Pass Your Amazon AWS Certified Security - Specialty Exam Easy!

Amazon AWS Certified Security - Specialty AWS Certified Security - Specialty (SCS-C01) exam dumps vce, practice test questions, study guide & video training course to study and pass quickly and easily. Amazon AWS Certified Security - Specialty AWS Certified Security - Specialty (SCS-C01) exam dumps & practice test questions and answers. You need avanset vce exam simulator in order to study the Amazon AWS Certified Security - Specialty certification exam dumps & Amazon AWS Certified Security - Specialty practice test questions in vce format.

Domain 2 - Logging & Monitoring

1. Introduction to Vulnerability, Exploit, Payload.

Hey everyone and welcome back to the Knowledge Portal video series. Now in today's lecture, we will be speaking about vulnerability, exploit, and payload. Now, these three terms are generally referred to as the "ethical hacking methodology," and these terms are taught in certifications like CISSP or "certified ethical hacker" and other relevant ones. Now, in today's lecture, we will understand all of these three terms because they are important as far as the security aspect is concerned. So let's start. Now, whenever I teach vulnerability, exploit, and payload, one of the simplest terms through which this can be understood is this particular house. Now let's assume this is a house and this is a robber. Now there are various entry points inside this house. So first you have a door. So you see, Robert will try to connect through the door, but since it is locked, he cannot enter in.So he'll try through the window. Again, this window is locked and he will not be able to enter in.Now, there is one more entry point that you see on the first floor. Again, this entry point is locked, and he cannot enter from here either. Now, through careful exploration of this house, he found that, at the side of this house, there is a small hole through which the hacker can enter inside this particular house. And this small hole, through which the attacker can enter inside, is called a vulnerability. Now, looking at the same example we looked at, this small hole is called a vulnerability. So vulnerability is the hole on the side of the house, and exploit is the robber; the one who is going inside is the exploit. And the payload is basically what a robber will do once he gets inside the house. So he might choose to steal something; he might choose not to steal something; it really depends. So that is called the exploit. When we talk about security terminology, or computer terminology, a vulnerability is a bad piece of software code. Exploit is a programme that will exploit the code to get inside. And payload is something like whathappens when the exploit goes inside. It can steal the data, install ransomware, and use that host to send spam, emails, et cetera.So this thing really depends on what kind of payload a hacker has written. So when you talk about servers, there are lots of vulnerabilities that you will find every month that keep on getting discovered. So I have done a simple scan on one of the internal servers through a vulnerability scanner, and the vulnerability scanner has detected a large number of vulnerabilities. So you'll see vulnerabilities related to Firefox, Lib, and XML, and if you go down, you'll see NSS and Thunderbolt vulnerabilities, and it also reads the vulnerability based on its criticality. As a security engineer, we must ensure that the number of vulnerabilities present is either zero or very low, with a low risk of exploitation. As a result, if vulnerabilities exist within a server, attackers will be able to exploit them. So as a security engineer, you have to make sure that these vulnerabilities are not present. Now, the vulnerabilities that you will see over here are basically related to the system packages. Now vulnerability can also be created due to abad written software code like you might have heardabout SQL injection or cross site scripting. So those are all the vulnerabilities that exist as a result of the lack of properly secure code. So that's the fundamentals of vulnerability, exploit, and payload. Now, this lecture was meant to provide a higher-level overview. In the subsequent lecture, we will be going into more detail about this VP methodology, and we'll also look at a practical scenario on how a server can be hacked with a higher level of vulnerability.

2. VEP Practical - Hacking inside a test farm.

Hey everyone and welcome to the Kplabs course. In today's practical demo lecture, I'll show you exactly how a server or even a desktop workstation can run a vulnerable version of software. Software can be hacked. So for our demo purpose, what we'll be doing is we'll be using the Windows operating system, and there is vulnerable software called Easy Chat that is running. So let me quickly show you. So this is my Windows 10 machine, and we have an easy chat server that is online, and there is a vulnerability that is associated with this ezchat server. So we'll be using Kalinx to exploit that specific vulnerability. Now in today's lecture we'll just have a high-level demo related to how things would really work so that you can get an overview of that. So, within the terminal, the scanning is usually the first thing done. So, as you can see, I ran an Nmap scan with the SV switch on the IP address of the Windows 10 computer, and there are two software programmes bound to port 84 3. So you have an easy chat server which is runningon port 80 as well as four four three. Now it is also showing you the version because we have specified the hyphen V switch. Perfect. So let's do one thing: let's quickly open up the MSF console, which is Metasploit, and we'll look into how we can exploit the vulnerability. So this specific version of EasyChat server has a buffer overflow vulnerability, and there is also a freely available exploit that is present. So let's quickly do a search on Easy Chat. So this will basically search for an exploit for this easy chat software. So you will see there are two exploits available, both related to the buffer overflow. Now there is also a ranking of "normal" and "great." So we'll be using the second exploit. So just type: "Use exploit windows: HTTP://EFS" EasyChat serverusername I'll quickly do a show option, and here you'll have to feed in the IP address of the Windows server that is running this easy chat server. So I'll run rhost 192-1689 2130. Now that you have set the IP address, the RPO by default is 80, and we see that the Easy Chat server is already running on 80. Perfect. So now that we have our base set, you can go ahead and type exploit, and it will send an exploit, and it will try to get a metaphor for the session. So this is where the exploit has been sent, and now you see the MetaPrattor session is being opened. So if I do a quick LS, you will see that this is the file that contains the files that are being shown from the desktop. So let me just quickly create a new file. I'll quickly name it "test" and create it from the Kalalino if I do LS again. You'll notice that I have a file called Test Exe. So basically, what has happened is that I have shell privileges for the Windows operating system. So, if you do a quick check, you'll notice that this is a Windows 10 computer. The architecture is X 64. Perfect. So once you have the metaphor deter shell, you can run a lot of interesting commands. Let me just show you a high leveloverview related to some of the interesting command. So, for some of the interesting commands, let's start from the top. So these are all the commands that are available, which you can run on top of Windows. So let's run this specific one, which is a screenshot. So a screenshot will basically take a screenshot of the desktop that is running. So let me just quickly open up the file where the screenshot is saved. So this is a screenshot of Windows Ten that was taken during the meterpreter session. Perfect. This seems to be quite interesting. Let me show you one more interesting thing. I'll say "key scan and score start." So basically, this will start the key logger. So basically, how this would actually work is that you would go to a payment gateway and enter your credit card information. So let me just put in some random information related to credit card CVV. Now, you have entered this information into a secure website containing HTTP. But if you already have a metaphrase, you don't really have to worry. So I'll perform a key scan and underscore dump, and as you can see, you now have exact information on what the user has tied within the operating system. So this is a keylogger—a very dangerous one, I would actually say. also a very interesting one. So, a few more interesting things If you'll see over here, there are certain webcam commands as well. One command is related to recording the microphone, so you can actually record the microphone. Then there's webcam snap. You have a webcam stream, so you can even stream the video. So let me just try a webcam snap. So what this will do is let you see that it has actually taken a snapshot of the webcam that is running. So if this is a laptop, you will be able to take a snapshot, and that snapshot will be shown to you. So you can actually have a live demo related to the user who is operating the Windows OS. So that's quite interesting. One more thing that I wanted to show you before we conclude is the PS command. So generally, whenever you run the PS command, it will show you details related to the processes that are running. Now, the chances are that there will be an antivirus processor that detects malware that is running. And if you find that there is an antimalware or antivirus, you can go ahead and deploy the killcommand, which would kill the antivirus as well as the antimalware. So these are some of the high-level overviews related to the things that you can do. As you'll see, there are a lot of things that you can do once you have the metaphytor session, which is established with the vulnerable machine. So this is it for this lecture. This lecture was just meant to give you a high-level overview related to what can be done if you are running vulnerable software in your service or even on your desktop. This is why it is recommended that you patch all of your running services. So this is it for this lecture. I hope this has been informative for you, and I look forward to seeing you in the next lecture.

3. Understanding Automated Vulnerability Scanners

Hey everyone and welcome back to the Knowledge Portal video series. Now, in the previous lecture, we looked into how a vulnerability in an application can be exploited. And once the vulnerability is exploited, depending on what kind of payload is sent, an attacker can gain full control over a system. So in today's lecture, we will look into how we can really scan for vulnerabilities in our systems as well as servers. So let's start. Now, I am running Nessus on my local machine over here, and Nessus is one of the vulnerability scanners—I would say an automated vulnerability scanner—that detects vulnerabilities within a particular system. Now, this is one of my favourite vulnerability scanners because of its simplicity and ease of use. So I have created one sample scan. So if I just click over here, you'll see I have scanned my local machine. Now, if I just click over here, you'll see that Nessus will display the vulnerabilities in order of severity.So you have critical, you have high, you have medium, and you have info level. And it will also show you the graph related to the vulnerabilities in a very easy-to-understand manner. Now, ideally, as a security engineer, you should be using some kind of vulnerability tool to scan all the servers and workstations present within your organization. So, if your server has many vulnerabilities and the firewall port is open, an attacker can connect and try to exploit the vulnerability.And once he is successfully able to exploit the vulnerability, he can use your servers as a proxy to do some kind of evil thing. Now, just let me show you how we can use Nessus to scan for various servers. Now, when you click on "New Scan" over here, you see there are a lot of scan policies that are available. You have a PCI network scan. You also have a scan related to AWS cloud infrastructure. So you must enter your access and secret key.And Nessus will scan your AWS infrastructure depending on the best practises for security. For our case, since I'm using a trial version over here, we will do a basic network scan. Now you have to name the scan—let's say Mac internal laptop scan. And in the target section, I have to put in the IP addresses of the server, which I have to scan. So in my case, I use 12701. And if you are connecting to a remote server, then you have to put in the credentials as well, depending upon what kind of authentication you're using—public key or maybe password. You have to enter your username as well as your private key so that Nessus can log into the server. Now, since I am scanning my internal laptop over here, I don't really need credentials. So I can proceed without a credential over here. Now, I will click here on the dropdown, and I'll click on launch. It seems what I have to do is remove this particular box that I've created anyway. So I'll click on Launch, and you'll see the scanning has started successfully. If I click on "all scans" over here, this is the Mac internal laptop scan. And Nessus will scan this particular laptop, and Eddie will show you all the vulnerabilities present. Now, I have been working on issues related to vulnerability assessment and patch management activity in the payments organisation for the past two to three years. And what I've found is that every week you will find some kind of high-level vulnerability that just keeps coming. We had around 400 servers, and our patch management activity or VAPT activity was around once a month. So we used to scan for all the servers. We had around 400 servers, so we used Nessa. We used to scan all 400 servers with our Nessus. And whatever vulnerability we used to get, like whatever vulnerability we used to get over here, we used to patch all of those vulnerabilities and then rescan all of the servers to ensure that no high-level vulnerabilities were present in any of the servers.And this is also one of the mandatory requirements if you are based on compliance, like PCI or DSS. So as you'll see, it has actually started to show the vulnerabilities in our internal laptop scan. Now the question is, is necessary best tool? It really depends. There are a lot of tools available. You have nests. You have Netflix. Then as far as AWS is concerned, AWS has recently released AWS Inspector, which can do a similar type of scanning. But from what I have observed, AWS Inspector needs a lot of improvements. It is not up to the mark as far as 2017 and 2018 are concerned. So if you are an enterprise, and if you really want to scan your servers, I would really encourage you to buy the necessary professional licence for your organization. It is not really expensive. To be true for organisations It is not expensive. Let me just go to Google and show you. Actually, Nest is one of the cheapest vulnerability scanners that you will find on the market. So if you just go to NESSUS, let me just open up the website. So there are a lot of Nessus products that are available. We are more interested in Nessus professional. Nessus Professional really does the job. So you see, Nessus is professional. So this can be installed on your laptop. This can be installed on your server as well. In my case and the organisation that I used to work with, we had Nessus installed on the server inside AWS. And from that server, we used to scan all other servers within our account. So you can opt for free trial over here. So Nessus does offer a seven-day free trial. If you'll see, you have to put in your username, name, last name, and work email. So at the@gmail.com will not work you can putin these details and you can click on register. Nessus will send you the licence key, and you can go ahead and install and explore Nessus for your environment. So again, this is the basic information about the vulnerability assessment through automated tools like Nests; this is a short video, and in the upcoming sections, we will talk about AWS Inspector because that is more relevant to the AWS Cloud security certifications. So I hope this has been informative for you, and I look forward to seeing you in the next lecture. Bye.

4. Common Vulnerabilities Exposures & CVSS

Hey everyone and welcome back to the Knowledge Portal video series. We're now continuing our journey with the vulnerability exploit and payload section. Today we'll be talking about one of the very important topics in assessment, which is called CVE and CVSS. So let's go ahead and understand what they mean. Now, CVE stands for Common Vulnerabilities and Exposure, and it is basically a dictionary of publicly known vulnerabilities that are discovered. Now, since this is a dictionary, it has to be managed by someone, and generally, when we talk about dictionaries, Oxford is something that is very famous. Similarly, the CVE dictionary is managed by NISD, which provides one of the best frameworks in security as well as other areas. And the primary source for CV is the National Vulnerability Database. So the entry for CVS looks something like the screenshot that I've attached, and there are two important fields here. One is the CVE ID, and the second is the description of the vulnerability and what exactly that vulnerability is. So let's go ahead and understand more about it. If you just do a simple engineer's CV, Let me go to the official engineer's website, where they post security advisories. Now if you look, there are a lot of security vulnerabilities that are present in the engineers, and in the security vulnerabilities on the engineers' official website, they have given the relevant CVE IDs. So any vulnerability which is discouraged publicly,that vulnerability is entered into the CVEthrough the National Vulnerability Database. So let's click on this particular CVE ID, and let's look into what it is. So there was a vulnerability that was discovered in engines a long time ago, and that vulnerability has been given a unique CVE ID. The description is also given, like "what exactly is this particular vulnerability all about?" So it is related to the integer overflow. So this gives you the description. Now when you go into the National Vulnerability Database So we already looked at the primary source of CBE, which is the National Vulnerability Database, and NVD gives a lot of information related to a particular vulnerability. So let me just click here, and it will take me to the NVD database if you see that it is managed by NISD. So the first thing that you will find in the NVT database is the CVE ID, which is associated with a particular vulnerability. Then you find the description, and now you find the impact score. Now if you look at the impact score, you have the CVSS version three base score of seven and five, which is high. So this vulnerability is a high-level vulnerability. So we looked into Nessus, and Nessus provided us with various vulnerability-related colour systems. like you have medium, you have high, and you have critical. So in this case, the CVS score associated is 7.5, which is high. Now, CVSS basically stands for Common Vulnerability Scoring System. Now, earlier CVSS version two was used, but today version three has also been introduced. Now there are a lot of parameters based on which a CBS score is determined. Now these are the parameters related to confidentiality, integrity, and availability. It also looks into the exploit ability score to see how easy or difficult it is to exploit this particular vulnerability. Okay? And it also tells us which arethe engines version, these are the engineerversions which have this specific vulnerability. So it really gives a lot of information related to a vulnerability system and a vulnerability. Now if you are wondering how vulnerability scanners work, they do not really work in a magical way. All they do is consult the CVE, and they consult the National Vulnerability Database. They take the information from here and generally give it to you in a graphical manner. So let me actually show you how that really works. Okay, let me just log in. Now if you'll see over here, Nessus is showing me a lot of vulnerabilities with a severity score of critical, high, medium, info, et cetera. Now if I just click on any one of them, let me just click on this specific one, which is Apple Safari, and it is showing me that this particular Apple Safari is associated with a lot of vulnerabilities. Now, how did it find the vulnerabilities associated with it? The first step that Nessa or any vulnerability generally does is check for the version number of Safari. So in my case, it is version ten one.So now a vulnerability scanner knows that there is one application called Apple Safari, which is running on version 10.1. The CVE database is then scanned by CVE or CVSS, which is the next step in the process. So I'll say Safari. Let me go to Google Safari 10.1 CV, and here what will really happen is if you go down, let me just open up the link, and here you will see there are lists of all the vulnerabilities that are associated with Safari 10.1. So these are all the vulnerabilities that are associated with The vulnerability scanner will look into the associated CVE. Then once it knows the associated CVE, it will check the CVSS core. So if the CVSS score, if you look here, is 9.3, and depending upon the CVSS score over here, the vulnerability scanner will associate a severity score that is high over here. And if you look over here, there are a lot of CVE IDs that are associated with this particular vulnerability. So, hopefully, you now have a better understanding of how a vulnerability scanner works. The benefits of having an automated vulnerability scanner are that you don't really have to see that there can be hundreds of packages that can be installed within a server, and manually looking into the package version and doing a Google search and searching the CVE site is really not possible as far as manual work is concerned. And this is one of the reasons why automated scanners are generally used. So I really hope that you have a basic understanding of what a CVE is, what a CVSS is, and how automated vulnerability scanners make use of CVE and CVSS to determine vulnerabilities as well as the vulnerability score. Related Information So I hope this has been informative for you, and I'd like to thank you for viewing.

5. Introduction to AWS Inspector

Hey everyone and welcome back to the Knowledge Portal video series. Now, in the previous few lectures we werediscussing the basic about vulnerability exploit payload. We looked into vulnerability automatic vulnerability Tscanners, we also had an overview aboutthe CVE and CVSS based scoring systems. As a result, we can now begin with AWS Inspector. Now, AWS Inspector is yet another automated vulnerability scanner, which will scan your system based on specific assessment rules. Now, depending upon the assessment rules, AWSInspector will provide you with the results. Now, a double inspector does not work based on SSH. However, in order to make it work, we have to install the agent on all the servers that we have to scan with.Now, when we talk about these policies, there are four major policies based on which the AWS Inspector will assess them. The first one is common vulnerability and exposure. So I hope you already know what this specific point means. So Inspector will scan your system, look for available packages, check the CVE to verify if there are any vulnerabilities associated with those packages, and then give you the results. So, that is one. The second point is CIS benchmarks on operating system security. Now, we already discussed the CIS benchmarks earlier, so what this point will do is check the server and verify if the hardening rules are applied according to the CIS benchmark. Now, there is one very important thing to know. I would really say that AWS Inspector is not a very mature solution. Now, when we talk about the CIS benchmark, it only supports the 2015 three-based Amazon Linux AMI. So it does not support CentOS, does not support Ubuntu, and does not support even the latest Amazon Linux 2017 actually supports the two-year-old operating system if you really want to scan based on CIS benchmarks, so it's not very useful. Third are the security best practices, and fourth is the runtime behaviour analysis. So let's look into each one of them so that we can understand what each of these templates means. Now, as the name suggests, the CVE template will scan for all the packages within the operating system. So an agent will be installed in the server, and the agent will verify the package versions that are installed in the server. It will check the CBE to verify if there are any vulnerabilities associated with those package versions. And if vulnerabilities are associated with them, it will give you the result. So this is the sample result. If the severity rating is high, it will also display CVE-related information. Now, we can also export this particular data in a PDF format, which we will be looking at in the practical session. So this is the first template, which is the common vulnerability and exposure that Inspector supports. Now the second important template is the CIS benchmarks, level one. So what this particular template will do is verify that the server is following the hardening benchmark set by CIS. Now again, as far as Linux is concerned, it only supports Amazon Linux 2015 Three.So this is not a very useful template to work with—only if you are running a two-year-old operating system, then you can run this specific benchmark. The third template is for security best practices. Although it says Best Practices, it does not really check much; it just does the very basic things like verifying if the root login is disabled and checking if SSH is on version 2, which is again by default. It will check if password authentication is disabled, the password complexity, and all those very basic things. There are currently only nine rules, and these are the nine rules that are supported under security best practices. Now, this is not a very interesting thing that you might want to use Inspector for, but just for our own understanding purposes, we are just covering what features are supported features.And the fourth thing that AWS Inspector does is that it supports runtime behavioural analysis. Now, this might be useful. So it checks for various things like unused listening, TCP ports, insecure server protocols, and stack cookies. So stack cookies are generally like canaries used. If not used, then it leads to a buffer overflow attack. So software is required to stack cookies and other similar tasks. Now, as an overall package for AWS Inspector, at a personal level, I will not really suggest it because it is not a very mature solution right now. But the only interesting thing that I have found in AWS Inspector is the pre-first rule template, which is the CVE Common Vulnerabilities and Exposure

Go to testing centre with ease on our mind when you use Amazon AWS Certified Security - Specialty vce exam dumps, practice test questions and answers. Amazon AWS Certified Security - Specialty AWS Certified Security - Specialty (SCS-C01) certification practice test questions and answers, study guide, exam dumps and video training course in vce format to help you study with ease. Prepare with confidence and study using Amazon AWS Certified Security - Specialty exam dumps & practice test questions and answers vce from ExamCollection.