Information System Security Officer / Generalist
Applied-level certification for ISSO/governance roles. CTF-supported content for technical controls; requires non-CTF governance capsules.
Governance, Risk, Compliance and Security Policies [Non-CTF]
No cards in this course yet.
Vulnerability Oversight, Incidents and Controls
Correlating Multi-Host Authentication Anomalies to Detect Lateral Movement
Correlating Audit Events Across Linux and Windows Privilege Escalation Transitions
QR code decode
Sigreturn-Oriented Programming: Signal Frame Hijacking for Full CPU Register Control with Minimal Gadgets
Morse Code Decoding: Timing Analysis, Delimiter Identification and Transcription Methodology
Bacon cipher
Zero-width steganography
Brainfuck encoding
NATO phonetic alphabet
Multi-layer encoding chain
QR Code Forensics: Error Correction Analysis and Partially Damaged Payload Reconstruction
Baudot encoding
Leetspeak obfuscation
Azure RBAC Misconfiguration: Subscription-Scope Role Assignments and Service Principal Abuse
AWS Service Control Policy Misconfiguration: Cross-Account Permission Escalation
S3 Bucket Policy Misconfiguration: Public Access, Cross-Account Grants and Transport Gaps
AWS Cognito Unauthenticated Identity Pool Exploitation: Anonymous Credential Escalation
Terraform State Manipulation: Injecting Malicious Resource Definitions via Backend Write Access
AWS CloudFormation Credential Exposure: Extracting Secrets from Stack Templates
AWS Lambda Execution Role Privilege Escalation: Function Invocation for IAM Abuse
AWS Secrets Manager Access Control Weaknesses: Scoping IAM Policies for GetSecretValue
AWS Confused Deputy Attack: Cross-Account Role Assumption Without External ID Enforcement
Reconstructing SMTP Email Sessions and Extracting Attachments from Network Traffic Captures
Parsing FTP Command and Response Traffic with Passive Mode Data Channel Reconstruction
Parsing Telnet IAC Command Sequences and Reconstructing Plaintext Sessions from PCAP
Reconstructing IRC Sessions via Protocol PCAP Analysis and Channel Message Content Recovery
Reconstructing LDAP Directory Queries via PCAP Analysis and Enumeration Pattern Detection
Analyzing WebSocket PCAP Captures via HTTP Upgrade Detection and Frame Payload Extraction
Reconstructing SIP Call Dialogs and Extracting RTP Stream Parameters for VoIP Forensics
Enumerating Local Services via mDNS PCAP Multicast Record Analysis and Host Fingerprinting
Interpreting Modbus/TCP Function Codes and Extracting PLC Register Values from PCAP
Executive Communication and Decision-Making [Non-CTF]
No cards in this course yet.
CTFFactory ISSO / Cyber Governance Practitioner
Applied credential — awarded upon completion