primitive. a complete cryptographic system or product is likely to use multiple cryptographic primitives such as within a cipher suite. 9 authentication & non-repudiation depend on the recipient not being able to encrypt the message or the recipient would be able to impersonate the sender. Basically the recipient must be able to use the cryptographic process to decrypt authentication and integrity data but not to encrypt it. cryptography supporting confidentiality - cryptography removes the need to store data in secure media as even if the ciphertext is stolen, the threat actor will not be able to understand or change what has been stolen. cryptography supporting integrity & resiliency - integrity is proved by hashing algorithms which allow two parties to derive the same checksum and show that a message or data has not been tampered with. Cryptography can be used to design highly resilient control systems and secure computer code. A developer can make tampering more difficult through obfuscation which is the art of making a message difficult to understand. Cryptography is a very effective way of obfuscating code but it also means the computer might not be able to understand and execute the code. 5.5 - Longevity, Salting , Stretching & Other Types Of Cryptographic Technologies Longevity - This Refers To The Measure Of Confidence That People Have In A Given Cipher. In Another Sense, It Is The Consideration Of How Long Data Must Be Kept Secure. Salting - Passwords Stored As Hashes Are Vulnerable To Brute Force And ‘ionary Attacks. A Password Hash Cannot Be Decrypted As They Are One-Way. However, An Attacker Can Generate Hashes To Try And Find A Match For The Captured Password Hash Through A Brute Force Or Dictionary Attack. A Brute Force Attack Will Run Through A Combination Of Letters, Numbers And symbols While A Dictionary Attack Creates Hashes Of Common Words And Phrases. Both Attacks Can Be Slowed Down By Adding A Salt Value When Creating The Hash. (Salt + Password) * Sha = Hash The Salt Is Not Kept Secret Because Any System Verifying The Hash Must Know The Value Of The Salt But It's Presence Means That An Attacker Cannot Use Pre-Computed Tables Of Hashes. Key Stretching - This Takes A Key That's Generated From A User Password Plus A Random Salt Value And Repeatedly Converts It To A Longer And More Random Key. This Means The Attacker Will Have To Do Extra Processing For Each Possible Key Value Thus Make The Attack Even Slower. This Can Be Performed By Using A Particular Software Library To Hash And Save Passwords When They Are Created. The Password-Based Key Derivation Function 2 (Pbkdf2) Is Widely Used For This Purpose. Homomorphic Encryption - This Is The Conversion Of Data Into Ciphertext That Can Be Analyzed And Worked With As If It Were Still In Its Original Form. It Enables Complex Mathematical Operations To Be Performed On Encrypted Data Without Compromising The Encryption. Blockchain - this is a concept in which an expanding list of transactional records is secured using cryptography. Each record is referred to as a block and is run through a hash function. The hash value of the previous block in the chain is added to the hash calculation of the next block and thus ensures that each successive block is cryptographically linked. Steganography - This is a technique for obscuring the presence of a message such as hiding a message in a picture. the container document or file is called the covertext, Section 6 - Implementing Public Key Infrastructure 6.1 - Certificates, Pkis, Ras & Csrs Public & Private Key Usage When you want others to send you confidential messages, you give them your public key to encrypt the message and then you decrypt the message with your private key. When You Want To Authenticate Yourself To Others, You Create A Signature And Sign It Using Your Private Key To Encrypt It. You Give Others Your Public Key To Decrypt The Signature. Certificate Authority - This Is The Entity Responsible For Issuing And Guaranteeing Certificates. Pki Trust Models Include: * Single Ca - A Single Ca Issues Certificates To Users And The Users Trust Certificates By That Ca Exclusively. If The Ca Is Compromised, The Entire Pki Collapses * Hierarchical (Intermediate Ca) - A Single Ca Called The Root Issues Certificates To Several Intermediate Cas. The Intermediate Cas Issue Certificates To Subjects (Leaf Or End Entities). Each Leaf Certificate Can Be Traced Back To The Root Ca Along The Certification Path And This Is Referred To As A Certificate Chain Or Chain Of Trust. The Root Is Still A Single Point Of Failure But It Can Be Taken Offline As Most Of The Regular Ca Activities Are Handled By The Intermediate Ca Servers. Certificate Viewer: “wow. globe ign.com” x General Details Certificate Hierarchy ~GlobalSign Root CA -A3 ‘GlobalSign Extended Validation CA - SHA256 - G3 wonn.globalsign.com Certificate Fields \VGlobatsign tended Validation CA - SHA2S6 - G3 ~ Certitiate Version Serial Number Certificate Signature Algorthm Issuer Validity Not Before Es Field Value Gi = Glonaisign © = GlobalSign OU = Globelsign Root CA - RS Export... ‘* Online Versus Offline Cas - An online ca is one that is available to accept and process certificate signing requests and management tasks. Because of the high risk posed by a compromised root ca, a secure configuration will involve making the root an offline ca meaning it is disconnected from any network and only brought back online to add or update intermediate cas. 9 registration authorities and CSRS - registration is the process by which end users create an account with the CA and become authorized to request certificates. When A Subject Wants To Obtain A Certificate, It Completes A Certificate Signing Request (Csr) And Submits It To The Ca. The CA Reviews The Certificate And Checks That The Information Is Valid. If The Request Is Accepted, The CA Signs The Certificate And Sends It To The Subject. 6.2 - Digital Certificates A Digital Certificate Is Essentially A Wrapper For A Subject's Public Key. As Well As The Public Key, It Contains Information About The Subject And The Certificate's Issuer. ln Certificate x General Detals Certification Path show: [ZAiy v eld Value [)sionature algoritim sha2SeRSA [-Jsionature hash algorithm sha256 (issuer

You might also like