They don't even need to be in range of your network - just hacking an adjacent network is all that's needed

The Daisy Chain Attack

Old CASP+ certs will be rebranded SecurityX on December 17, 2024​

CompTIA CASP+ Name Change

CompTIA Advanced Security Practitioner (CASP+) name will be renamed to SecurityX December 17, 2024.

CompTIA Advanced Security Practitioner (CASP+) will be renamed to SecurityX on December 17, 2024. The name change will not affect your CASP+ certification. You will automatically receive the rebranded SecurityX badge and can download a new certificate and transcript in CertMetrics. This update emphasizes the advanced (i.e. “Xpert”) level of the certification.

I'd like to get some suggestions from you CINners on basic cybersecurity hygiene.
Keep it simple (e.g. brush after every meal is recommended in the area of dental hygiene)!!!!

Okay, give me what you got!!!!

I'm at a loss here. A student had a Title IX situation late in the semester. I offered them an "incomplete" grade to give them more time to complete the materials for TestOut (TO) Network Pro and another TO title. Unfortunately, the student can't complete the materials before Network Pro retires on Dec. 20th. I believe in this student, and it took a bit to convince them to take the incomplete grade. Now, I feel like I've set them up for failure on the Network Pro. Any ideas?

When imparting knowledge of CompTIA certifications, the task does not only include syllabus content, it also involves sharpening the minds of the students. This week I turned to problem solving in dynamic tasks of A+ certification for students and also started using memory aids such as remembering their OSI mnemonics A1, A2, A3, A4, and A5.

Memory aids allow students to learn almost easily. For instance, ‘Please Do Not Throw Sausage Pizza Away’ in order to remember OSI layers! Another source that can be considered is the link on memory devices:

Core1
Core2

What other memory devices do you have that assist your students? Let’s combine our strength and creativity!

In a discussion today with another instructor that centered on CompTIA's Tech+ certification, I went to the CompTIA.ORG site and ended up here:

The site indicates the following:

Exam details coming soon.​

Note - Unexpired ITF+ certification exam vouchers can be used for the Tech+ certification exams.​

Does anyone know what's going on? Is the exam live? Vouchers for Tech+ do not appear as available for purchase on the CompTIA Academic Store.

Hello CINners,

I'd like to learn what antivius (AV) sotware you're running
on your endpoint(s) - either at your residence, or at the
place of your professional endeavor.

Thank you.

So, this is a for-what-it's-worth topic? I saw this story on the morning news and was just left with one question. Why? https://www.today.com/news/ai-jesus-christ-switzerland-controversy-rcna182980

I thought I would share with the community to get some insight. A church in Switzerland ran an experiment where it used an AI generated Jesus to listen to confessions and provide feedback. The avatar of Jesus was created using OpenAI's GPT-40. According the story, the AI Jesus confessional was very popular and many folks came to talk to it!

So then I started thinking.
If we are starting to experiment with AI Jesus, replacing the priest as the middleman, what is next?
Who will be next to be replaced by AI?
What does this mean for education?
This brings back the original question we have heard for years. In the long run, will AI replace all of our jobs?

Looking forward to your insights!

Hello fellow CINers! I just wanted to share that I have successfully completed my Pentest exam with a 760/750! I know the beta is out but I needed this to finish my degree. This is the hardest test I have taken thus far. Whew! Now on to the N009 and I will be done for a while. My brain needs a break!

I took Cloud+ few days ago and passed

Hello,
I've attended all the Tech+ that was kept in September, however, I still haven't received any certification voucher. Can anyone provide an update as what am I to do.

It is time! The brand new CompTIA certification for advanced networking, CloudNetX CNX-001 is coming! Join us as we welcome @jasoneckert who will share his insights from an industry network architect and instructor experience. Join the conversation as we discuss various types of scenarios and ways to prepare students for the exam when it is released in 2025.

The CompTIA CloudNetX+ certification exam will:

• Validate skills in advanced network and system architecture for designing and managing complex, hybrid, IT infrastructures.
• Be designed around the tasks performed by a network architect, infrastructure architect, enterprise architect and cloud architect.
• Be a natural progression for the job roles aligned to CompTIA Network+ and CompTIA Cloud+

What: CIN Sneak Peek Series CloudNetX CNX-001
When: December 12, 2024, 1:00-3:00 pm CDT
Who: Jason Eckert
Where: ON24
REGISTER HERE

Principles (reasons for effectiveness) objective 1.1 CompTIA Security plus Sy0-601

Authority: Having faith in those in positions of power, even when they are incorrect. An employee was duped by a CEO scam email into sending $47 million.

Intimidation: Fear forces quick, irrational actions. IRS scam calls threaten arrests for unpaid taxes.

Consensus: Adhering to the herd, even when it doesn't make sense. "Your coworkers already signed up for this!" emails lead to phishing pages.

Scarcity: Limited-time offers. Scammers use "limited deals" on phony websites to entice victims of Black Friday scams.

Familiarity: Trusting what is known, even if it is out of date. False WeTransfer emails spread viruses by using recognizable branding.

Trust: Having too much faith in people or institutions. Scammers on LinkedIn establish a rapport while sending harmful links.

Urgency: Making snap decisions without giving them enough thought. Credential theft results from "Reset your password now or lose access!" prompts.

Got the results for the beta exams I took earlier this year.

It was a pass and a pass!!

Wanted to share it with like-minded folks as I know you know ,that I know that you know what I'm so excited about!

Gonna celebrate! Karaoke anyone?

Nearly Half of security professionals believe AI Is risky - many seeing leaked training data as a threat.
Are you included in that "nearly" half????

Hello CINners,

This question may seem a little broad, but I'm going to ask
it anyway, to see what kind of responses it pulls in.

Question: What are the three core goals of information security?

I'll provide my answer on eve of the next calendar holiday, or on
the day of.

What do you think CINners - does this look accurate?

I frequently use tools like ffuf to illustrate fuzzing to my students.

Using the following command, for instance:

bash
┌──(kali㉿localhost)-[~]└─$ffuf -w wordlist.txt -u http://mydomaintarget.org/FUZZ

Files like backup.sql, graphql.txt, config.json, and other possibly sensitive files may be discovered in this way.

To confirm their presence, we employ:
┌──(kali㉿localhost)-[~]└─$curl -I http://mydomaintarget.org/backup.sql on mydomaintarget.org

The server replies with an HTTP 200 status if the file is present. When we try to download the file, though: backup.sql using

bash
┌──(kali㉿localhost)-[~]└─$curl -o http://mydomaintarget.org/backup.sql on mydomaintarget.org

The output is a JavaScript obfuscated code rather than the anticipated content.
Are there any explainations to such behavior?

Yes, I know that there are a great number of non-US CIN'ers out here, and today is just another work day for y'all, but...to all of you here on the CompTIA Instructor Network in the US or elsewhere that are overloading on turkey and stuffing:

Happy Thanksgiving!

So, I'm going to do a thread and see if anyone wants to jump in, etc etc...

1) So, I had a great time at the CompTIA Summit this year - I got to meet a lot of you (and see a few of you in various states of inebriation, but still...). Notable folks that I got to meet for the first time would be @Llewellyn, @JanetAZ, @Laurie Seeder @bnguyen , @Brandon G , @Dwight Watt , @Mol_lyC , @iamthewhiz @MelisParker, @Jagger Coffey @Tilley IT Training @Mark Anthony Germanos, @TraceyO , @NikkiH, @LynW, @Kwabena Fred and a number of other folks (of whom I couldn't find your CIN tag).

(yes, this was also a shameless plug to get some more folks to post on the board...since we haven't seen them in a hot minute...)

2) I'm thankful that I was able to meet some major deadlines at work. We're rolling Anthology for our college, having bought up two other smaller schools, and with all that stress, I wanted to say that I'm grateful for having good folks to work with. If any of you folks are also doing admin for Anthology Student in your schools, I want to talk with you. DM me, if you would.

3) I'm gratified that, despite my crazy schedule, I got through at least a couple of exams this year, namely MS900 and SC900 from Microsoft, as well as DataSys+ (upcoming perhaps in a week or so). In a lot of ways, it's you folks and others like you that keep me going when I could just stop. I think that's the best thing we have going here on CIN. And a lot of you just got your SecurityX, which is huge - I'll go after mine in 2025, after re-upping on Cloud+, and maybe another SC from MSFT. So many tests...

4) And yes, I'm thankful all of you - the "usual suspects" or the "CIN Motley Crew" (you know who you are). You guys are just one reason why I can't ever get work done - because I'm out here, mixing it up with you.

Anyway, for those that are celebrating the holiday, Happy Thanksgiving. And if you're not...well...we'll still save you a piece of pie ala mode if you drop by.

Cheers,

Rick

This CVE got my attention. Thought I would share it with the CIN community.

https://media.licdn.com/dms/image/v...t=l8pAzFzE8fFZWwyhwWJt1BlZpKWQ3xkomPrkfA_2kZ4

My CEO is leaning on my department to find out more about this new corse that is on a email we received stating that it’s available. But I can not find any more details about AI Essentials on the CompTIA web site. Where can I find or get details about this corse?

Hello CINners,

A little something for you DNS aficionados! Ever since I had my first read of "DNS and BIND",
almost 20 years ago, I've been intrigued about this service! Of course, when I had that first read,
security didn't have nearly the concern that it does today. Well, it's a new day!!! Okay, that's
enough reminiscing. On with the show -)

DNS (Domain Name System) attacks exploit vulnerabilities in the DNS infrastructure, which translates domain names (like example.com) into IP addresses. These attacks aim to disrupt, intercept, or redirect user traffic. Here are the main types of DNS attacks:

1. DNS Spoofing (Cache Poisoning)​

• Description: Attacker injects false DNS records into a resolver's cache, redirecting users to malicious sites.
• Impact: Users are tricked into visiting fraudulent websites, often leading to phishing or malware distribution.

---

2. DNS Amplification Attack​

• Description: A type of DDoS (Distributed Denial of Service) attack that leverages open DNS resolvers to overwhelm a target with large amounts of traffic.
• Impact: The target's servers are rendered unavailable due to excessive traffic.

---

3. DNS Tunneling​

• Description: Encodes non-DNS traffic (e.g., HTTP) into DNS queries, often used for data exfiltration or command-and-control (C2) communication.
• Impact: Sensitive data can be stolen or malicious actions executed covertly.

---

4. Domain Hijacking​

• Description: An attacker gains unauthorized control over a domain by compromising its registrar account or exploiting vulnerabilities.
• Impact: The domain can be redirected, defaced, or taken offline.

---

5. DNS Reflection Attack​

• Description: Similar to amplification attacks, but it uses spoofed requests to make the DNS server send responses to the victim's IP address.
• Impact: Overwhelms the victim's server, causing service disruptions.

---

6. NXDOMAIN Attack​

• Description: Overwhelms DNS resolvers by sending a high volume of queries for non-existent domains.
• Impact: Depletes server resources, causing legitimate requests to fail.

---

7. DNS Flood Attack​

• Description: Inundates a DNS server with a high volume of queries to exhaust its resources.
• Impact: Causes the DNS server to crash or become unresponsive.

---

8. Man-in-the-Middle (MitM) Attack​

• Description: An attacker intercepts and manipulates DNS traffic between the user and the resolver.
• Impact: Users are redirected to malicious sites, potentially leading to credential theft or malware infections.

---

9. Registrar Hijacking​

• Description: Attackers compromise a domain registrar's system to alter DNS records or transfer domain ownership.
• Impact: Entire domains can be taken over or redirected.

---

10. DNS Typosquatting​

• Description: Registering domains that resemble legitimate ones (e.g., googgle.com instead of google.com) to exploit user typos.
• Impact: Users can be redirected to phishing sites or exposed to ads/malware.

---

11. Fast Flux DNS​

• Description: Frequently changing IP addresses in DNS records to avoid detection and takedown.
• Impact: Used for botnets, phishing, and other malicious activities.

---

Mitigation Strategies:​

• DNSSEC (Domain Name System Security Extensions): Adds cryptographic signatures to DNS records.
• Rate Limiting: Limits the number of queries a DNS server can process per client.
• Monitoring and Logging: Tracks DNS activity for anomalies.
• Firewalls and Access Control: Blocks malicious traffic and restricts open resolvers.
• Patch Management: Keeps DNS server software up-to-date. I know you CINners are on top of this one!!!!

Certified Achievement Unlocked! Proud to earn my CompTIA Certification