SECURITY SKILLS INVENTORY

Security and Risk Management (Security, Risk, Compliance, Law, Regulations, and Business Continuity)

Confidentiality, integrity, and availability concepts 

Security governance principles

Compliance

Legal and regulatory issues

Professional ethic

Security policies, standards, procedures and guidelines

Asset Security (Protecting Security of Assets)

Information and asset classification

Ownership (e.g. data owners, system owners)

Protect privacy

Appropriate retention

Data security controls

Handling requirements (e.g. markings, labels, storage)

Security Engineering (Engineering and Management of Security)

Engineering processes using secure design principles

Security models fundamental concepts

Security evaluation models

Security capabilities of information systems

Security architectures, designs, and solution elements vulnerabilities

Web-based systems vulnerabilities

Mobile systems vulnerabilities

Embedded devices and cyber-physical systems vulnerabilities

Cryptography

Site and facility design secure principles

Physical security

 Communication and Network Security (Designing and Protecting Network Security)

Secure network architecture design (e.g. IP & non-IP protocols, segmentation)

Secure network components

Secure communication channels

Network attacks

Identity and Access Management (Controlling Access and Managing Identity)

Physical and logical assets control

Identification and authentication of people and devices

Identity as a service (e.g. cloud identity)

Third-party identity services (e.g. on-premise)

Access control attacks

Identity and access provisioning lifecycle (e.g. provisioning review)

 Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)

Assessment and test strategies

Security process data (e.g. management and operational controls)

Security control testing

Test outputs (e.g. automated, manual)

Security architectures vulnerabilities

Security Operations (Foundational Concepts, Investigations, Incident Management, and Disaster Recovery)

Investigations support and requirements

Logging and monitoring activities

Provisioning of resources

Foundational security operations concepts

Resource protection techniques

Incident management

Preventative measures

Patch and vulnerability management

Change management processes

Recovery strategies

Disaster recovery processes and plans

Business continuity planning and exercises

Physical security

Personnel safety concerns

Software Development Security (Understanding, Applying, and Enforcing Software Security)

Security in the software development lifecycle

Development environment security controls

Software security effectiveness

Acquired software security impact

 ETHICAL HACKING SECURITY SKILLS

Key issues plaguing the information security world, incident management process, and penetration testing

Footprinting and Reconnaissance

Objectives and Common Threats of Footprinting

Uncovering URLs, Public and Restricted Sites

Uncovering Company Information Online

Search Engine Footprinting

Gathering Information About Location and People

Uncovering Financial Services Information

Utilizing Job Sites

Utilizing Alerts for Target Monitoring

Gathering Competitive Intelligence

Overview of and Tools for WHOIS Lookup

Extracting Information about DNS

Locating Network Range

Traceroute Tools

Website Mirroring Techniques and Tools

Utilizing www.archive.org and Website Watcher

Email Tracking

Google Hacking Techniques

Google Advance Search Operators

Google Hacking Database (GHDB) and Other Google Hacking Tools

Countermeasures and Penetration Testing for Footprinting


Network Scanning

Tools for Network Scans

ICMP Scanning

Tools for Ping Sweep

3-Way Handshake

TCP Communication Flags and Custom Packets

Hping2 / Hping3 and Commands for Hping

Techniques for Network Scanning

IDS Evasion

Tools for IP Fragmentation

Overview of Scanning Tools

IP Addresses to Avoid Scanning

Countermeasures for Scanning

OS Fingerprinting

GET REQUESTS Command Line

Netcraft and Other Banner Grabbing Tools

Banner Grabbing Countermeasures

Hiding File Extensions

Vulnerability Scanning Tools and Network Vulnerability Scanners

LANsurveyor

Network Mappers

Uses of Proxy Servers

MultiProxy, Free Proxy Servers and Proxy Workbench

Proxifier

SocksChain

TOR and TOR Proxy Chaining Software

HTTP Tunneling Overview and Techniques

Super Network

Httptunnel for Windows and other HTTP Tunneling Tools

SSH Tunneling

Anonymizers  and Tools

Avoid Filters

Circumventing Censorship

G-Zapper

IP Address Spoofing, Detection and Countermeasure Techniques

Scanning – Pen Testing

Enumeration

Enumeration Overview and Techniques

Netbios Tools

Enumerating User Accounts and Systems

SNMP Tools

UNIX/Linux Tools

LDAP Tools

NTP Tools

SMTP Tools

nslookup for DNS Zone Transfer

Countermeasures

Enumeration – Penetration Testing


System Hacking

Password Cracking Techniques

Microsoft Authentication

Overview of Hash Passwords in Windows SAM

LAN Manager Hash

Authentication Protocol – Kerberos

Cryptographic Salts

Password Dumping Tools

Password Cracking Tools

LM Hash Backward Compatibility

Password Cracking Defense Techniques

Privilege Escalation, Tools and Defense Techniques

Active@ Password Changer

Executing Applications and Remote Execution Tools

Overview and Types of Keystroke Loggers

Acoustic/CAM Keylogger

Overview and Types of Spyware

Keylogger Defense Techniques

Spyware Defense Techniques

Rootkits Overview, Types, Detection and Defense

NTFS Data Stream

Steganography Types, Techniques and Tools

Image, Document, Video, Audio, Folder, Spam/Email and Natural Text Steganography

Steganalysis Methods/Attacks

Steganography Detection Tools

Tools for Clearing Your Tracks

System Hacking – Pen Testing

Trojans and Backdoors Countermeasures

Trojans and Their Purpose

Overt and Covert Channels

Infecting a System with a Trojan and Signs of a Trojan Attack

Common Ports Used and Ways to Get a Trojan into a System

Wrappers

Deploying Trojans

Evading Anti-Virus

Trojan Types

Destructive Trojans

Notification Trojans

Credit Card Trojans

Encrypted Trojans

PhoneSnoop – Blackberry Trojan

DNSChanger and Hell Raiser – MAC OS X Trojans

Trojan Detection

Monitoring Tools

Registry Entry Scanning and Monitoring Techniques

Device Drivers Scanning

Windows Services Scanning

Startup Programs Scanning

Files and Folders Scanning

Network Activities Scans

Trojan and Backdoor Countermeasures

Trojan Horse Construction Kit

Types of Anti-Trojan Software

Trojans and Backdoors – Pen Testing


Viruses and Worms

 Virus and Worm Statistics

Virus Life Stages

Virus Infection and Attack Phases

Signs of an Attack

Virus Hoaxes

Analysis of a Virus

Virus Types

Transient and Terminate and Stay Resident Viruses

Analysis of Worms

Creating a Worm

Sheep Dip Computer

Anti-Virus Sensors Systems

Process for Malware Analysis

Bintext – String Extraction Tool

UPX – Compression and Decompression Tool

Process Monitor – Process Monitoring Tools

NetResident – Log Packet Content Monitoring Tools

Ollydbg – Debugging Tool

IDA Pro – Virus Analysis Tool

Tools for Online Malware Testing and Analysis Services

Methods for Virus Detection and Countermeasures

Immunet Protect

Anti-virus Tools

Virus – Pen Testing

 ETHICAL HACKING SECURITY SKILLS

Key issues plaguing the information security world, incident management process, and penetration testing

Footprinting and Reconnaissance

Objectives and Common Threats of Footprinting

Uncovering URLs, Public and Restricted Sites

Uncovering Company Information Online

Search Engine Footprinting

Gathering Information About Location and People

Uncovering Financial Services Information

Utilizing Job Sites

Utilizing Alerts for Target Monitoring

Gathering Competitive Intelligence

Overview of and Tools for WHOIS Lookup

Extracting Information about DNS

Locating Network Range

Traceroute Tools

Website Mirroring Techniques and Tools

Utilizing www.archive.org and Website Watcher

Email Tracking

Google Hacking Techniques

Google Advance Search Operators

Google Hacking Database (GHDB) and Other Google Hacking Tools

Countermeasures and Penetration Testing for Footprinting



Network Scanning

Tools for Network Scans

ICMP Scanning

Tools for Ping Sweep

3-Way Handshake

TCP Communication Flags and Custom Packets

Hping2 / Hping3 and Commands for Hping

Techniques for Network Scanning

IDS Evasion

Tools for IP Fragmentation

Overview of Scanning Tools

IP Addresses to Avoid Scanning

Countermeasures for Scanning

OS Fingerprinting

GET REQUESTS Command Line

Netcraft and Other Banner Grabbing Tools

Banner Grabbing Countermeasures

Hiding File Extensions

Vulnerability Scanning Tools and Network Vulnerability Scanners

LANsurveyor

Network Mappers

Uses of Proxy Servers

MultiProxy, Free Proxy Servers and Proxy Workbench

Proxifier

SocksChain

TOR and TOR Proxy Chaining Software

HTTP Tunneling Overview and Techniques

Super Network

Httptunnel for Windows and other HTTP Tunneling Tools

SSH Tunneling

Anonymizers and Tools

Avoid Filters

Circumventing Censorship

G-Zapper

IP Address Spoofing, Detection and Countermeasure Techniques

Scanning – Pen Testing

Enumeration

Enumeration Overview and Techniques

Netbios Tools

Enumerating User Accounts and Systems

SNMP Tools

UNIX/Linux Tools

LDAP Tools

NTP Tools

SMTP Tools

nslookup for DNS Zone Transfer

Countermeasures

Enumeration – Penetration Testing



Continued Listing
free html web site builder software