CoachnestCoachnest
Sign InGet Started
Back to course

Complete Cybersecurity Bootcamp: Defend, Detect & Respond

…
—
Contents
1

What Is Cybersecurity & Why It Matters

Reading14mFree
2

The CIA Triad & Core Security Principles

Reading16mFree
3

Threat Actors, Motivations & the Attack Surface

Reading14m
4

Setting Up a Safe, Legal Practice Lab

Reading12m
5

Security Domains & Career Paths Overview

Video15m
6

Chapter 1 — Quiz

Quiz10m
7

TCP/IP, the OSI Model & How Data Travels

Reading18m
8

Common Protocols & Their Weaknesses

Reading16m
9

Firewalls, IDS/IPS & Network Segmentation

Reading16m
10

VPNs, TLS in Transit & Secure Remote Access

Reading14m
11

Reading Network Traffic with Wireshark

Video17m
12

Chapter 2 — Networking Quiz

Quiz12m
13

Symmetric vs Asymmetric Encryption

Reading16m
14

Hashing, Salting & Password Storage

Reading16m
15

Digital Signatures, Certificates & PKI

Reading16m
16

Crypto in Practice & Common Mistakes

Reading14m
17

How HTTPS & TLS Work — Visual Walkthrough

Video15m
18

Chapter 3 — Cryptography Quiz

Quiz12m
19

Linux Security Fundamentals & Hardening

Reading18m
20

Windows Security & Active Directory Basics

Reading16m
21

Endpoint Protection: Antivirus, EDR & Application Control

Reading14m
22

Data Protection, Backups & Ransomware Resilience

Reading14m
23

Hardening a Linux Server — Demo

Video16m
24

Chapter 4 — Endpoint Security Quiz

Quiz12m
25

How the Web Works & The HTTP Request Lifecycle

Reading16m
26

Injection Attacks: SQL Injection & Command Injection

Reading18m
27

Broken Access Control & Authentication Failures

Reading16m
28

Cross-Site Scripting (XSS), CSRF & Security Headers

Reading18m
29

Finding Web Vulnerabilities Safely — Demo

Video17m
30

Chapter 5 — Web Security Quiz

Quiz12m
31

Authentication Factors, MFA & Passwordless

Reading16m
32

OAuth 2.0, OpenID Connect, SAML & JWTs

Reading18m
33

Access Control Models: RBAC, ABAC & Least Privilege

Reading16m

Identity Threats: Phishing & Social Engineering

Reading14m
35

Setting Up MFA & SSO — Walkthrough

Video14m
36

Chapter 6 — Identity & Access Quiz

Quiz12m
37

Malware Taxonomy: Viruses, Worms, Trojans & Ransomware

Reading16m
38

The Cyber Kill Chain & MITRE ATT&CK

Reading16m
39

Network Attacks: DoS/DDoS, MITM & Sniffing

Reading14m
40

Vulnerability Management & Penetration Testing

Reading16m
41

Understanding the MITRE ATT&CK Framework — Overview

Video15m
42

Chapter 7 — Threats & Attacks Quiz

Quiz12m
43

The SOC, SIEM & Log Management

Reading16m
44

Detection, Threat Hunting & Threat Intelligence

Reading16m
45

The Incident Response Lifecycle

Reading18m
46

Digital Forensics Fundamentals

Reading14m
47

Inside a SOC: Analyst Workflow — Walkthrough

Video16m
48

Chapter 8 — SecOps & IR Quiz

Quiz12m
49

Cloud Security & the Shared Responsibility Model

Reading16m
50

Container & Kubernetes Security

Reading16m
51

DevSecOps: Shifting Security Left

Reading16m
52

Secure SDLC & Threat Modeling

Reading14m
53

Securing a CI/CD Pipeline — Demo

Video15m
54

Chapter 9 — Cloud & DevSecOps Quiz

Quiz12m
55

Risk Management Fundamentals

Reading16m
56

Security Frameworks, Standards & Compliance

Reading16m
57

Security Awareness, Policy & the Human Factor

Reading14m
58

Cybersecurity Careers, Certifications & Next Steps

Reading16m
59

Cybersecurity Career Roadmap — Overview

Video14m
60

Chapter 10 — GRC & Careers Quiz

Quiz12m
←→navigate lessons
Chapter 6 of 10·Chapter 6 — Identity, Authentication & Access Control
Lesson 34 of 60Reading14 min

Identity Threats: Phishing & Social Engineering

Identity Threats: Phishing & Social Engineering¶

Technology fails to a human who is tricked into handing over the keys. Social engineering is the #1 way attackers gain initial access.

Why It Works¶

Social engineering exploits psychology, not code:

PrincipleManipulation
Authority"This is IT — I need your password."
Urgency"Your account will be locked in 10 minutes!"
Fear"Suspicious login detected — verify now."
Trust/FamiliarityImpersonating a colleague or vendor
Greed/Curiosity"You won a prize," a tempting attachment

Common Techniques¶

  • Phishing — mass deceptive emails luring clicks/credentials.
  • Spear phishing — targeted, personalized (researched victim).
  • Whaling — targeting executives.
  • Vishing — voice/phone-based.
  • Smishing — SMS-based.
  • Business Email Compromise (BEC) — impersonating an exec to authorize fraudulent payments. Often the costliest attack of all.
  • Pretexting — inventing a scenario to extract info.
  • Baiting — dropping malicious USB drives.
  • Tailgating — following someone through a secure door.

Spotting a Phishing Email¶

🚩 Red flags:

  • Mismatched/look-alike sender domain (micros0ft-support.com).
  • Generic greeting, urgency, threats.
  • Unexpected attachments or links (hover to inspect the real URL).
  • Requests for credentials, MFA codes, or payment changes.
  • Subtle grammar/branding errors.

Defenses — Technical + Human¶

Technical:

  • Email authentication: SPF, DKIM, DMARC to block spoofed senders.
  • Link/attachment sandboxing and filtering.
  • Phishing-resistant MFA (FIDO2) — even if creds are phished, the attacker can't log in.

Human:

  • Regular security awareness training and simulated phishing.
  • A blameless, easy reporting process ("Report Phish" button) — speed of reporting beats perfection.
  • Verify sensitive requests (payments, credential changes) via a second channel.

The Defender's Mindset¶

Assume some users will click. Build controls so that one click doesn't equal a breach: MFA, least privilege, segmentation, and fast detection. Resilience over perfection.

Previous

Access Control Models: RBAC, ABAC & Least Privilege

Next

Setting Up MFA & SSO — Walkthrough

Use ← → arrow keys to navigate between lessons