Got the results for the beta exams I took earlier this year.

It was a pass and a pass!!

Wanted to share it with like-minded folks as I know you know ,that I know that you know what I'm so excited about!

Gonna celebrate! Karaoke anyone?

Nearly Half of security professionals believe AI Is risky - many seeing leaked training data as a threat.
Are you included in that "nearly" half????

Hello CINners,

This question may seem a little broad, but I'm going to ask
it anyway, to see what kind of responses it pulls in.

Question: What are the three core goals of information security?

I'll provide my answer on eve of the next calendar holiday, or on
the day of.

What do you think CINners - does this look accurate?

I frequently use tools like ffuf to illustrate fuzzing to my students.

Using the following command, for instance:

bash
┌──(kali㉿localhost)-[~]└─$ffuf -w wordlist.txt -u http://mydomaintarget.org/FUZZ

Files like backup.sql, graphql.txt, config.json, and other possibly sensitive files may be discovered in this way.

To confirm their presence, we employ:
┌──(kali㉿localhost)-[~]└─$curl -I http://mydomaintarget.org/backup.sql on mydomaintarget.org

The server replies with an HTTP 200 status if the file is present. When we try to download the file, though: backup.sql using

bash
┌──(kali㉿localhost)-[~]└─$curl -o http://mydomaintarget.org/backup.sql on mydomaintarget.org

The output is a JavaScript obfuscated code rather than the anticipated content.
Are there any explainations to such behavior?

Yes, I know that there are a great number of non-US CIN'ers out here, and today is just another work day for y'all, but...to all of you here on the CompTIA Instructor Network in the US or elsewhere that are overloading on turkey and stuffing:

Happy Thanksgiving!

So, I'm going to do a thread and see if anyone wants to jump in, etc etc...

1) So, I had a great time at the CompTIA Summit this year - I got to meet a lot of you (and see a few of you in various states of inebriation, but still...). Notable folks that I got to meet for the first time would be @Llewellyn, @JanetAZ, @Laurie Seeder @bnguyen , @Brandon G , @Dwight Watt , @Mol_lyC , @iamthewhiz @MelisParker, @Jagger Coffey @Tilley IT Training @Mark Anthony Germanos, @TraceyO , @NikkiH, @LynW, @Kwabena Fred and a number of other folks (of whom I couldn't find your CIN tag).

(yes, this was also a shameless plug to get some more folks to post on the board...since we haven't seen them in a hot minute...)

2) I'm thankful that I was able to meet some major deadlines at work. We're rolling Anthology for our college, having bought up two other smaller schools, and with all that stress, I wanted to say that I'm grateful for having good folks to work with. If any of you folks are also doing admin for Anthology Student in your schools, I want to talk with you. DM me, if you would.

3) I'm gratified that, despite my crazy schedule, I got through at least a couple of exams this year, namely MS900 and SC900 from Microsoft, as well as DataSys+ (upcoming perhaps in a week or so). In a lot of ways, it's you folks and others like you that keep me going when I could just stop. I think that's the best thing we have going here on CIN. And a lot of you just got your SecurityX, which is huge - I'll go after mine in 2025, after re-upping on Cloud+, and maybe another SC from MSFT. So many tests...

4) And yes, I'm thankful all of you - the "usual suspects" or the "CIN Motley Crew" (you know who you are). You guys are just one reason why I can't ever get work done - because I'm out here, mixing it up with you.

Anyway, for those that are celebrating the holiday, Happy Thanksgiving. And if you're not...well...we'll still save you a piece of pie ala mode if you drop by.

Cheers,

Rick

This CVE got my attention. Thought I would share it with the CIN community.

https://media.licdn.com/dms/image/v...t=l8pAzFzE8fFZWwyhwWJt1BlZpKWQ3xkomPrkfA_2kZ4

My CEO is leaning on my department to find out more about this new corse that is on a email we received stating that it’s available. But I can not find any more details about AI Essentials on the CompTIA web site. Where can I find or get details about this corse?

Hello CINners,

A little something for you DNS aficionados! Ever since I had my first read of "DNS and BIND",
almost 20 years ago, I've been intrigued about this service! Of course, when I had that first read,
security didn't have nearly the concern that it does today. Well, it's a new day!!! Okay, that's
enough reminiscing. On with the show -)

DNS (Domain Name System) attacks exploit vulnerabilities in the DNS infrastructure, which translates domain names (like example.com) into IP addresses. These attacks aim to disrupt, intercept, or redirect user traffic. Here are the main types of DNS attacks:

1. DNS Spoofing (Cache Poisoning)​

• Description: Attacker injects false DNS records into a resolver's cache, redirecting users to malicious sites.
• Impact: Users are tricked into visiting fraudulent websites, often leading to phishing or malware distribution.

---

2. DNS Amplification Attack​

• Description: A type of DDoS (Distributed Denial of Service) attack that leverages open DNS resolvers to overwhelm a target with large amounts of traffic.
• Impact: The target's servers are rendered unavailable due to excessive traffic.

---

3. DNS Tunneling​

• Description: Encodes non-DNS traffic (e.g., HTTP) into DNS queries, often used for data exfiltration or command-and-control (C2) communication.
• Impact: Sensitive data can be stolen or malicious actions executed covertly.

---

4. Domain Hijacking​

• Description: An attacker gains unauthorized control over a domain by compromising its registrar account or exploiting vulnerabilities.
• Impact: The domain can be redirected, defaced, or taken offline.

---

5. DNS Reflection Attack​

• Description: Similar to amplification attacks, but it uses spoofed requests to make the DNS server send responses to the victim's IP address.
• Impact: Overwhelms the victim's server, causing service disruptions.

---

6. NXDOMAIN Attack​

• Description: Overwhelms DNS resolvers by sending a high volume of queries for non-existent domains.
• Impact: Depletes server resources, causing legitimate requests to fail.

---

7. DNS Flood Attack​

• Description: Inundates a DNS server with a high volume of queries to exhaust its resources.
• Impact: Causes the DNS server to crash or become unresponsive.

---

8. Man-in-the-Middle (MitM) Attack​

• Description: An attacker intercepts and manipulates DNS traffic between the user and the resolver.
• Impact: Users are redirected to malicious sites, potentially leading to credential theft or malware infections.

---

9. Registrar Hijacking​

• Description: Attackers compromise a domain registrar's system to alter DNS records or transfer domain ownership.
• Impact: Entire domains can be taken over or redirected.

---

10. DNS Typosquatting​

• Description: Registering domains that resemble legitimate ones (e.g., googgle.com instead of google.com) to exploit user typos.
• Impact: Users can be redirected to phishing sites or exposed to ads/malware.

---

11. Fast Flux DNS​

• Description: Frequently changing IP addresses in DNS records to avoid detection and takedown.
• Impact: Used for botnets, phishing, and other malicious activities.

---

Mitigation Strategies:​

• DNSSEC (Domain Name System Security Extensions): Adds cryptographic signatures to DNS records.
• Rate Limiting: Limits the number of queries a DNS server can process per client.
• Monitoring and Logging: Tracks DNS activity for anomalies.
• Firewalls and Access Control: Blocks malicious traffic and restricts open resolvers.
• Patch Management: Keeps DNS server software up-to-date. I know you CINners are on top of this one!!!!

Certified Achievement Unlocked! Proud to earn my CompTIA Certification

Hello CINners,

Are CVEs (Common Vulnerabilities and Exposures) covered in any CompTIA courses?
What about CWE (Common Weakness Enumeration) - is this covered in any
CompTIA course?

What's prompting the question more than anything is my recent (like 5 minutes ago)
discovery of CWE.

This poll is open to all participants on the CIN message boards, from instructors to CompTIA staff.

Do you possess an advanced degree, and if you do, is it technical or non-technical?

Feel free to discuss the topic below, but please leave your response in the poll.

Hello. Does anyone know when the Cloud+ CV0-003 exam will no longer be available now that the Cloud+ CV0-004 exam has been made available? The 004 exam was originally scheduled to be available in September but was not released until mid-October. I have students who will be preparing to take Cloud+ in March 2025, but no one outside of the CompTIA cert master has study material for the CV0-004 version of the exam.

Thanks for your help

Seeking certified CompTIA instructors to create and deliver pre recorded instructor led courses for new Comptia content scheduled to be released in 2025. Please reply to [email protected] with a link or sample file of existing content created and delivered.

The three pillars of cybersecurity:
1) People
2) Processes
3) Technology

These three elements/components do interconnect to form
a strong security framework!

Is this covered in any of the CompTIA cybersecurity related courses?

This lab has no internet access... lab can't be completed!

Dear all,
Please, I am looking for some instructor materials for the A+ course. But I am unable to find it.

Anything will help to deliver- PPTs, Ebooks, labs, demos;s.

Please can anyone help me with that?

We're looking for experienced trainers/mentors to join our team and teach a variety of CompTIA IT / Cyber / Cloud / PMP / CSM / Azure certification courses, including:

• CompTIA A+
• Network+
• Security+
• Cloud+
• PenTest+
• CySA+
• PMP
• ITIL
• Scrum
• Azure

About Us
We are a well-established post-secondary tech training school located in Tampa, FL. Our mission is to empower students to achieve their tech career goals. With consistent cohorts throughout the year, we provide a supportive and flexible teaching environment providing consistent teaching gigs throughout the year. This assignment would be contract work, part time. Active certification maintained through CEU's works or certified in the latest version of the above certifications. No degree required. No clearance is necessary but would be a bonus. Local trainers would be ideal and training is remote. We are in FL so Eastern Standard Time. Language would be English.

What We're Looking For

• Experienced Instructors: Prior hands on experience in the field as well as teaching, training, and mentoring experience in all of the above.
• Certifications: Must hold current certifications in what you will be teaching.
• Flexibility: Local trainers are preferred but delivery is remote for the right candidate and can work around your schedule as we have day and evening cohorts
• Engaging Educators: Trainers who can inspire and guide students, ensuring strong engagement and high pass rates as well as job placement rates.
• Looking for our trainers to be part of our team for the long haul. I will always try to keep the gigs coming!
• If you can bring your ideas to the table to make processes better, classes engagine and outcomes for students more successful, let's talk.

Why Join Us?

• Flexible Scheduling: Work around your other gigs or commitments.
• Competitive Pay: Starting at $30/hour with opportunities for increases/bonuses based on performance, student engagement, after class attention to student needs, pass rates and job placement rates. Time can be spent assisting the school in process improvements, new ideas to attract new students and provide successful outcomes for all.
• Future Growth Opportunities: We’re expanding our course offerings in 2025 to include ITIL, Scrum, and PMP, Azure and end of 2025 looking at adding AWS, CISM, CISSP, CASP. If you’re certified in these areas, we’d love to chat!

Next Steps
If you’re interested in being part of our team or would like to learn more, please reply.

We look forward to hearing from you!

@Stephen Schneiter thank you for your efforts and your passion to make sure these platforms is functioning effectively.
Please with your tie schedule, can you give us updates when cloud + voucher is to be distributed.

Hello CINners,

When I'm listening to presentations at cybersecurity events,
there are some common terms that are used, such as:
- vulnerability
- threat
- attack surface
- attach vector

Just to name a very few.

Can you define these terms without having to launch your favorite
search engine? Do you have a definition in your brain, that would
allow you to articulate to the someone, what the term means?

I'd like to have you define one (or all) of the terms that I have listed,
based on your understanding. Just imagine that you're in conversation
with someone, and you spit out one of those terms, and the other
person ask you to define the term.

Now if you're going to lookup the term(s) using some search engine,
or dig into some book, and then pass that on to me, don't waste that
bandwidth

Does this look like a good depiction of these three levels of the web?

Hello! I am looking to purchase a few Tech+ vouchers. Are those available yet? I can't find them on the Academic store or the CompTIA store. Anyone have an idea of when they will be available? I am a bit leery that I am doing the curriculum and there is not cert to buy. It was a big sell to run this course!

Thank you

Recent postings relating to changes at CompTIA had me thinking about the great days of the late '90s and early 2000s. I recall with fondness Microsoft's AATP program. Googling the program, I found a useful history of the program, well worth reading. Back in the good old days, many of us in the academic world sought that Microsoft Certified Trainer (MCT) designation, with access to free exam vouchers and no charge for gaining the MCT designation. The cool thing was that for those of us who held the MCT designation, we were grandfathered, gaining the CompTIA CTT designation without taking a written exam or providing a teaching demonstration.

Things changed and at some point Microsoft started charging an annual fee in order to retain the MCT designation. That is when I decided to no longer carry that designation. My recollection was the fee was $500. Research indicates that "The MCT Program Fee was waived in 2020 in response to the COVID-19 pandemic. This waiver to the standard MCT annual fee remains in effect." Some of you may want to consider joining up to spice up your resume, given the cost elimination.

This of course has me thinking about the CTT+ designation that is, at least from what I've been able to find, no longer available (based on this posting on CIN).

Hi @Stephen Schneiter , may you kindly check for me as I haven't received the DataX voucher.

Thanking you,