Hello fellow CINers! I just wanted to share that I have successfully completed my Pentest exam with a 760/750! I know the beta is out but I needed this to finish my degree. This is the hardest test I have taken thus far. Whew! Now on to the N009 and I will be done for a while. My brain needs a break!

I took Cloud+ few days ago and passed

Hello,
I've attended all the Tech+ that was kept in September, however, I still haven't received any certification voucher. Can anyone provide an update as what am I to do.

It is time! The brand new CompTIA certification for advanced networking, CloudNetX CNX-001 is coming! Join us as we welcome @jasoneckert who will share his insights from an industry network architect and instructor experience. Join the conversation as we discuss various types of scenarios and ways to prepare students for the exam when it is released in 2025.

The CompTIA CloudNetX+ certification exam will:

• Validate skills in advanced network and system architecture for designing and managing complex, hybrid, IT infrastructures.
• Be designed around the tasks performed by a network architect, infrastructure architect, enterprise architect and cloud architect.
• Be a natural progression for the job roles aligned to CompTIA Network+ and CompTIA Cloud+

What: CIN Sneak Peek Series CloudNetX CNX-001
When: December 12, 2024, 1:00-3:00 pm CDT
Who: Jason Eckert
Where: ON24
REGISTER HERE

Principles (reasons for effectiveness) objective 1.1 CompTIA Security plus Sy0-601

Authority: Having faith in those in positions of power, even when they are incorrect. An employee was duped by a CEO scam email into sending $47 million.

Intimidation: Fear forces quick, irrational actions. IRS scam calls threaten arrests for unpaid taxes.

Consensus: Adhering to the herd, even when it doesn't make sense. "Your coworkers already signed up for this!" emails lead to phishing pages.

Scarcity: Limited-time offers. Scammers use "limited deals" on phony websites to entice victims of Black Friday scams.

Familiarity: Trusting what is known, even if it is out of date. False WeTransfer emails spread viruses by using recognizable branding.

Trust: Having too much faith in people or institutions. Scammers on LinkedIn establish a rapport while sending harmful links.

Urgency: Making snap decisions without giving them enough thought. Credential theft results from "Reset your password now or lose access!" prompts.

Got the results for the beta exams I took earlier this year.

It was a pass and a pass!!

Wanted to share it with like-minded folks as I know you know ,that I know that you know what I'm so excited about!

Gonna celebrate! Karaoke anyone?

Nearly Half of security professionals believe AI Is risky - many seeing leaked training data as a threat.
Are you included in that "nearly" half????

Hello CINners,

This question may seem a little broad, but I'm going to ask
it anyway, to see what kind of responses it pulls in.

Question: What are the three core goals of information security?

I'll provide my answer on eve of the next calendar holiday, or on
the day of.

What do you think CINners - does this look accurate?

I frequently use tools like ffuf to illustrate fuzzing to my students.

Using the following command, for instance:

bash
┌──(kali㉿localhost)-[~]└─$ffuf -w wordlist.txt -u http://mydomaintarget.org/FUZZ

Files like backup.sql, graphql.txt, config.json, and other possibly sensitive files may be discovered in this way.

To confirm their presence, we employ:
┌──(kali㉿localhost)-[~]└─$curl -I http://mydomaintarget.org/backup.sql on mydomaintarget.org

The server replies with an HTTP 200 status if the file is present. When we try to download the file, though: backup.sql using

bash
┌──(kali㉿localhost)-[~]└─$curl -o http://mydomaintarget.org/backup.sql on mydomaintarget.org

The output is a JavaScript obfuscated code rather than the anticipated content.
Are there any explainations to such behavior?

Yes, I know that there are a great number of non-US CIN'ers out here, and today is just another work day for y'all, but...to all of you here on the CompTIA Instructor Network in the US or elsewhere that are overloading on turkey and stuffing:

Happy Thanksgiving!

So, I'm going to do a thread and see if anyone wants to jump in, etc etc...

1) So, I had a great time at the CompTIA Summit this year - I got to meet a lot of you (and see a few of you in various states of inebriation, but still...). Notable folks that I got to meet for the first time would be @Llewellyn, @JanetAZ, @Laurie Seeder @bnguyen , @Brandon G , @Dwight Watt , @Mol_lyC , @iamthewhiz @MelisParker, @Jagger Coffey @Tilley IT Training @Mark Anthony Germanos, @TraceyO , @NikkiH, @LynW, @Kwabena Fred and a number of other folks (of whom I couldn't find your CIN tag).

(yes, this was also a shameless plug to get some more folks to post on the board...since we haven't seen them in a hot minute...)

2) I'm thankful that I was able to meet some major deadlines at work. We're rolling Anthology for our college, having bought up two other smaller schools, and with all that stress, I wanted to say that I'm grateful for having good folks to work with. If any of you folks are also doing admin for Anthology Student in your schools, I want to talk with you. DM me, if you would.

3) I'm gratified that, despite my crazy schedule, I got through at least a couple of exams this year, namely MS900 and SC900 from Microsoft, as well as DataSys+ (upcoming perhaps in a week or so). In a lot of ways, it's you folks and others like you that keep me going when I could just stop. I think that's the best thing we have going here on CIN. And a lot of you just got your SecurityX, which is huge - I'll go after mine in 2025, after re-upping on Cloud+, and maybe another SC from MSFT. So many tests...

4) And yes, I'm thankful all of you - the "usual suspects" or the "CIN Motley Crew" (you know who you are). You guys are just one reason why I can't ever get work done - because I'm out here, mixing it up with you.

Anyway, for those that are celebrating the holiday, Happy Thanksgiving. And if you're not...well...we'll still save you a piece of pie ala mode if you drop by.

Cheers,

Rick

This CVE got my attention. Thought I would share it with the CIN community.

https://media.licdn.com/dms/image/v...t=l8pAzFzE8fFZWwyhwWJt1BlZpKWQ3xkomPrkfA_2kZ4

My CEO is leaning on my department to find out more about this new corse that is on a email we received stating that it’s available. But I can not find any more details about AI Essentials on the CompTIA web site. Where can I find or get details about this corse?

Hello CINners,

A little something for you DNS aficionados! Ever since I had my first read of "DNS and BIND",
almost 20 years ago, I've been intrigued about this service! Of course, when I had that first read,
security didn't have nearly the concern that it does today. Well, it's a new day!!! Okay, that's
enough reminiscing. On with the show -)

DNS (Domain Name System) attacks exploit vulnerabilities in the DNS infrastructure, which translates domain names (like example.com) into IP addresses. These attacks aim to disrupt, intercept, or redirect user traffic. Here are the main types of DNS attacks:

1. DNS Spoofing (Cache Poisoning)​

• Description: Attacker injects false DNS records into a resolver's cache, redirecting users to malicious sites.
• Impact: Users are tricked into visiting fraudulent websites, often leading to phishing or malware distribution.

---

2. DNS Amplification Attack​

• Description: A type of DDoS (Distributed Denial of Service) attack that leverages open DNS resolvers to overwhelm a target with large amounts of traffic.
• Impact: The target's servers are rendered unavailable due to excessive traffic.

---

3. DNS Tunneling​

• Description: Encodes non-DNS traffic (e.g., HTTP) into DNS queries, often used for data exfiltration or command-and-control (C2) communication.
• Impact: Sensitive data can be stolen or malicious actions executed covertly.

---

4. Domain Hijacking​

• Description: An attacker gains unauthorized control over a domain by compromising its registrar account or exploiting vulnerabilities.
• Impact: The domain can be redirected, defaced, or taken offline.

---

5. DNS Reflection Attack​

• Description: Similar to amplification attacks, but it uses spoofed requests to make the DNS server send responses to the victim's IP address.
• Impact: Overwhelms the victim's server, causing service disruptions.

---

6. NXDOMAIN Attack​

• Description: Overwhelms DNS resolvers by sending a high volume of queries for non-existent domains.
• Impact: Depletes server resources, causing legitimate requests to fail.

---

7. DNS Flood Attack​

• Description: Inundates a DNS server with a high volume of queries to exhaust its resources.
• Impact: Causes the DNS server to crash or become unresponsive.

---

8. Man-in-the-Middle (MitM) Attack​

• Description: An attacker intercepts and manipulates DNS traffic between the user and the resolver.
• Impact: Users are redirected to malicious sites, potentially leading to credential theft or malware infections.

---

9. Registrar Hijacking​

• Description: Attackers compromise a domain registrar's system to alter DNS records or transfer domain ownership.
• Impact: Entire domains can be taken over or redirected.

---

10. DNS Typosquatting​

• Description: Registering domains that resemble legitimate ones (e.g., googgle.com instead of google.com) to exploit user typos.
• Impact: Users can be redirected to phishing sites or exposed to ads/malware.

---

11. Fast Flux DNS​

• Description: Frequently changing IP addresses in DNS records to avoid detection and takedown.
• Impact: Used for botnets, phishing, and other malicious activities.

---

Mitigation Strategies:​

• DNSSEC (Domain Name System Security Extensions): Adds cryptographic signatures to DNS records.
• Rate Limiting: Limits the number of queries a DNS server can process per client.
• Monitoring and Logging: Tracks DNS activity for anomalies.
• Firewalls and Access Control: Blocks malicious traffic and restricts open resolvers.
• Patch Management: Keeps DNS server software up-to-date. I know you CINners are on top of this one!!!!

Certified Achievement Unlocked! Proud to earn my CompTIA Certification

Hello CINners,

Are CVEs (Common Vulnerabilities and Exposures) covered in any CompTIA courses?
What about CWE (Common Weakness Enumeration) - is this covered in any
CompTIA course?

What's prompting the question more than anything is my recent (like 5 minutes ago)
discovery of CWE.

This poll is open to all participants on the CIN message boards, from instructors to CompTIA staff.

Do you possess an advanced degree, and if you do, is it technical or non-technical?

Feel free to discuss the topic below, but please leave your response in the poll.

Hello. Does anyone know when the Cloud+ CV0-003 exam will no longer be available now that the Cloud+ CV0-004 exam has been made available? The 004 exam was originally scheduled to be available in September but was not released until mid-October. I have students who will be preparing to take Cloud+ in March 2025, but no one outside of the CompTIA cert master has study material for the CV0-004 version of the exam.

Thanks for your help

Seeking certified CompTIA instructors to create and deliver pre recorded instructor led courses for new Comptia content scheduled to be released in 2025. Please reply to [email protected] with a link or sample file of existing content created and delivered.

The three pillars of cybersecurity:
1) People
2) Processes
3) Technology

These three elements/components do interconnect to form
a strong security framework!

Is this covered in any of the CompTIA cybersecurity related courses?

This lab has no internet access... lab can't be completed!

Dear all,
Please, I am looking for some instructor materials for the A+ course. But I am unable to find it.

Anything will help to deliver- PPTs, Ebooks, labs, demos;s.

Please can anyone help me with that?

We're looking for experienced trainers/mentors to join our team and teach a variety of CompTIA IT / Cyber / Cloud / PMP / CSM / Azure certification courses, including:

• CompTIA A+
• Network+
• Security+
• Cloud+
• PenTest+
• CySA+
• PMP
• ITIL
• Scrum
• Azure

About Us
We are a well-established post-secondary tech training school located in Tampa, FL. Our mission is to empower students to achieve their tech career goals. With consistent cohorts throughout the year, we provide a supportive and flexible teaching environment providing consistent teaching gigs throughout the year. This assignment would be contract work, part time. Active certification maintained through CEU's works or certified in the latest version of the above certifications. No degree required. No clearance is necessary but would be a bonus. Local trainers would be ideal and training is remote. We are in FL so Eastern Standard Time. Language would be English.

What We're Looking For

• Experienced Instructors: Prior hands on experience in the field as well as teaching, training, and mentoring experience in all of the above.
• Certifications: Must hold current certifications in what you will be teaching.
• Flexibility: Local trainers are preferred but delivery is remote for the right candidate and can work around your schedule as we have day and evening cohorts
• Engaging Educators: Trainers who can inspire and guide students, ensuring strong engagement and high pass rates as well as job placement rates.
• Looking for our trainers to be part of our team for the long haul. I will always try to keep the gigs coming!
• If you can bring your ideas to the table to make processes better, classes engagine and outcomes for students more successful, let's talk.

Why Join Us?

• Flexible Scheduling: Work around your other gigs or commitments.
• Competitive Pay: Starting at $30/hour with opportunities for increases/bonuses based on performance, student engagement, after class attention to student needs, pass rates and job placement rates. Time can be spent assisting the school in process improvements, new ideas to attract new students and provide successful outcomes for all.
• Future Growth Opportunities: We’re expanding our course offerings in 2025 to include ITIL, Scrum, and PMP, Azure and end of 2025 looking at adding AWS, CISM, CISSP, CASP. If you’re certified in these areas, we’d love to chat!

Next Steps
If you’re interested in being part of our team or would like to learn more, please reply.

We look forward to hearing from you!