Anything you want to add to either layer?

Here are some common types of attack vectors:

- Weak or Compromised Access Credentials
- Phishing
- Malware
- Unpatched Software
- Third-party vendors & service providers
- Insider Threats
- Lack of Encryption
- Misconfigurations
- Trust Relationships
- Brute Force
- DDoS Attacks
- SQL Injections
- Cross-site scripting (XSS)
- Man-in-the-Middle (MITM)
- Session Hijacking


Got anymore to add to my list!!

Write Blocker - a forensic tool, to prevent the capture or analysis,
device or workstation, from changing data on a target disk or media.

Anyone ever used this tool?

STIX/TAXII is a joint global initiative to drive threat intelligence sharing and collaboration among authorities.

STIX and TAXII allow transportation of threat information among IT security and intelligence technologies.

STIX (Structured Threat Information eXpression) and TAXII (Trusted Automated eXchange of Indicator Information) are pioneering standards developed under the Cyber Threat Intelligence Technical Committee, aiming to foster collaboration, standardization, and automation within the field of CTI (Cyber Threat Intelligence).



STIX provides a common syntax so users can describe threats consistently by their motivations, abilities, capabilities, and responses.

Structured Threat Information Expression (STIX) is a language and serialization format used to exchange cyber threat intelligence (CTI).

STIX is open source and free, allowing those interested to contribute and ask questions freely.

STIX is for anyone involved in defending networks or systems against cyber threats, including cyber defenders, cyber threat analysts, malware analysts, security tool vendors, security researchers, threat sharing communities, and more.

STIX is a standardized language that allows for the detailed representation and contextualization of cyber threat information. By providing a structured format, STIX ensures a unified way of describing diverse cyber threat information, thereby facilitating more effective communication, analysis, and application of this information.



Trusted Automated eXchange of Intelligence Information (TAXII) is the format through which threat intelligence data is transmitted.

TAXII is a communication protocol that supports the exchange of cyber threat information, including STIX data, in a secure and automated manner. It outlines how to transport these data, regardless of the method or mechanism, ensuring the safe, reliable, and efficient exchange of information.




Bonus Coverage:

What are the types of Threat Intelligence?
Cyber Threat Intelligence is mainly categorized as strategic, tactical, technical, and operational.




Is either of these - STIX or TAXII - covered in any of the CompTIA courses?????

Hello CINners,



When I launch one of my web browsers (Edge, Chrome, Firefox), there's always
multiple browser processes that are running - even though I only have one tab
open on the web browser. Why do I see these multiple browser processes in
Task Manager, when I only have a single tab open in my browser? I've never
understood this - and I don't recall ever being educated on this. I did say I don't
recall

I promise, I have ONLY one tab open!!!!

Thanks CINners!

CompTIA examinations can indeed be tough, particularly to those who are fresh. There are many students who are not good at managing time, while there are others who simply try too hard to figure out performance-based questions.

As instructors, let’s share tips to help our learners prepare effectively, control anxiety and have a go at the examination.

Got the results for the beta exams I took earlier this year.

It was a pass and a pass!!

Wanted to share it with like-minded folks as I know you know ,that I know that you know what I'm so excited about!

Gonna celebrate! Karaoke anyone?

A student reach out to me asking about getting the Sec+ certification. They attempted the Net+ exam and failed (scoring a 518). They asked if they can 'skip' over the Net+ and go straight for the Security +. My response was a resounding no. The student did explain that they've completed their associates degree in IT and they're not working in the profession yet.

I encouraged the student to seek their A+ first. Is it just me, or are students 'jumping the line' for higher certifications. Particularly, without the requisite knowledge, training, or real world experience that aid in learning and progressing.

To the fellow CINers, what's your take on this.

Hello CINners,

Is AV software intended to detect Ransomware?

Thanks

Dear CINners,

Due to overlapping engagements, I will be unable to attend the CIN Sneak Peek, on this coming Thursday, December 12, at 1pm CST. Is there anyone else planning to attend, whom I can trust, to take attendance in my absence? Let me know.

Thank you in advance!

Hello CINners,

Is Phishing covered in any of the CompTIA courses? If that is the case,
that would mean that it's probably also assessed on an exam. If so,
which exam(s)?

Thanks CINners!!!

I'd like to get some suggestions from you CINners on basic cybersecurity hygiene.
Keep it simple (e.g. brush after every meal is recommended in the area of dental hygiene)!!!!

Okay, give me what you got!!!!

Hello CINners,

Is Zero Touch Provisioning covered in any of the CompTIA courses?

Thanks CINners

Hello CINners,

Does anyone out there encrypt the hard drive on your home computer?
If so, what encryption algorithm do you use?

Microsoft issued 71 patches for December Patch Tuesday to address vulnerabilities that include a zero-day bug in the Windows Common Log File System, which is under active exploit, and could enable system-level privileges.

Other critical vulnerabilities include a remote code execution flaw in Windows Lightweight Directory Access Protocol, and one in Hyper-V, that could allow code execution on the host operating system.

71 patches? Just for the month of December? Ouch!!!!

Well, as the old saying goes, "it's all relative" - I say that because, relative to the year's total of 1,020 patches for the very popular OS, 71 for a single month ain't that bad

Peace and blessings to all those with the responsibility of guarding the Microsoft Windows OS palace!!!

Hello CINners,

Is there much coverage of Private Clouds in any of the CompTIA courses?
I would imagine that if there was, the most coverage would be in the Cloud+
course.

Thanks CINners

Hello CINners,

Does anyone know what is responsible for the Microsoft Sharepoint process
to automatically run? Each time I awake my computer from "sleep" mode,
or start from a cold boot, that Microsoft Sharepoint process is going to
appear in the list of processes, on the Processes tab in Task Manager.

Is there something in Windows 10 that requires Microsoft Sharepoint to be
running?

The great news is that I can terminate it, using the "End Task" button in
Task Manager, and it will go away for the duration of my computer running.

That Microsoft Sharepoint process isn't causing any issues - none that I know
of anyway. I'm just trying to lighten the load of my CPU - it's old like I am!!

Thanks CINners!!!

Hi Everyone,

I’m P. Divakaran, an IT instructor with experience teaching hardware and software troubleshooting. I’m planning to earn the CompTIA CTT+ certification to enhance my teaching credentials. I’d appreciate your guidance on:

1. The best resources for studying TK0-201 and preparing for the TK0-202 video submission.
2. Tips for recording and submitting a video for the performance-based exam.
3. Any personal experiences or insights about the exam process, particularly the online proctoring option.

Thank you in advance for your support!

Big Thanks @Stephen Schneiter! I have received my Tech+ voucher.

Hello CINners,

When I launch Microsoft Edge, the Microsoft Store process starts.
Does anyone know why this happens? Is there some connection
with Microsoft Edge and Microsoft Store?

Standing by ...

Hello CINners,

Anyone by chance know of the whereabouts of an On-Demand TTT Session for Linux+?

If not, what about access to a CertMaster for Linux+?

I ain't greedy, but I'll take both!!!

Thanks CINners!

I'm at a loss here. A student had a Title IX situation late in the semester. I offered them an "incomplete" grade to give them more time to complete the materials for TestOut (TO) Network Pro and another TO title. Unfortunately, the student can't complete the materials before Network Pro retires on Dec. 20th. I believe in this student, and it took a bit to convince them to take the incomplete grade. Now, I feel like I've set them up for failure on the Network Pro. Any ideas?

Hello CINners!

At this time of year, the world is preparing to celebrate Christmas, Hanukkah, Kwanzaa, Diwali, or another celebration.

We would like to know what you are celebrating. What traditions make this time of year special to you? Is there something you look forward to this time of year, a favorite event, activity or food & beverage?

Let's share with the community so we can all celebrate together!