You're reading from CompTIA CySA+ (CS0-003) Certification Guide Pass the CySA+ exam on your first attempt with complete topic coverage, expert tips, and practice resources

Product type Paperback

Published in Apr 2025

Publisher Packt

ISBN-13 9781835468920

Length 742 pages

Edition 1st Edition

Concepts

Cybersecurity

Author (1):

Jonathan Isley

View More author details

Table of Contents (19) Chapters

Preface

1. Chapter 1: IAM, Logging, and Security Architecture

2. Chapter 2: Attack Frameworks FREE CHAPTER

3. Chapter 3: Incident Response Preparation and Detection

4. Chapter 4: Incident Response – Containment, Eradication, Recovery, and Post-Incident Activities

5. Chapter 5: Efficiency in Security Operations

6. Chapter 6: Threat Intelligence and Threat Hunting

7. Chapter 7: Indicators of Malicious Activity

8. Chapter 8: Tools and Techniques for Malicious Activity Analysis

9. Chapter 9: Attack Mitigations

10. Chapter 10: Risk Control and Analysis

11. Chapter 11: Vulnerability Management Program

12. Chapter 12: Vulnerability Assessment Tools

13. Chapter 13: Vulnerability Prioritization

14. Chapter 14: Incident Reporting and Communication

15. Chapter 15: Vulnerability Management Reporting and Communication

16. Chapter 16: Accessing the Online Practice Resources

17. Index

Why Subscribe?

18. Other Books You May Enjoy

Operating System

In this section, you will explore key concepts related to OSs, which form the backbone of any IT infrastructure. Understanding hardware architecture is crucial as it lays the foundation for how an OS interacts with physical components. You will delve into the Windows Registry, a vital database that stores configuration settings and options for the OS. Additionally, you will learn about file structures for both Windows and Linux, highlighting the differences and similarities in how these systems organize and manage files.

Configuration file locations will also be covered, providing insights into where and how important system and application settings are stored and managed. You will examine system processes, focusing on common processes that allow Windows and Linux to handle tasks and services to ensure smooth operation. Finally, the section will emphasize the importance of system hardening, discussing strategies and best practices to reduce vulnerabilities and enhance the security of your OS.

Hardware Architecture

The physical hardware architecture of a machine is not immune from attacks. Specific attacks may be designed for specific hardware architectures, such as CPUs from Intel or AMD. Today, most computers run on either x86 or x64 chips, but due to variations in hardware and software, code may not always run as intended in every situation. Even so, attackers often have evolved code development processes, testing on many different architectures. This means that simply having different architectures will not ensure a safeguard against successful attacks. In 2018, two hardware-related vulnerabilities (named Spectre and Meltdown) occurred. They targeted several different processor types, including Intel x86, IBM Power, and ARM-based processors. They both maliciously exploited how CPUs handle speculative execution, which allowed them to bypass memory protection to perform more attacks, such as privilege escalation and side-channel attacks. They were later resolved through OS patches from vendors and BIOS updates from CPU manufacturers. It is important to know what hardware you are using to be aware of any related threats so that you can evaluate risk and apply controls to best protect the hardware.

An additional concern for hardware is supply chain attacks. These attacks target hardware before it arrives for use. For instance, during the manufacturing process, implanting potential means to compromise organizations after installation occurs. An example is the 2018 Supermicro motherboard attack. It is alleged that Chinese actors implanted microchips designed for malicious purposes on Supermicro motherboards while they were being manufactured. The chips could bypass security settings, allowing the potential compromise of systems that used the motherboard. If an organization was found to have this issue, it would have required replacing affected hardware with new hardware that did not have the affected Supermicro motherboards. It also could have required a broader internal review to find any other compromises due to the motherboard attack and to resolve them on a case-by-case basis. In these cases, it is important to have a vendor management process and a risk-based approach to evaluate new hardware.

Windows Registry

The Windows Registry is where the Windows OS stores configuration settings and options for the OS and software. It is a crucial component of the OS as it assists with managing aspects of the computer operation, such as configuration settings, system and application preferences, user profiles, and hardware information, enabling the OS and installed applications to function correctly and adapt to user-specific requirements.

Registry Editor (regedit) is a built-in tool that can be used to easily view and interact with the Windows Registry. In Figure 1.21, you can see an example view of the Registry Editor screen. It shows the main key hives drilled down to the HKEY_LOCAL_MACHINE\SECURITY key, which is primarily used for storing security-related information and settings, such as access lists for system resources.

Figure 1.21: Windows Registry Editor

The settings and options found in the Registry are organized into a structured database. It contains a hierarchical structure of hives, keys, subkeys, and values. As shown in the figure, the hive is HKEY_LOCAL_MACHINE, SECURITY is the parent key, and the right frame shows elements of values defined by name, type, and data. Hives are the first level of the hierarchical structure representing the logical grouping of Registry data, containing sets of keys and values. Keys are organizational units in the next level of the hierarchal structure that contain other subkeys and values. Values store specific information and settings and can contain strings, binary data, numeric data, links to other Registry entries, or component data.

There are five main hives to be aware of:

HKEY_CLASSES_ROOT (HKCR) – Contains links between file extensions and applications to open them
HKEY_CURRENT_USER (HKCU) – Preferences, environment variables, and configuration settings for the currently logged-in user
HKEY_LOCAL_MACHINE (HKLM) – System-wide settings for all users, including services and scheduled tasks
HKEY_USERS (HKU) – Configuration settings for all system users
HKEY_CURRENT_CONFIG (HKCC) – Local system and hardware configuration

Being a crucial component of the OS, the Windows Registry requires protection. It can be protected by various means including access control, antivirus and antimalware, Group Policy settings, and user account control (UAC).

Windows Registry is a popular target for attackers, such as being a vector for persistence methods. It can be corrupted to cause system outages and impact. It can also be a vector for performing privilege escalation, allowing an attacker to gain a higher level of permissions.