x

75% of people globally want unbiased news (Pew Research) but are concerned they're not getting that.

Get balanced coverage with Symby. See how stories are covered across diverse outlets and spot when one side covers a story the other skips.

PODCAST

Certified - CompTIA CYSA+ Audio Course

Dr. Jason Edwards

The CYSA+ Audio Course is your complete, exam-focused companion for mastering the CompTIA Cybersecurity Analyst (CYSA+) certification. Designed for learners who are always on the move, this Audio Course transforms the official exam objectives into clear, structured, and easy-to-follow lessons. Each episode helps you understand, retain, and apply key cybersecurity analysis skills—covering threat detection, vulnerability management, security architecture, and incident response. Whether you’re studying

education courses

All Episodes

13:44

Episode 91: Privilege Escalation Techniques and Dangers

Certified - CompTIA CYSA+ Audio Course ·

2025/07/15

Attackers often start with limited access—but they rarely stay there. In this episode, we break down privilege escalation vulnerabilities, which allow attackers to move from low-level accounts to administrative or root-level control. You’ll learn the difference between vertical and horizontal escalation, how flaws in permissions, service configurations, or kernel-level bugs create these pathways, and how they're exploited post-compromise.We’ll also discuss how privilege escalation is

en

14:59

Episode 90: Remote Code Execution (RCE) Threats

Certified - CompTIA CYSA+ Audio Course ·

2025/07/15

Few vulnerabilities are as critical—or as devastating—as remote code execution. In this episode, we explore how RCE vulnerabilities allow attackers to run arbitrary code on target systems, often with high privileges and zero user interaction. You’ll learn how RCE flaws emerge from input validation failures, memory corruption bugs, insecure deserialization, and unsafe system calls.We discuss how RCE is detected through scanning, monitoring, and behavioral analytics—and how exploitation leads

en

14:59

Episode 89: Server-Side Request Forgery (SSRF)

Certified - CompTIA CYSA+ Audio Course ·

2025/07/15

Some of the most dangerous requests come from inside the house. In this episode, we unpack Server-Side Request Forgery (SSRF), a vulnerability that allows attackers to trick a server into sending requests to internal services, external endpoints, or cloud metadata APIs. You’ll learn how attackers abuse server-side functionality to pivot into otherwise inaccessible environments, bypass firewalls, or extract sensitive data.We cover how SSRF shows up in APIs, file-fetching features, and

en

14:28

Episode 88: Identification and Authentication Failures

Certified - CompTIA CYSA+ Audio Course ·

2025/07/15

If attackers can bypass your login system, the rest of your defenses may not matter. In this episode, we explore identification and authentication failures such as broken login flows, weak password policies, exposed session tokens, and improper use of multifactor authentication (MFA). These flaws make it easy for attackers to impersonate users or hijack their sessions—and they continue to top OWASP and real-world breach reports alike.We also walk through common mitigation strategies,

en

13:36

Episode 87: End-of-Life and Legacy Component Risk

Certified - CompTIA CYSA+ Audio Course ·

2025/07/15

Running outdated software isn't just inconvenient—it’s dangerous. In this episode, we explore the risks posed by end-of-life (EOL) systems and unsupported components, which often lack vendor patches, security updates, or compatibility with modern security tools. You'll learn how attackers specifically target legacy platforms due to known vulnerabilities and weak default settings.We also examine how to detect legacy risk during assessments, how to escalate findings when business dependencies

en

14:15

Episode 86: Security Misconfiguration Issues

Certified - CompTIA CYSA+ Audio Course ·

2025/07/15

Even the strongest tools can be rendered useless by poor configuration. In this episode, we explore how security misconfigurations—ranging from default credentials and exposed directories to verbose error messages and unrestricted administrative interfaces—create pathways for attackers. These issues often appear in cloud platforms, web servers, mobile apps, and third-party services.You’ll learn how to identify misconfigurations using vulnerability scanners, manual reviews, and cloud audit

en

13:01

Episode 85: Insecure Design Patterns

Certified - CompTIA CYSA+ Audio Course ·

2025/07/15

Not all vulnerabilities are bugs—some are architectural. In this episode, we explore the concept of insecure design, a growing concern recognized in recent OWASP rankings. You’ll learn how poor design choices—such as excessive trust in client input, lack of threat modeling, or missing authorization layers—can create exploitable conditions even when code functions as intended.We discuss how analysts spot these issues during assessments, how red teams exploit them during engagements, and how

en

14:09

Episode 84: Directory Traversal Vulnerabilities

Certified - CompTIA CYSA+ Audio Course ·

2025/07/15

When input isn’t properly restricted, users can end up accessing far more than intended. In this episode, we break down directory traversal vulnerabilities—flaws that allow attackers to manipulate file paths and access sensitive files or directories outside of the intended web root. You’ll learn how inputs like ../ or encoded path characters can lead to file exposure, configuration leaks, and credential disclosure.We’ll also explore how these flaws are commonly found in poorly configured

en

15:18

Episode 83: Cross-Site Request Forgery (CSRF)

Certified - CompTIA CYSA+ Audio Course ·

2025/07/15

In this episode, we examine Cross-Site Request Forgery, or CSRF—a vulnerability that tricks authenticated users into executing unwanted actions on a web application. You’ll learn how attackers exploit user sessions by embedding malicious links or scripts in third-party sites, emails, or ads, effectively hijacking user privileges to perform unauthorized actions.We explore real-world CSRF use cases such as changing account settings, resetting passwords, or transferring funds without the

en

13:37

Episode 82: Injection Flaws Explained

Certified - CompTIA CYSA+ Audio Course ·

2025/07/15

Injection vulnerabilities have been on the OWASP Top Ten for years—and for good reason. In this episode, we explain how SQL, command-line, and LDAP injection flaws allow attackers to manipulate input to execute unintended commands or access unauthorized data. You’ll learn the anatomy of a basic injection attack, how user input is weaponized, and what kinds of systems are most susceptible.We’ll cover mitigation strategies like input sanitization, output encoding, parameterized queries, and

en

14:30

Episode 81: Cryptographic Failures

Certified - CompTIA CYSA+ Audio Course ·

2025/07/15

When encryption fails, the consequences can be catastrophic. In this episode, we explore cryptographic failures—formerly called "Sensitive Data Exposure" in the OWASP Top Ten—and why they continue to affect even high-profile organizations. You’ll learn how weak encryption algorithms, improper key management, and poor implementation practices expose data at rest and in transit.We’ll also walk through common examples, including hardcoded credentials, expired certificates, missing HTTPS, and

en

13:29

Episode 80: Broken Access Control Flaws

Certified - CompTIA CYSA+ Audio Course ·

2025/07/15

Access control determines who can do what—and when it breaks, attackers often find a clear path in. In this episode, we take a deep dive into broken access control vulnerabilities, one of the most serious and widespread categories in application security. You’ll learn how horizontal and vertical privilege escalation works, what insecure direct object references (IDORs) are, and how misconfigured roles, permissions, or logic create dangerous exposures.We also cover how to detect these flaws

en

13:45

Episode 79: Data Poisoning Risks

Certified - CompTIA CYSA+ Audio Course ·

2025/07/15

When attackers manipulate training data or trusted inputs, they can corrupt the very systems meant to defend against them. In this episode, we explore data poisoning—a type of vulnerability where attackers inject malicious or misleading data into machine learning models, behavioral analytics engines, or input streams used for automation. You’ll learn how this manipulation affects detection systems, recommendation engines, and even AI-based anomaly detection.We also discuss how data

en

14:15

Episode 78: Overflow Vulnerabilities

Certified - CompTIA CYSA+ Audio Course ·

2025/07/15

When a program doesn’t control how much data it processes, memory can be overwritten—and attackers can take control. In this episode, we explore the mechanics and consequences of overflow vulnerabilities: buffer, heap, stack, and integer overflows. You’ll learn how these vulnerabilities are introduced, why low-level programming languages like C are more susceptible, and how attackers exploit them to execute arbitrary code or crash applications.We also examine how modern systems use defenses

en

13:20

Episode 77: Cross-Site Scripting Vulnerabilities (XSS)

Certified - CompTIA CYSA+ Audio Course ·

2025/07/15

Cross-site scripting, or XSS, is one of the most common and dangerous web application vulnerabilities. In this episode, we break down the three primary types—reflected, persistent, and DOM-based XSS—and explain how each one works, what it targets, and how attackers use it to steal session cookies, impersonate users, or inject malicious content into trusted pages.We also walk through how these attacks are identified in scans and logs, how they can be remediated through input validation and

en

13:44

Episode 76: Asset Value and Business Impact

Certified - CompTIA CYSA+ Audio Course ·

2025/07/15

Every vulnerability exists in the context of what it could damage—and that’s where asset valuation comes in. In this episode, we explore how security analysts assess the value of an asset and how that valuation affects how quickly a vulnerability must be addressed. You'll learn how asset types—like domain controllers, public-facing servers, or databases containing sensitive data—are categorized based on business criticality, confidentiality impact, and operational risk.We also look at how

en

14:18

Episode 75: Weaponization and Exploitability...

Certified - CompTIA CYSA+ Audio Course ·

2025/07/15

A vulnerability doesn’t become a threat until someone weaponizes it—and that’s when it becomes truly urgent. In this episode, we explore the concepts of exploitability and weaponization in depth. You’ll learn how analysts determine whether a vulnerability is likely to be exploited in the wild, what tools and threat intel feeds help assess real-world usage, and how exploit maturity affects prioritization.We’ll also walk through examples of vulnerabilities that appear severe on paper but are

en

15:01

Episode 74: Context-Aware Vulnerability Analysis

Certified - CompTIA CYSA+ Audio Course ·

2025/07/15

Sometimes the same vulnerability poses very different risks depending on the environment. This episode teaches you how to analyze vulnerabilities in context—a crucial CySA+ concept and a daily responsibility in the SOC. You’ll learn how factors like asset criticality, network location, user roles, data exposure, and isolation strategies shape whether a vulnerability should be escalated, accepted, or deprioritized.We’ll also cover how organizations use context-aware dashboards and asset

en

13:56

Episode 73: Validating Scanner Results – Reducing...

Certified - CompTIA CYSA+ Audio Course ·

2025/07/15

Automated scanners are powerful—but they’re not perfect. In this episode, we explore the analyst’s role in validating scan results, filtering out false positives, and identifying dangerous false negatives. You’ll learn what kinds of vulnerabilities are frequently misidentified, why context matters when interpreting findings, and how to verify scanner output using logs, manual checks, and behavioral analysis.We also discuss why validation is critical in highly regulated environments where

en

14:41

Episode 72: Understanding CVSS and Scoring...

Certified - CompTIA CYSA+ Audio Course ·

2025/07/15

Not all vulnerabilities are created equal—and CVSS helps quantify just how severe they are. In this episode, we provide an in-depth breakdown of the Common Vulnerability Scoring System (CVSS), which is one of the most widely used methods for prioritizing remediation efforts based on impact and exploitability. You’ll learn how CVSS scores are calculated using factors like attack vector, complexity, required privileges, user interaction, and potential impact on confidentiality, integrity, and

en

131 results

Similar Podcasts

Science Talk

Albert Einstein College of Medicine

五分钟心理学

柠檬心理

Daily Facts

Amalia Dupray and Montgomery Jones.

Les dents et dodo

BFMTV

Veterinary Clinical Podcasts

The Royal Veterinary College