CoachnestCoachnest
Sign InGet Started
Back to course

Complete Cybersecurity Bootcamp: Defend, Detect & Respond

…
—
Contents
1

What Is Cybersecurity & Why It Matters

Reading14mFree
2

The CIA Triad & Core Security Principles

Reading16mFree
3

Threat Actors, Motivations & the Attack Surface

Reading14m
4

Setting Up a Safe, Legal Practice Lab

Reading12m
5

Security Domains & Career Paths Overview

Video15m
6

Chapter 1 — Quiz

Quiz10m
7

TCP/IP, the OSI Model & How Data Travels

Reading18m
8

Common Protocols & Their Weaknesses

Reading16m
9

Firewalls, IDS/IPS & Network Segmentation

Reading16m
10

VPNs, TLS in Transit & Secure Remote Access

Reading14m
11

Reading Network Traffic with Wireshark

Video17m
12

Chapter 2 — Networking Quiz

Quiz12m
13

Symmetric vs Asymmetric Encryption

Reading16m
14

Hashing, Salting & Password Storage

Reading16m
15

Digital Signatures, Certificates & PKI

Reading16m
16

Crypto in Practice & Common Mistakes

Reading14m
17

How HTTPS & TLS Work — Visual Walkthrough

Video15m
18

Chapter 3 — Cryptography Quiz

Quiz12m
19

Linux Security Fundamentals & Hardening

Reading18m
20

Windows Security & Active Directory Basics

Reading16m
21

Endpoint Protection: Antivirus, EDR & Application Control

Reading14m
22

Data Protection, Backups & Ransomware Resilience

Reading14m
23

Hardening a Linux Server — Demo

Video16m
24

Chapter 4 — Endpoint Security Quiz

Quiz12m
25

How the Web Works & The HTTP Request Lifecycle

Reading16m
26

Injection Attacks: SQL Injection & Command Injection

Reading18m
27

Broken Access Control & Authentication Failures

Reading16m
28

Cross-Site Scripting (XSS), CSRF & Security Headers

Reading18m
29

Finding Web Vulnerabilities Safely — Demo

Video17m
30

Chapter 5 — Web Security Quiz

Quiz12m
31

Authentication Factors, MFA & Passwordless

Reading16m
32

OAuth 2.0, OpenID Connect, SAML & JWTs

Reading18m
33

Access Control Models: RBAC, ABAC & Least Privilege

Reading16m
34

Identity Threats: Phishing & Social Engineering

Reading14m
35

Setting Up MFA & SSO — Walkthrough

Video14m
36

Chapter 6 — Identity & Access Quiz

Quiz12m
37

Malware Taxonomy: Viruses, Worms, Trojans & Ransomware

Reading16m
38

The Cyber Kill Chain & MITRE ATT&CK

Reading16m
39

Network Attacks: DoS/DDoS, MITM & Sniffing

Reading14m

Vulnerability Management & Penetration Testing

Reading16m
41

Understanding the MITRE ATT&CK Framework — Overview

Video15m
42

Chapter 7 — Threats & Attacks Quiz

Quiz12m
43

The SOC, SIEM & Log Management

Reading16m
44

Detection, Threat Hunting & Threat Intelligence

Reading16m
45

The Incident Response Lifecycle

Reading18m
46

Digital Forensics Fundamentals

Reading14m
47

Inside a SOC: Analyst Workflow — Walkthrough

Video16m
48

Chapter 8 — SecOps & IR Quiz

Quiz12m
49

Cloud Security & the Shared Responsibility Model

Reading16m
50

Container & Kubernetes Security

Reading16m
51

DevSecOps: Shifting Security Left

Reading16m
52

Secure SDLC & Threat Modeling

Reading14m
53

Securing a CI/CD Pipeline — Demo

Video15m
54

Chapter 9 — Cloud & DevSecOps Quiz

Quiz12m
55

Risk Management Fundamentals

Reading16m
56

Security Frameworks, Standards & Compliance

Reading16m
57

Security Awareness, Policy & the Human Factor

Reading14m
58

Cybersecurity Careers, Certifications & Next Steps

Reading16m
59

Cybersecurity Career Roadmap — Overview

Video14m
60

Chapter 10 — GRC & Careers Quiz

Quiz12m
←→navigate lessons
Chapter 7 of 10·Chapter 7 — Threats, Malware & Attack Techniques
Lesson 40 of 60Reading16 min

Vulnerability Management & Penetration Testing

Vulnerability Management & Penetration Testing¶

Proactively finding weaknesses before attackers do is core blue-team work.

Vulnerabilities, Exploits & CVEs¶

  • Vulnerability — a weakness (e.g., unpatched software).
  • Exploit — code/technique that abuses it.
  • CVE — a unique ID for a publicly known vulnerability (e.g., CVE-2021-44228, "Log4Shell").
  • CVSS — a 0–10 severity score. Useful, but prioritize by exploitability + exposure + business impact, not score alone.
  • Zero-day — a vulnerability with no patch available yet.

The Vulnerability Management Lifecycle¶

1. Discover (asset inventory) 2. Scan (Nessus, OpenVAS, Qualys) 3. Prioritize (severity + exposure + exploitability) 4. Remediate (patch, configure, or compensate) 5. Verify (rescan) 6. Report (track trends, SLAs) ↺ repeat continuously

You can't protect what you don't know you have. Asset inventory is the unglamorous foundation of everything.

Prioritization Signals¶

  • Is it internet-facing?
  • Is there a known exploit in the wild (CISA KEV catalog)?
  • Does it touch sensitive data or critical systems?
  • What's the compensating control if you can't patch immediately?

Penetration Testing¶

A pentest is an authorized, simulated attack to find exploitable weaknesses.

TypeTester knowledge
Black boxNone (external attacker view)
Grey boxPartial (some access/info)
White boxFull (source, architecture)

Phases¶

  1. 1.Scoping & Rules of Engagement — written authorization, boundaries, timing. Never skip this.
  2. 2.Reconnaissance — passive and active info gathering.
  3. 3.Scanning & enumeration — map services and weaknesses.
  4. 4.Exploitation — safely prove impact.
  5. 5.Post-exploitation — assess reach (lateral movement, data access).
  6. 6.Reporting — findings, risk ratings, remediation guidance.

Related Assessment Types¶

  • Vulnerability assessment — breadth (find many issues), no exploitation.
  • Penetration test — depth (prove exploitability) within scope.
  • Red team — goal-oriented, stealthy, tests detection & response.
  • Bug bounty — crowdsourced testing under a defined policy.
  • Responsible disclosure — report found flaws to vendors, give time to fix.

The Ethical & Legal Line (again)¶

Authorization is everything. A pentest without written permission is a crime, no matter how good the intentions. Scope, authorize, document — every time.

Previous

Network Attacks: DoS/DDoS, MITM & Sniffing

Next

Understanding the MITRE ATT&CK Framework — Overview

Use ← → arrow keys to navigate between lessons