Module 3:
In the ever-evolving landscape of cybersecurity, understanding the various threats that can compromise your digital assets is of paramount importance. From malicious hackers to insidious malware, this post delves into the realm of security threats, providing insights and knowledge essential for CompTIA Security+ candidates and anyone keen on fortifying their cybersecurity defenses.
Identifying Security Threats
- Identify Types of Attackers
- Identify Social Engineering Attacks
- Identify Malware
- Identify Software based Threats
- Identify Network Based Threats
- Identify Wireless Threats
- Identify Physical Threats
Types of Hackers
Hacker/Attacker: Individuals who have the skills to gain access to computer systems through unauthorized or unapproved means.
Cracker: Individuals who break encryption codes, defeats software copy protections, or specializes in breaking into systems.
Differing connotations:
- Neutral/benign vs. malicious
Different types:
- White Hat
- Black Hat
- Gray Hat
White Hat: A hacker who discovers and exposes security flaws in applications and operating systems with organizations consent so that they can be fixed before they become widespread problems.
Black Hat: A hacker who discovers and attacks security vulnerabilities without organizational consent, for financial gain or some other malicious purpose.
Grey Hat: A hacker who exposes security flaws in applications and operating systems without consent, but not ostensibly for malicious purposes.
Threat Actors
An entity that is partially or wholly responsible for an incident that affects or potentially affects an organizations security. Also referred to as malicious actor.
- Script Kiddies
- Hacktivists
- Organized Crime Gangs
- Nation States
- Insiders
- Competitors
The Script Kiddie: An inexperienced hacker with limited technical knowledge who relies on automated tools to hack.
The Hacktivist: A hacker who gains unauthorized access to and causes disruption in a computer system to achieve political or social change.
The Insider: Present and past employees, contractors, partners or any entity that has access to proprietary or confidential information, and whose actions result in compromised security.
Threat Actor Attributes
Type of Threat Actor | Attribute |
---|---|
Script Kiddie |
|
Hacktivist |
|
Organized Crime |
|
Nation States |
|
Insiders |
|
Competitors |
|
Open-Source Intelligence (OSINT)
OSINT is legally gathering information from publicly available origins.
Sources:
- Social Media
- Traditional Media
- Public Information
- Professional and Academic Communications
- Geospatial content
- Deep Web
Identification of Relevant and Accurate information is the key.
Practiced in both public and private sectors.
Social Engineering
Any activity where the goal is to use deception and trickery to convince unsuspecting users to provide sensitive data or to violate security guidelines.
- Can be a precursor to other attacks.
- Human factors can make symptoms hard to identify.
- In person, through email, or on the phone.
- Attacker creates an executable to gather and store network usernames and passwords and uses email to the executable to users. The email purports to be from IT, asking the recipients to run the executable and provide their credentials to solve a network issue.
- Attacker calls the help desk, pretending to be a remote sales rep who needs assistance establishing a remote connection.
- Attacker sends an executable disguised as an e-card, OS patch or application patch.
Effectiveness
Principle | Type |
---|---|
Authority | Posing as an authoritative figure such as IT manager or IT administrator. |
Intimidation | Threatening someones job or financial situation. |
Consensus | Taking advantage of human tendency to be part of a group |
Scarcity | Offering something rare or of perceived value |
Familiarity | Impersonation of friend, colleague, or family member |
Urgency | Encouraging swift action to gain a reward or avoid trouble |
Impersonation: A type of social engineering in which an attacker pretends to be someone they are not, typically an average user in distress, or a help desk representative.
Phishing and Related Attacks
Phishing: A type of email-based social engineering in which an attacker sends email from a supposedly reputable source, such as a bank, to try to elicit private information from the victim.
Spear phishing: A variant of a phishing attack where attackers target a specific individual or organization.
Whaling: A form of spear phishing that targets individuals or organizations known to be extremely wealthy.
Pharming: An attack where a request for a website (usually an e-commerce site) is redirected to a fake site that resembles the original site.
Vishing/voice phishing: A human-based attack where the attacker extracts information while speaking over the phone or leveraging IP-based voice messaging services (VoIP).
Smishing: A human-based attack where the attacker extracts information by using SMS text messages.
Hoaxes
An Email based, IM based, or web based social engineering attack that is intended to trick then user into performing undesired or unnecessary actions.
- Virus or hacking threats.
- Free offers.
- Knowledge is power.
Physical Exploits
Physical Exploit | Description |
---|---|
Shoulder Surfing | Goal: To obtain passwords or pin numbers by looking over someone’s shoulder. Cell phone cameras make this even easier to accomplish. |
Dumpster Diving | Goal: To obtain passwords and other information by inspecting a targets refuse containers. Januarys trash could contain last years calendars, which might contain passwords or other sensitive infomation. |
Tailgating | Goal: To gain entry to a secure area. Following an employee through an entrance without their knowledge. Prevent by implementing strict physical accesss controls and educating users. |
Piggy-Backing | Goal: To gain entry to a secure area. Following an employee through an entrance without their knowledge. Attackers might impersonate support staff of vendors and request that an employee hold the door for them. |
Watering Hole Attacks
An attack in which an attacker targets a specific group, discovers which websites that group frequents, then injects those sites with malware.
- Attacker identifies websites used by target users.
- Attacker infects websites.
- One or more target users become compromised.
Malicious Code
Malicious code: Undesired or unauthorized software that is placed on a target computer to disrupt operations or to redirect system resources for the attacker’s benefit.
Malware: Malicious code like viruses, Trojans, or worms, which is designed to gain unauthorized access to make unauthorized use of, or damage computers systems and networks.
Rootkit: Software that is intended to take full or partial control of a system at the lowest levels.
Virus
Malicious code that spreads from one computer to another by attaching itself to other files through a process of self-replication.
- Human action triggers the replication process
Can be used to:
- Enable additional attacks.
- Gather data.
- Corrupt or destroy data.
Worms
Malware that spreads from system to system without attaching itself to different files.
- No human trigger necessary.
- Primary function is to spread.
- Can cause problems with network bandwidth.
- If there is a payload, it is likely to take control of the system.
Adware
Software that automatically displays or downloads advertisements when it is used.
- Unwanted advertising.
- Often implemented as a browser pop-up.
- Chance of spyware or other malware.
Spyware
Surreptitiously installed malware that is intended to track and report the usage of a target system or collect other data the attacker wishes to obtain.
Collected Data:
- Web browsing history.
- Personal/Financial information.
- Usernames and Passwords.
- Can be bundled with legitimate software.
Trojan Horses
A type of malware that hides itself on an infected system and can cause damage to the system or give an attacker a platform form monitoring and/or controlling the system.
- Not self-replicating
- Not attached to other files
- Malicious content in a benign package
Keyloggers
A hardware device or software application that recognizes and records every keystroke made by the user.
- Capture passwords and other sensitive data.
- Can affect the security of keystroke authentication.
Remote Access Trojans
A specialized Trojan horse that specifically aims to provide an attacker with unauthorized access to take control of a target computer.
- Mimic the behavior of legitimate remote desktop applications
- Can hide in games and other applications.
- Downloads or email attachments.
- Backdoor access to hardware and software resources.
Logic Bombs
Software that sits dormant on a target’s computer until it’s triggered by a specific condition, usually a date and time.
- When specified conditions are met the logic bomb is triggered.
- The Logic Bomb is usually used for destructive means, erasing or corrupting data on the target system.
Botnets
Botnet: A collective of computers that have been infected by a master control program known as a Bot.
Zombie/Drone: A computer that has been infected with a bot and is being used to an attacker to mount an attack.
- Botnet goals.
- Denial of Service.
- Spam Emails.
- Data Mine for personal data and passwords.
- Activity usually undetectable by average users.
Ransomware
Ransomware: Software that enables an attacker to take control of a victim’s system and encrypts system files until a demand is met usually a payment in Bitcoin.
Bitcoin: A decentralized, encrypted electronic payment system that is used by threat actors and legitimate entities.
Crypto-Malware: A form of ransomware that uses encryption to render the victim’s data inaccessible.
- Threat Actor places ransomware on a victim computer.
- Attacker demands ransom to decrypt data
- This is one of the biggest threats to organizations data.
A scary example would be the wannaCry Malware attack, God Bless that man Marcus Hutchins who cracked the code and got systems restored.
Advanced Persistent Threats (APT)
APTs use multiple attack vectors for longevity in a system to keep unauthorized access to sensitive resources.
- Long range, repeated threats.
- Malware induced.
- Target private oragizations (financial or educational institutions) or nation states.
- APTs cover their own tracks to remain undetected.
Software Attacks
Any attack that targets software resources, including operating systems, applications, services, protocols or files.
- Disrupt or disable the software running on the target.
- Exploit the target to gain access to resources.
- Gain secret control.
Password Attacks
Any Attack where the attacker tries to gain unauthorized access to a system using passwords.
- Guessing and cracking.
Can be found in audit logs:
- Repeated failed attempts, then success.
- Successful logons at unusual times.
Types of Password Attacks
Password Attack Type | Description |
---|---|
Guessing | Individual, repeated attempts to guess a password Use different common password values Users name Spouses name Significant dates |
Stealing | Sniffing network communications Reading handwritten password notes Observing a user enter a password (shoulder surfing) |
Dictionary attack | Automated password guessing Compares passwords against a list of possible values Dictionary words and variants Letter substitiution Appending numerals |
Brute forrce attack | Use password-cracking software Try every possible alphanumeric combination |
Rainbow table attack | Use plaintext password and their hashes to crack passwords Generate hashes in advance Trade time saved for disk space Compare target hash to table entries |
Hybrid password attack | Use multiple attack methods when trying to crack a password Dictionary attack, Rainbow table attack, Brute force attack |
Birthday attack | Exploiot weaknessess in the algorithms used to generate hashes Identify what different inputs produce the same output |
Cryptographic Attack
A software attack that exploits weaknesses in cryptographic system elements such as code, ciphers, protocols and key-management systems.
Primarily used to decipher encrypted passwords.
Cryptographic Attack Type | Description |
---|---|
Known Plain text Attack (KPA) | Attacker has a plaintext message and its corresponding ciphertext. Attacker tries to understand the correlation between them to determine the encryption key. |
Chosen Plaintext Attack | Attacker encrypts a selected plaintext message The attacker analyzes the resulting ciphertext to crack the cipher. Attacker uses attack results to iteratively repeat the attack for an adaptive chosen plain text attack. |
Ciphertext-only Attack | Attacker has access to ciphertext Attacker tries to use frequency analysis or other methods to break the cipher. |
Chosen Ciphertext Attack | Attacker analyses the ciphertext and tries to find the corresponding plaintext. Attacker uses the attack results to iteratively repeat the attack for an adaptive chosen ciphertext attack. |
Downgrade Attack | Attacker exploits the need for backwards compatibility. Attacker forces a computer to abandon the use of encrypted messages in favor of plaintext. |
Replay Attack | Attacker intercepts session keys or authentication traffic. Attacker uses them later to authenticate and gain access. |
Weak Implementation Attacks | Focus on how the cryptographic system is implemented. (Other Cryptographic attacks focus on the algorithm used to encrypt the targeted data). |
Backdoor Attacks
Backdoor Attack: An attack where the attacker uses a software application or bogus user account to gain access to a system and its resources. A Backdoor is a mechanism put in place allowing a threat actor to bypass usual authentication methods. The Backdoor attack is software or fake user accounts which gives the Threat Actor access to a system and its resources.
Backdoor: A mechanism for gaining access to a computer that bypasses or subverts the normal authentication methods.
- Typically delivered via Trojan or other malware.
- Backdoor software listens for commands on an open port.
- Attacker can send commands and disrupt the target computer.
- Backdoor access not always detected, so it can be persistent.
Takeover Attack: A software attack that provides remote access and control.
Application Attacks
Application Attack: A software attack that targets web-based and other Client-Server applications.
- Threaten app and web servers, users, back-end systems, and the software itself.
- Leads to Authentication breaches, impersonation, information disclosure, source code issues, and other breaches.
Source code: Software instructions, written in a human-readable programming language, that gets compiled into machine code to be executed by a computer.
Client-side Attack: A software attack that exploits the trust relationship between client and the server it connects to.
Web Application Attack: An application attack that focuses on applications that run-in web browsers.
Types of Application Attack
Application Attack Type | Description |
---|---|
Cross-Site Scripting (XSS) | Injects malicious code into trusted websites The Code runs when a user visits the site Similar to a Watering Hole Attack |
Cross-Site Request Forgery (XSRF) | Manipulates the relationship between an authorized user of a website and the website itself. Exploits a web browser’s trust in the users unexpired browser cookies. Target websites use input from authenticated users that use the browser cookies to automatically authenticate. |
Command Injection Attacks | SQL Injection. LDAP Injection. XML Injection. Directory Traversal. |
Zero Day Exploit | Attack that occurs immediately after a vulnerability is identified the protection level is at its lowest. |
Buffer Overflow | Exploits the fixed data buffer size in a target’s software. Sends data that is too large for the buffer, causing the application to crash. |
Driver Manipulation
Driver Manipulation: A software attack where the attacker rewrites or replaces the legitimate drivers or Application Programming Interface (API) to enable malicious activity to be performed.
Shimming: The process of developing and implementing additional code between an application and the operating system to enable functionality that wouldn’t normally be there.
Refactoring: The process of restructuring application code to improve its design without affecting the external behavior of the application, or to enable it to handle particular situations.
Privilege Escalation
Privilege Escalation the practice of exploiting flaws in a computers operating system or other application to gain a greater level of access than was intended for the user or application.
Vertical Escalation
- A user or application is able to access functionality and data that shouldn’t be available to them.
Horizontal Escalation
- A user accesses functionality and data that is intended for another user but has the same level of access.
TCP/IP Basics
- Standard network protocol in use worldwide.
- Layered suite of many protocols.
- Enables communication between hosts.
The Three-way Handshake: The process by which a TCP connection is completed between two hosts.
- SYN packet is sent.
- SYN-ACK packet is sent.
- ACK packet is sent.
Spoofing Attacks
A network-based attack where the attacker impersonates someone else to conceal their identity.
- IP Address Spoofing.
- Mac Address Spoofing.
- ARP Spoofing (Poisoning).
- DNS Spoofing (Poisoning).
IP and MAC Address Spoofing
IP Address Spoofing: The Attacker sends IP packets from a fake source IP address to communicate with the target.
MAC Address Spoofing: The Attacker re-configures a network interface to disguise the original MAC Address.
Traffic intended for the server is redirected to the spoof MAC address.
ARP Poisoning
A network-based attack where the attacker has access to the target network and redirects an IP address to the MAC address of a computer that is not the intended recipient. Also known as ARP spoofing.
- Captures, alters and forwards network traffic to the intended recipient.
- Can create a Denial of Service by pointing to a non-existent MAC address.
DNS Poisoning
A network-based attack where an attacker exploits the open nature of DNS to redirect a domain name to a different IP address. Also known as DNS spoofing.
- Captures data from domain name visitors.
- serves malware to the domain name visitors.
- Creates Denial of Service by pointing to a non-existent IP address.
Port Scanning Attacks
Port: An endpoint of a logical connection that host computers use to connect to processes or services on other hosts.
Port Scanning Attacks: A network-based attack where the attacker scans computers and other devices to see which ports are listening, in an attempt to find a way to gain unauthorized access.
- TCP and UDP ports scanned.
- Active services scanned.
- Can be automated.
- Likely to occur, whether you’re aware or not.
Port | Protocols | State |
---|---|---|
21 | FTP | Open |
53 | DNS | Closed |
80 | HTTP | Open |
110 | POP3 | Closed |
119 | NNTP | Closed |
443 | HTTPS | Open |
Scan Types
Stealth Scan: A type of port scan that identifies open ports without completing the three-way handshake.
- Attacker sends SYN, server replies with SYN-ACK, attacker resets connection.
- This is less likely to be logged.
Full Connect Scan: A type of port scan that completes the three-way handshake identifies open ports and gathers data about network hosts by banner grabbing.
Banner Grabbing: The act collecting data about network hosts by examining text-based welcome screens that are displayed by some hosts.
Eavesdropping Attacks
A network attack where an attacker uses special monitoring software to gain access to private communications on the network wire or across a wireless network.
- Data theft.
- Username and password exfiltration.
- On wired networks physical access to the network is required.
- On wireless networks, a device capable of receiving wireless network signals is required.
- Hard to detect.
Man in the middle Attack
Like eavesdropping the attacker makes an independent connection between two victims and steals information to use fraudulently.
- Two Victims.
- 2 clients.
- 1 client and 1 server.
- Attacker controls information flow between victims.
- Can steal, modify and forward data to victims.
- ARP Poisoning.
Man in the browser Attack
A network-based attack that combines a man in the middle attack with the use of a Trojan horse to intercept and modify web transactions in real time.
- Trojan modifies victims web browser via extensions or scripts.
- Steals personal data.
- Prompt for creating token-based password or transaction PIN.
- Altered credentials can be used to redirect funds or data.
Replay Attacks
A network-based attack where an attacker captures network traffic and stores it for re-transmitting at a later time to gain unauthorized access to a specific host or network.
- Captures user names passwords and other authenticating data.
- Often goes undetected.
DoS Attack
A network-based attack where the attacker tries to disrupt or disable systems that provide network services.
- Consume networks available bandwidth.
- Consume system available resources.
- Exploit programming flaws in OSs and apps.
- Overload Email Inbox.
- Flood target from spoofed source addresses.
- Spoof target address and send data to multiple recipients.
DDoS Attack
A network-based attack where the attacker uses multiple computers on disparate networks to launch a DoS attack from many simultaneous sources.
- Uses unauthorized software to create Bots and a Botnet.
- May or may not step from malicious intent.
- Slashdot effect.
Hijacking Attacks
A group of network-based attacks where the attacker gains control of the communication between two systems, often masquerading as one of the entities.
Hijacking Attack Type | Description |
---|---|
Clickjacking | Attacker hides links under other web page elements. Victims unintentionally click the links |
DNS Hijacking | Attacker sets up a rogue DNS server The rogue server responds to legitimate requests with IP address for malicious or non-existent websites |
Domain Hijacking | Attacker steals a domain name Domain registration data altered and transferred Sometimes referred as Brandjacking |
Session Hijacking | Attacker exploits a legitimate computer session The goal is to obtain unauthorized access to an organizations network or services. Stealing session cookies, using sequence prediction and command injection and using ARP poisoning |
URL Hijacking/Typo Squatting | An attacker registers domain names that closely resemble the names of legitimate websites. The goal is to take advantage of the possibility of the domain name being mistyped into a browser. |
Amplification Attacks
A network-based attack where the attacker dramatically increases the bandwidth sent to the victim during a dos attack.
- ICMP, DNS, UDP or NTP
- Amplification factor
- small request invokes large payload
Attack Type | Description |
---|---|
ICMP Amplification | Known as Smurf Attacks Sends high volumes of ICMP ping packets to target. Less prevalent with advances in routing. |
DNS Amplification | DNS queries are sent with a spoofed IP to a DNS server so that the target receives a DNS response packet. Requesting additional Information increases the size of the response packet. |
UDP Amplification | Leverage network services to amplify their effects. DNS Amplification Fraggle Attacks: Sends high volumes of UDP packets to target. Less prevalent with advances in routing. |
NTP Amplification | Type of UDP amp attack Sending monlist requests result in response packets 556.9 times larger than the request. |
Pass The Hash Attacks
A network-based attack where the attacker steals hashed user credentials and uses them as-is to try to authenticate to the same network the hashed credentials originated on.
- No need for password cracking
- Affects Windows-based systems
- SSO protocols like NTLM and Kerberos.
- Administrative privileges needed to access cached credentials.
Rogue Access Points
An unauthorized wireless access point on a corporate or private network.
- Not easily detected.
- Can allow Man in the middle attacks.
- Access to private information.
Evil Twin Attacks
Unauthorized wireless access points that deceive users into believing that they are legitimate network access points.
- Corporate networks, private networks or public Wi-Fi hotspots.
- Common where you connect to a wireless network by selecting it from a list.
- Often named similarly to a valid access point.
Jamming
A situation where Radio waves from other devices (benign of malicious) interfere with the wireless signals used to communicate over wireless networks. Also referred to as interference.
- Common in home networks where other devices operate in neighboring bandwidths.
- Can use a Radio Transceiver to jam and intercept transmissions.
Bluejacking
Bluejacking: A wireless attack where an attacker sends unwanted Bluetooth signals from a smartphone, mobile phone, tablet or laptop to other Bluetooth-enabled devices.
Bluetooth: A short-range wireless radio network transmission medium normally used to connect two personal devices, such as a mobile phone and a wireless headset.
- Close range attack (10-100meters).
- Can send messages, images and videos.
- Device malfunction and malware infestation.
Bluesnarfing
A wireless attack where an attacker gains access to unauthorized information on a wireless device by using a Bluetooth connection.
- Close-range Attack.
- Bluetooth transmission limit is 328 feet.
- Can access and steal private data from Bluetooth devices.
- Emails.
- Contact information.
- Calendar entries.
- Images, videos and other data.
Near field Communication Attacks
NFC: A communication standard for wireless devices in close physical proximity (almost touching)
- In person transactions and data exchange.
- Android pay, apple pay, samsung pay.
- Very close-range attack.
RFID System Attacks
RFID: A technology that uses electromagnetic fields to automatically identify and track tags or chips affixed to selected objects and storing information about the objects.
- Tag and Reader.
- Inventory management and tracking.
- Human and animal identification and tracking.
- Contactless payments.
- Smart cards.
War Driving, War Walking and War Chalking
War driving/walking: A wireless threat where an attacker searches for wireless LAN networks while in motion by using wireless devices such as mobile phones, smart phones, tablets and laptops.
War chalking: A wireless threat where the attacker uses symbols to mark up a sidewalk or wall to indicate the presence and status of a nearby wireless network.
Packet Sniffing
A wireless attack where an attacker uses a protocol analyzer to capture data and register data flows.
- Often a precursor to other attacks.
- Can help organizations to monitor their own networks and prevent attacks.
- Less common on wired networks when managed switches are used.
IV Attacks
IV or Initialization Vector: A cryptographic technique that combines randomly generated numbers and secret keys to encrypt data.
IV attack: A wireless attack where the attacker predicts or controls the IV used in an encryption process, rendering the encrypted data vulnerable to access by the attacker.
Wireless Replay Attacks
- Common when weak or no wireless encryption is implemented.
- Used with IV attacks to break weak encryption.
WEP and WPA Attacks
WEP or Wired Equivalent Privacy Is a deprecated protocol that provides 64-bit ,128-bit and 256-bit encryption for wireless communications using the 802.11a and 802.11b protocols.
WPA or Wi-Fi Protected Access Is a wireless encryption protocol that generates a 128-bit key for each packet sent. Superseded by WPA2.
WPS Attacks
A wireless attack where an attacker leverages the insecure nature of WPS that allows wireless network connections based on an 8-digit PIN to drastically reduce the number of attempts it takes to crack the PIN.
- Intended to strengthen wireless security but fell short.
- How WPS checks the WPS PIN enables it to be cracked in hours.
Enabled by default.
- disable where possible.
- limit physical access to devices.
Wireless Disassociation
A wireless attack where the attacker spoofs the MAC address of a wireless access point to force a target device to try and re-associate with the WAP.
Physical Threats and Vulnerabilities
- General threats and vulnerabilities associated with risk assessment.
- Unauthorized access to facilities and hardware.
- Environmental issues that can damage or change access to physical resources.
- Sell equipment for quick cash.
- Sell information to interested parties.
Hardware Attacks
An attack that targets a computers physical components and peripherals including its hard disk, motherboard, keyboard, network cabling or smart card readers.
- Destruction of hardware.
- Acquiring sensitive information.
- Render data and devices unavailable to the owners.
Environmental Threats and Vulnerabilities
Environmental Threat | Effects and Mitigation Factors |
---|---|
Fire | Can destroy hardware and the data contained in it. Hazardous to people and systems Install systems in a fire-resistant facility, and install high-quality fire detection and suppression systems. |
Catastrophic weather events | Hurricanes and tornadoes can cause severe damage to hardware and data. Ensure that information systems are well contained and that the physical structure is built to appropriate codes and standards. |
Flood | Floods can cause as much damage as fire can. Check to see if you are in a flood plain before constructing a physical building. Follow appropriate building codes and obtain flood insurance. When possible, construct the building so that the lowest floor is above flood level. |
Extreme Temperature | Heat degrades hardware components Implement temperature controls and monitors |
Extreme Humidity | Can cause rust, deterioration and degradation Implement adequate ventilation and humidity controls and monitors |
Security threats are a pervasive concern in today’s digital age. This post provides a comprehensive overview of the threats individuals and organizations face, equipping you with the knowledge needed to recognize, defend against, and mitigate these risks. Whether you’re preparing for the CompTIA Security+ certification or seeking to enhance your cybersecurity expertise, this guide is a valuable resource.
You can find all of our CompTIA Sec+ guides here: CompTIA Sec+
We also have guides for the CompTIA A+ here: CompTIA A+
Recommendation:
Basic Security Testing with Kali Linux: https://amzn.to/3S0t7Vq