CySA+
  • CySA+ CS0-002 Exam Objectives
  • Threat Intelligence Cycle
  • Intelligence Sources
  • Security Intelligence Sharing
  • Threat Classification and Threat Actors
  • Threat Research and Indicators of Compromise
  • Attack Frameworks and The Cyber Kill Chain
  • Defining Threat Modeling and Threat Hunting
  • Vulnerability Identification and Validation
  • Vulnerability Scan Results and CVSS Scores
  • Nmap and Enumeration
  • Security Controls
  • Defense in Depth Security Baselines
  • Security Trend Analysis
  • Remediation Issues
  • Asset, Change, and Configuration Management
  • Software Development Lifecycle & Development Models
  • Software Assessment and Code Review
  • Mitigating Attack Types Part 1
  • Mitigating Attack Types Part 2
  • Mitigating Attack Types Part 3
  • Password Cracking and Hashing
  • Privilege Escalation & Man-in-the-Middle
  • Network Based IoCs
  • Host Based IoCs
  • Network Architecture and Segmentation
  • Network Traffic, Packet, and Protocol Analysis
  • Pentesting and Active Defense
  • Firewalls
  • URL Analysis & DNS in Malware
  • Network Access Control and Port Security
  • Identity and Access Management (IAM)
  • Web Application Scanners
  • SSL/TLS Digital Certificate Management
  • Mobile Threats
  • Email Threats and Mitigation
  • Data Loss Prevention (DLP)
  • Endpoint Security and Behavior Analysis
  • Hardware Assurance
  • Blackholes and Sinkholes
  • IoT, Embedded Systems & ICS/SCADA Threats
  • Log Analysis & Continuous Security Monitoring
  • SIEM and Event Correlation
  • Malware Analysis
  • Cloud Models and Service Threats
  • Cloud Automation and Other Cloud Threats
  • VDI, Containers, and Microservices
  • CI/CD, IaC, DevOps
  • AI and Machine Learning
  • Digital Forensics
  • Technical Controls for Securing Data
  • Non-Technical Controls for Securing Data
  • Security Policies and Procedures
  • Continuity Planning and Risk Assessment
  • Incident Response Phases and Communication
Powered by GitBook
On this page

Threat Classification and Threat Actors

PreviousSecurity Intelligence SharingNextThreat Research and Indicators of Compromise

Last updated 2 years ago

  • Unknown Threats

    • Look for behavior instead of signatures

    • Very advanced

    • Very new: zero-day or 0-day. Vulnerability without a patch

  • The Johari Window

    • What WE know

    • vs What OTHERS know.

  • Bug Bounties - Rewards for finding and reporting vulnerabilities

  • Bad Actors

    • Advanced Persistent Threat (APT)

      • Advanced tools, coordinated group

      • Persistent, undetected

      • Threat, malicious actors

      • Exam tip: APT's are well funded. Sometimes government supported.

    • Organized Crime - financial gain. Cyber terrorism = just destruction

    • Hactivists - digital protest. Deface websites. DDoS.

    • Nation States - Governments. Usually fund APTs.

    • Script kiddies - beginner hackers. Low skills.

    • Recreational Hackers - CTF. Hacking for fun.

    • Professional Hackers - Ethical hackers. Penetration testers.

    • Suicide Hackers - Don't care if they get caught. Desperate hackers.

    • Insider threat - Somebody internal to the organization.

      • Intentional or unintentional

      • Dangerous, access already granted

      • Anger, financial gain, bribes, threats

      • Shadow IT

    • Commodity Malware - available for everyone! Most common.

      • Malware samples:

      • Make your own malware: Empire project:

      • Darkweb

https://portswigger.net/daily-swig
https://www.bugcrowd.com/
https://www.mandiant.com/resources/insights/apt-groups
https://github.com/andreiciorba/theZoo/tree/master/malware/Binaries
https://github.com/EmpireProject/Empire/wiki/Quickstart