YoVDO

Threat Modeling: Spoofing In Depth

Offered By: LinkedIn Learning

Tags

Threat Intelligence Courses Cybersecurity Courses Web Security Courses OSI Model Courses Threat Mitigation Courses TLS Courses Spoofing Courses STRIDE Courses

Course Description

Overview

Learn about one of the key threats to modern systems: spoofing, or authentication attacks. Explore ways that attackers spoof people, machines, file systems, and processes.

Syllabus

Introduction
  • Mitigate spoofing threats
  • Four-question framework
  • Spoofing as a part of STRIDE
1. Authentication Basics
  • Account creation
  • Authentication factors
2. Spoofing Authentication Factors
  • Attacking what you know
  • Attacking what you have
  • Attacking what you are
  • Attacking where you are
  • Attacking who you know
  • Attacking phone authentication
3. Spoofing Hosts
  • Spoofing a host
  • Advanced host spoofing
  • Spoofing the OSI model
  • What you know in host spoofing
  • Spoofing TLS
4. Spoofing People
  • Spoofing a specific person in email
  • Spoofing a person on a website
  • Spoofing a person in video and audio
5. Spoofing Files
  • The nature of "open" and paths
  • Libraries (LD_PATH, %Downloads%)
  • Defenses with extra fail
Conclusion
  • Next steps

Taught by

Adam Shostack

Related Courses

Internet History, Technology, and Security
University of Michigan via Coursera Client-Server Communication
Google via Udacity HTTP & Web Servers
Udacity Network Security
Georgia Institute of Technology via Udacity Web Security Fundamentals
KU Leuven University via edX