All Episodes
Displaying 21 - 40 of 119 in total
Episode 21 — Threats vs. Vulnerabilities: Likelihood, Impact, and Life Cycle (2.1)
This episode explains the difference between a threat, a vulnerability, and risk, which is essential for understanding Security+ scenarios. A threat is something that ...
Episode 22 — Threat Feeds and Intelligence Sources (2.1)
This episode covers threat feeds and intelligence sources as tools that help security teams understand which threats matter most. Students should recognize sources suc...
Episode 23 — Vulnerability Scoring: CVSS, CVEs, and Prioritization (2.1)
This episode explains CVEs and CVSS as common tools for identifying and scoring vulnerabilities. A CVE is a public identifier for a known vulnerability, while CVSS pro...
Episode 24 — Vulnerability Types and Risk-Based Decisions (2.1)
This episode covers common vulnerability types across software, configuration, identity, cloud, and operational processes. Students should recognize that vulnerabiliti...
Episode 25 — Threat Actors: Organized Crime, Terrorists, Hacktivists, and Insiders (2.2)
This episode introduces major threat actor categories and explains how their goals and behavior differ. Organized crime groups often pursue financial gain through frau...
Episode 26 — State-Sponsored, Competitors, Accidental, and Unskilled Attackers (2.2)
This episode explains additional threat actor types, including state-sponsored actors, competitors, accidental users, and unskilled attackers. State-sponsored actors m...
Episode 27 — Motivations and Capabilities: Money, Espionage, Ideology, and Extortion (2.2)
This episode connects attacker motivations to tactics, target selection, persistence, and expected impact. Financially motivated attackers may focus on ransomware, pay...
Episode 28 — APTs and the Modern Threat Vector Map (2.3)
This episode introduces advanced persistent threats and uses them as a bridge into the broader Security+ threat vector landscape. An advanced persistent threat is typi...
Episode 29 — Message-Based Attacks: Email, SMS, RCS, IM, and Collaboration Tools (2.3)
This episode covers message-based attacks delivered through email, SMS, Rich Communication Services, instant messaging, and collaboration platforms. Students should un...
Episode 30 — Image and Attachment Attacks: QR Codes, CAPTCHA Abuse, Macros, PDFs, and RTF (2.3)
This episode explains how attackers use familiar images and file types to deliver malicious content or manipulate user trust. QR-code attacks can move users from a pro...
Episode 31 — Browser-Based Attacks: Extensions, JavaScript, Cookies, Password Managers, and Session Tokens (2.3)
This episode explains why the browser is a major attack surface in modern environments and how attackers target the tools users rely on every day. Students should unde...
Episode 32 — Network, Remote Access, and Endpoint Threat Sources (2.3)
This episode covers threat sources connected to infrastructure devices, virtualized systems, session keys, remote desktop, VNC, VPNs, mobile devices, servers, tablets,...
Episode 33 — Supply Chain, SaaS, USB, Human, IoT, OT, Physical, Bluetooth, RF, and NFC Threats (2.3)
This episode explains how attack paths often begin outside an organization’s directly managed systems. Students should understand supply chain risks involving third-pa...
Episode 34 — Unsupported, Unpatched, Obsolete, and Unmanaged Systems (2.4)
This episode explains why unsupported, unpatched, obsolete, and unmanaged systems create serious attack surface risk. Unsupported systems may no longer receive securit...
Episode 35 — Ports, Services, Applications, Race Conditions, and Malicious Updates (2.4)
This episode covers several common sources of technical exposure, including open ports, unnecessary services, vulnerable applications, race conditions, time-of-check/t...
Episode 36 — Code Weaknesses: Hardcoded Secrets and Unsafe Exception Handling (2.4)
This episode explains two code-level weaknesses that frequently create preventable security problems: hardcoded secrets and unsafe exception handling. Hardcoded passwo...
Episode 37 — Stale Credentials, Rogue Devices, Shadow IT, Wireless, Mobile, and Identity Provider Risks (2.4)
This episode covers attack surface risks created by unmanaged identities, unmanaged assets, and uncontrolled technology use. Stale credentials remain active after user...
Episode 38 — LLMs, Misconfigurations, Public Repositories, and Public Object Storage (2.4)
This episode explains newer and common attack surfaces involving large language models, cloud misconfigurations, exposed repositories, leaked secrets, and public objec...
Episode 39 — Malware Indicators: Ransomware, Trojans, Worms, Spyware, and Fileless Malware (2.5)
This episode covers common malware indicators and what they may reveal during detection or investigation. Ransomware may produce encryption notices, renamed files, ina...
Episode 40 — Physical and Network Attack Indicators (2.5)
This episode explains indicators associated with physical and network attacks and how evidence may appear across different sources. Physical attack indicators include ...