Skip to content

Commit 125f68a

Browse files
htlin222claude
andcommitted
Enrich knowledge base with edoardottt's Security+ notes
Integrate technical details from github.com/edoardottt/CompTIA-Security-notes (SY0-601, passed 788) into existing topic pages and glossary: - Glossary: +225 acronym entries (563 → 788 total) - Domain 1: credential harvesting, juice jacking, FM-200, PDS, Bluetooth attacks - Domain 2: XML/LDAP/DLL injection, pass-the-hash, adware, cryptojacking, VM sprawl - Domain 3: key stretching, PFS, NTRU, edge/fog computing, EAP variants, RAID, cert formats - Domain 4: forensic tools (FTK/Autopsy/dd), PICERL, MITRE ATT&CK, Diamond Model, Kill Chain, syslog levels, biometric FAR/FRR/CER, nmap, Wireshark, tcpdump - Domain 5: ISO 27701/31000, NIST RMF steps, RTO/RPO/MTTR/MTBF, EOL/EOSL, job rotation, mandatory vacations, MOU/MSA/BPA, COOP All additions are surgical inserts into existing Key Concepts sections. 46 files changed, ~150 new bullet points, 225 new glossary entries. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1 parent 776285a commit 125f68a

46 files changed

Lines changed: 380 additions & 13 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

content/domain-1-general-security/attack-vectors.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -46,6 +46,9 @@ An attack vector is the path or method a threat actor uses to gain unauthorized
4646
- SolarWinds-style attacks through trusted update mechanisms
4747
- **[[human-vectors|Human vectors]]** — social engineering exploiting human psychology
4848
- **[[attack-surface-management|Attack surface management]]** — continuously identifying and reducing exposure across all vectors
49+
- **Bluetooth-based vectors**
50+
- **Bluejacking** — sending unsolicited messages to Bluetooth-enabled devices (annoying, not data theft)
51+
- **Bluesnarfing** — unauthorized access to data on Bluetooth devices (contacts, emails, calendars)
4952

5053
## Exam Tips
5154

content/domain-1-general-security/physical-security.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,12 @@ Physical security encompasses the tangible controls that protect an organization
3939
- **[[secure-areas|Secure areas]]** — server rooms, data centers, wiring closets; require restricted access
4040
- **[[environmental-controls|Environmental controls]]** — fire suppression (wet pipe, dry pipe, clean agent), HVAC, humidity control
4141
- **[[faraday-cage|Faraday cage]]** — blocks electromagnetic signals; prevents eavesdropping and signal leakage
42+
- **USB data blocker** — device that blocks data pins on USB connections, allowing only power (prevents juice jacking)
43+
- **Juice jacking** — attack using compromised USB charging stations to steal data or install malware
44+
- **FM-200** — clean agent fire suppression system safe for use around electronic equipment; replaces older Halon systems
45+
- **Protected Distribution System (PDS)** — hardened conduit system for securing network cabling against tapping or interception
46+
- **Data destruction methods** — overwriting, degaussing (using magnetic fields to erase), physical destruction (shredding, incineration)
47+
- **Purging vs. sanitization** — purging removes data so it cannot be reconstructed; sanitization makes media suitable for reuse
4248

4349
## Exam Tips
4450

content/domain-1-general-security/social-engineering.md

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -31,9 +31,10 @@ Social engineering is the art of manipulating people into performing actions or
3131
- **[[tailgatingpiggybacking|Tailgating/Piggybacking]]** — following an authorized person through a secured door
3232
- Tailgating = without their knowledge; Piggybacking = with their consent
3333
- **[[watering-hole-attack|Watering hole attack]]** — compromising a website frequently visited by the target group
34-
- **[[typosquatting|Typosquatting]]** — registering domains similar to legitimate ones to capture mistyped URLs
34+
- **[[typosquatting|Typosquatting]]**also known as **URL hijacking**; registering domains similar to legitimate ones to capture mistyped URLs; relies on common typing errors
3535
- **[[brand-impersonation|Brand impersonation]]** — creating fake websites, emails, or social media profiles mimicking trusted brands
36-
- **[[influence-campaigns|Influence campaigns]]** — large-scale disinformation operations to manipulate public opinion
36+
- **[[influence-campaigns|Influence campaigns]]** — large-scale disinformation operations to manipulate public opinion; may include **hybrid warfare** combining cyber operations with disinformation
37+
- **Credential harvesting** — collecting usernames and passwords via fake login pages or forms, often delivered through phishing campaigns
3738
- **Psychological principles exploited**:
3839
- Authority, urgency, scarcity, social proof, likability, fear, intimidation, consensus
3940

content/domain-1-general-security/threat-actors.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,7 @@ Threat actors are individuals or groups that pose a risk to an organization's se
4545
- **Resources/Funding** — determines tools, persistence, and capabilities
4646
- **Intent/Motivation** — financial gain, espionage, disruption, ideology, revenge
4747
- **Attack surface** — the totality of points where an attacker can try to enter (see [[attack-vectors]])
48+
- **Wardriving** / **Warflying** — scanning for wireless networks from a moving vehicle or drone to identify vulnerable access points
4849

4950
## Exam Tips
5051

content/domain-2-threats-vulnerabilities/application-attacks.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,10 @@ Application attacks exploit vulnerabilities in software applications — particu
3131
- **[[resource-exhaustion|Resource exhaustion]]**: Consuming all available memory, CPU, disk, or connections to cause denial of service
3232
- **Injection attacks**: Inserting malicious input into application commands — covered in detail in [[injection-attacks]]
3333
- **[[server-side-request-forgery-ssrf|Server-Side Request Forgery (SSRF)]]**: Tricking the server into making requests to internal resources on behalf of the attacker
34+
- **[[xml-injection-xxe|XML injection]]** — inserting malicious XML content to manipulate XML parsers and data processing
35+
- **[[ldap-injection|LDAP injection]]** — exploiting web applications that construct LDAP queries from user input
36+
- **[[dll-injection|DLL injection]]** — injecting malicious Dynamic Link Libraries into running processes to execute arbitrary code
37+
- **[[pass-the-hash|Pass the hash]]** — using captured password hashes to authenticate without knowing the plaintext password
3438

3539
## Exam Tips
3640

content/domain-2-threats-vulnerabilities/malware-types.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,8 @@ Malware (malicious software) is any software intentionally designed to cause dam
3232
- **[[potentially-unwanted-programs-pups|Potentially Unwanted Programs (PUPs)]]**: Adware, toolbars, and bundled software that may not be strictly malicious but degrades security
3333
- **[[polymorphic-malware|Polymorphic malware]]**: Changes its code signature with each infection to evade signature-based detection
3434
- **[[metamorphic-malware|Metamorphic malware]]**: Completely rewrites its own code while maintaining functionality
35+
- **Adware** — software that automatically displays or downloads advertisements; may track browsing habits
36+
- **Cryptojacking** — unauthorized use of computing resources to mine cryptocurrency
3537

3638
## Exam Tips
3739

content/domain-2-threats-vulnerabilities/network-attacks.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,9 @@ Network attacks target the infrastructure, protocols, and communications that co
3030
- **[[amplification-attack|Amplification attack]]**: Using protocols like DNS, NTP, or memcached to amplify a small request into a massive response directed at the victim
3131
- **[[ip-spoofing|IP spoofing]]**: Forging the source IP address of packets to impersonate another system or hide the attacker's identity
3232
- **[[port-scanning|Port scanning]]**: Enumerating open ports and services on target systems (reconnaissance phase)
33+
- **[[bluetooth-attacks|Bluejacking]]** — sending unsolicited messages via Bluetooth (nuisance, not data theft)
34+
- **[[bluetooth-attacks|Bluesnarfing]]** — unauthorized access to data through Bluetooth connections (more serious than bluejacking)
35+
- **Broadcast storm** — excessive broadcast traffic overwhelming a network segment
3336

3437
## Exam Tips
3538

content/domain-2-threats-vulnerabilities/vulnerability-types.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,7 @@ Vulnerabilities are weaknesses in systems, software, processes, or configuration
3131
- **[[third-partysupply-chain-risks|Third-party/supply chain risks]]**: Vulnerabilities in vendor software, libraries, or dependencies (e.g., Log4Shell)
3232
- **[[human-factors|Human factors]]**: Lack of training, social engineering susceptibility, insider threats
3333
- **[[hardware-vulnerabilities|Hardware vulnerabilities]]**: Side-channel attacks, firmware flaws (Spectre, Meltdown), end-of-life hardware
34+
- **VM sprawl** — uncontrolled proliferation of virtual machines, increasing attack surface and management complexity
3435

3536
## Exam Tips
3637

content/domain-3-security-architecture/cloud-security.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,12 @@ Cloud security addresses the unique risks and shared responsibilities of deployi
3535
- **[[multitenancy-risks|Multitenancy risks]]** — data isolation between tenants; side-channel attacks; resource contention
3636
- **[[api-security|API security]]** — cloud services are API-driven; securing APIs is critical to cloud security
3737
- **[[secrets-management|Secrets management]]** — storing credentials, keys, and tokens securely in cloud environments
38+
- **Edge computing** — processing data near the source rather than in a centralized cloud data center
39+
- **Fog computing** — extends cloud computing to the network edge, providing local processing and storage
40+
- **VPC (Virtual Private Cloud)** — isolated virtual network within a public cloud provider
41+
- **Transit gateway** — centralized hub connecting multiple VPCs and on-premises networks
42+
- **Availability zones** — physically separate data centers within a cloud region for redundancy
43+
- **SWG (Secure Web Gateway)** — filters unwanted software and enforces corporate policy for web traffic
3844

3945
## Exam Tips
4046

content/domain-3-security-architecture/data-protection.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,7 @@ Data protection involves implementing controls to ensure that data remains confi
3737
- **Degaussing** — magnetic field destroys data on magnetic media; does not work on SSDs
3838
- **Physical destruction** — shredding, incineration, pulverizing
3939
- **Cryptographic erasure** — destroying the encryption key renders encrypted data unrecoverable
40+
- **Data minimization** — collecting and retaining only the minimum data necessary for the stated purpose
4041

4142
## Exam Tips
4243

0 commit comments

Comments
 (0)