Cargando…
CompTIA PenTest+ study guide : exam PT0-002 /
Prepare for success on the new PenTest+ certification exam and an exciting career in penetration testing In the revamped Second Edition of CompTIA PenTest+ Study Guide: Exam PT0-002, veteran information security experts Dr. Mike Chapple and David Seidl deliver a comprehensive roadmap to the foundati...
| Clasificación: | Libro Electrónico |
|---|---|
| Autores principales: | , |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Hoboken, New Jersey :
John Wiley & Sons, Inc.,
2021.
|
| Edición: | Second edition. |
| Temas: | |
| Acceso en línea: | Texto completo (Requiere registro previo con correo institucional) |
MARC
| LEADER | 00000cam a2200000Ii 4500 | ||
|---|---|---|---|
| 001 | OR_on1291711206 | ||
| 003 | OCoLC | ||
| 005 | 20231017213018.0 | ||
| 006 | m o d | ||
| 007 | cr cnu|||unuuu | ||
| 008 | 220112s2021 nju ob 001 0 eng d | ||
| 040 | |a N$T |b eng |e rda |e pn |c N$T |d N$T |d OCLCO |d ORMDA |d UKMGB |d OCLCF |d OCLCO |d YDX |d IEEEE |d OCLCQ | ||
| 015 | |a GBC213304 |2 bnb | ||
| 016 | 7 | |a 020364893 |2 Uk | |
| 020 | |a 9781119823827 |q (electronic bk.) | ||
| 020 | |a 111982382X |q (electronic bk.) | ||
| 020 | |a 9781394177653 |q (electronic bk.) | ||
| 020 | |a 1394177658 |q (electronic bk.) | ||
| 020 | |a 9781119823834 |q (electronic bk.) | ||
| 020 | |a 1119823838 |q (electronic bk.) | ||
| 020 | |z 9781119823810 | ||
| 024 | 7 | |a 10.1002/9781394177653 |2 doi | |
| 029 | 1 | |a UKMGB |b 020364893 | |
| 029 | 1 | |a AU@ |b 000070516212 | |
| 035 | |a (OCoLC)1291711206 | ||
| 037 | |a 9781119823810 |b O'Reilly Media | ||
| 037 | |a 9953197 |b IEEE | ||
| 050 | 4 | |a QA76.9.A25 | |
| 082 | 0 | 4 | |a 005.8 |2 23 |
| 049 | |a UAMI | ||
| 100 | 1 | |a Chapple, Mike, |e author. | |
| 245 | 1 | 0 | |a CompTIA PenTest+ study guide : |b exam PT0-002 / |c Mike Chapple, David Seidl. |
| 250 | |a Second edition. | ||
| 264 | 1 | |a Hoboken, New Jersey : |b John Wiley & Sons, Inc., |c 2021. | |
| 300 | |a 1 online resource. | ||
| 336 | |a text |b txt |2 rdacontent | ||
| 337 | |a computer |b c |2 rdamedia | ||
| 338 | |a online resource |b cr |2 rdacarrier | ||
| 588 | 0 | |a Online resource; title from PDF title page (EBSCO, viewed January 12, 2022). | |
| 504 | |a Includes bibliographical references and index. | ||
| 520 | |a Prepare for success on the new PenTest+ certification exam and an exciting career in penetration testing In the revamped Second Edition of CompTIA PenTest+ Study Guide: Exam PT0-002, veteran information security experts Dr. Mike Chapple and David Seidl deliver a comprehensive roadmap to the foundational and advanced skills every pentester (penetration tester) needs to secure their CompTIA PenTest+ certification, ace their next interview, and succeed in an exciting new career in a growing field. You'll learn to perform security assessments of traditional servers, desktop and mobile operating systems, cloud installations, Internet-of-Things devices, and industrial or embedded systems. You'll plan and scope a penetration testing engagement including vulnerability scanning, understand legal and regulatory compliance requirements, analyze test results, and produce a written report with remediation techniques. This book will: Prepare you for success on the newly introduced CompTIA PenTest+ PT0-002 Exam Multiply your career opportunities with a certification that complies with ISO 17024 standards and meets Department of Defense Directive 8140/8570.01-M requirements Allow access to the Sybex online learning center, with chapter review questions, full-length practice exams, hundreds of electronic flashcards, and a glossary of key terms Perfect for anyone preparing for the updated CompTIA PenTest+ certification exam, CompTIA PenTest+ Study Guide: Exam PT0-002 is also a must-read resource for aspiring penetration testers and IT security professionals seeking to expand and improve their skillset. | ||
| 505 | 0 | |a Introduction xxv -- Assessment Test xxxix -- Chapter 1 Penetration Testing 1 -- What Is Penetration Testing? 2 -- Cybersecurity Goals 2 -- Adopting the Hacker Mindset 4 -- Ethical Hacking 5 -- Reasons for Penetration Testing 5 -- Benefits of Penetration Testing 6 -- Regulatory Requirements for Penetration Testing 7 -- Who Performs Penetration Tests? 8 -- Internal Penetration Testing Teams 8 -- External Penetration Testing Teams 9 -- Selecting Penetration Testing Teams 10 -- The CompTIA Penetration Testing Process 10 -- Planning and Scoping 11 -- Information Gathering and Vulnerability Scanning 11 -- Attacks and Exploits 12 -- Reporting and Communication 13 -- Tools and Code Analysis 13 -- The Cyber Kill Chain 14 -- Reconnaissance 15 -- Weaponization 16 -- Delivery 16 -- Exploitation 16 -- Installation 16 -- Command and Control 16 -- Actions on Objectives 17 -- Tools of the Trade 17 -- Reconnaissance 20 -- Vulnerability Scanners 21 -- Social Engineering 21 -- Credential Testing Tools 22 -- Debuggers and Software Testing Tools 22 -- Network Testing 23 -- Remote Access 23 -- Exploitation 24 -- Steganography 24 -- Cloud Tools 25 -- Summary 25 -- Exam Essentials 25 -- Lab Exercises 26 -- Activity 1.1: Adopting the Hacker Mindset 26 -- Activity 1.2: Using the Cyber Kill Chain 26 -- Review Questions 27 -- Chapter 2 Planning and Scoping Penetration Tests 31 -- Scoping and Planning Engagements 34 -- Assessment Types 35 -- Known Environments and Unknown Environments 35 -- The Rules of Engagement 37 -- Scoping Considerations—A Deeper Dive 39 -- Support Resources for Penetration Tests 42 -- Penetration Testing Standards and Methodologies 44 -- Key Legal Concepts for Penetration Tests 46 -- Contracts 46 -- Data Ownership and Retention 47 -- Permission to Attack (Authorization) 47 -- Environmental Differences and Location Restrictions 48 -- Regulatory Compliance Considerations 49 -- Summary 51 -- Exam Essentials 52 -- Lab Exercises 53 -- Review Questions 54 -- Chapter 3 Information Gathering 59 -- Footprinting and Enumeration 63 -- OSINT 64 -- Location and Organizational Data 65 -- Infrastructure and Networks 68 -- Security Search Engines 74 -- Google Dorks and Search Engine Techniques 77 -- Password Dumps and Other Breach Data 77 -- Source Code Repositories 78 -- Passive Enumeration and Cloud Services 78 -- Active Reconnaissance and Enumeration 78 -- Hosts 79 -- Services 79 -- Networks, Topologies, and Network Traffic 85 -- Packet Crafting and Inspection 88 -- Enumeration 90 -- Information Gathering and Code 97 -- Avoiding Detection 99 -- Information Gathering and Defenses 99 -- Defenses Against Active Reconnaissance 100 -- Preventing Passive Information Gathering 100 -- Summary 100 -- Exam Essentials 101 -- Lab Exercises 102 -- Activity 3.1: Manual OSINT Gathering 102 -- Activity 3.2: Exploring Shodan 102 -- Activity 3.3: Running an Nmap Scan 103 -- Review Questions 104 -- Chapter 4 Vulnerability Scanning 109 -- Identifying Vulnerability Management Requirements 112 -- Regulatory Environment 112 -- Corporate Policy 116 -- Support for Penetration Testing 116 -- Identifying Scan Targets 117 -- Determining Scan Frequency 118 -- Active vs. Passive Scanning 120 -- Configuring and Executing Vulnerability Scans 121 -- Scoping Vulnerability Scans 121 -- Configuring Vulnerability Scans 122 -- Scanner Maintenance 129 -- Software Security Testing 131 -- Analyzing and Testing Code 131 -- Web Application Vulnerability Scanning 133 -- Developing a Remediation Workflow 138 -- Prioritizing Remediation 140 -- Testing and Implementing Fixes 141 -- Overcoming Barriers to Vulnerability Scanning 141 -- Summary 143 -- Exam Essentials 143 -- Lab Exercises 144 -- Activity 4.1: Installing a Vulnerability Scanner 144 -- Activity 4.2: Running a Vulnerability Scan 145 -- Activity 4.3: Developing a Penetration Test Vulnerability Scanning Plan 145 -- Review Questions 146 -- Chapter 5 Analyzing Vulnerability Scans 151 -- Reviewing and Interpreting Scan Reports 152 -- Understanding CVSS 156 -- Validating Scan Results 162 -- False Positives 162 -- Documented Exceptions 162 -- Understanding Informational Results 163 -- Reconciling Scan Results with Other Data Sources 164 -- Trend Analysis 164 -- Common Vulnerabilities 165 -- Server and Endpoint Vulnerabilities 166 -- Network Vulnerabilities 175 -- Virtualization Vulnerabilities 181 -- Internet of Things (IoT) 183 -- Web Application Vulnerabilities 184 -- Summary 186 -- Exam Essentials 187 -- Lab Exercises 188 -- Activity 5.1: Interpreting a Vulnerability Scan 188 -- Activity 5.2: Analyzing a CVSS Vector 188 -- Activity 5.3: Developing a Penetration Testing Plan 189 -- Review Questions 190 -- Chapter 6 Exploiting and Pivoting 195 -- Exploits and Attacks 198 -- Choosing Targets 198 -- Enumeration 199 -- Identifying the Right Exploit 201 -- Exploit Resources 204 -- Exploitation Toolkits 206 -- Metasploit 206 -- PowerSploit 212 -- BloodHound 213 -- Exploit Specifics 213 -- RPC/DCOM 213 -- PsExec 214 -- PS Remoting/WinRM 214 -- WMI 214 -- Fileless Malware and Living Off the Land 215 -- Scheduled Tasks and cron Jobs 216 -- SMB 217 -- DNS 219 -- RDP 220 -- Apple Remote Desktop 220 -- VNC 220 -- SSH 220 -- Network Segmentation Testing and Exploits 221 -- Leaked Keys 222 -- Leveraging Exploits 222 -- Common Post-Exploit Attacks 222 -- Cross Compiling 225 -- Privilege Escalation 226 -- Social Engineering 226 -- Escaping and Upgrading Limited Shells 227 -- Persistence and Evasion 228 -- Scheduled Jobs and Scheduled Tasks 228 -- Inetd Modification 228 -- Daemons and Services 229 -- Backdoors and Trojans 229 -- Data Exfiltration and Covert Channels 230 -- New Users 230 -- Pivoting 231 -- Covering Your Tracks 232 -- Summary 233 -- Exam Essentials 234 -- Lab Exercises 235 -- Activity 6.1: Exploit 235 -- Activity 6.2: Discovery 235 -- Activity 6.3: Pivot 236 -- Review Questions 237 -- Chapter 7 Exploiting Network Vulnerabilities 243 -- Identifying Exploits 247 -- Conducting Network Exploits 247 -- VLAN Hopping 247 -- DNS Cache Poisoning 249 -- On-Path Attacks 251 -- NAC Bypass 254 -- DoS Attacks and Stress Testing 255 -- Exploit Chaining 257 -- Exploiting Windows Services 257 -- NetBIOS Name Resolution Exploits 257 -- SMB Exploits 261 -- Identifying and Exploiting Common Services 261 -- Identifying and Attacking Service Targets 262 -- SNMP Exploits 263 -- SMTP Exploits 264 -- FTP Exploits 265 -- Kerberoasting 266 -- Samba Exploits 267 -- Password Attacks 268 -- Stress Testing for Availability 269 -- Wireless Exploits 269 -- Attack Methods 269 -- Finding Targets 270 -- Attacking Captive Portals 270 -- Eavesdropping, Evil Twins, and Wireless On-Path Attacks 271 -- Other Wireless Protocols and Systems 275 -- RFID Cloning 276 -- Jamming 277 -- Repeating 277 -- Summary 278 -- Exam Essentials 279 -- Lab Exercises 279 -- Activity 7.1: Capturing Hashes 279 -- Activity 7.2: Brute-Forcing -- Services 280 -- Activity 7.3: Wireless Testing 281 -- Review Questions 282 -- Chapter 8 Exploiting Physical and Social Vulnerabilities 287 -- Physical Facility Penetration Testing 290 -- Entering Facilities 290 -- Information Gathering 294 -- Social Engineering 294 -- In-Person Social Engineering 295 -- Phishing Attacks 297 -- Website-Based -- Attacks 298 -- Using Social Engineering Tools 298 -- Summary 302 -- Exam Essentials 303 -- Lab Exercises 303 -- Activity 8.1: Designing a Physical Penetration Test 303 -- Activity 8.2: Brute-Forcing Services 304 -- Activity 8.3: Using BeEF 305 -- Review Questions 306 -- Chapter 9 Exploiting Application Vulnerabilities 311 -- Exploiting Injection Vulnerabilities 314 -- Input Validation 314 -- Web Application Firewalls 315 -- SQL Injection Attacks 316 -- Code Injection Attacks 319 -- Command Injection Attacks 319 -- LDAP Injection Attacks 320 -- Exploiting Authentication Vulnerabilities 320 -- Password Authentication 321 -- Session Attacks 322 -- Kerberos Exploits 326 -- Exploiting Authorization Vulnerabilities 327 -- Insecure Direct Object References 327 -- Directory Traversal 328 -- File Inclusion 330 -- Privilege Escalation 331 -- Exploiting Web Application Vulnerabilities 331 -- Cross-Site Scripting (XSS) 331 -- Request Forgery 334 -- Clickjacking 335 -- Unsecure Coding Practices 335 -- Source Code Comments 335 -- Error Handling 336 -- Hard-Coded Credentials 336 -- Race Conditions 337 -- Unprotected APIs 337 -- Unsigned Code 338 -- Steganography 340 -- Application Testing Tools 341 -- Static Application Security | |
| 505 | 0 | |a Testing (SAST) 341 -- Dynamic Application Security Testing (DAST) 342 -- Mobile Tools 346 -- Summary 346 -- Exam Essentials 347 -- Lab Exercises 347 -- Activity 9.1: Application Security Testing Techniques 347 -- Activity 9.2: Using the ZAP Proxy 348 -- Activity 9.3: Creating a Cross-Site Scripting Vulnerability 348 -- Review Questions 349 -- Chapter 10 Attacking Hosts, Cloud Technologies, and Specialized Systems 355 -- Attacking Hosts 360 -- Linux 361 -- Windows 365 -- Cross-Platform Exploits 367 -- Credential Attacks and Testing Tools 368 -- Credential Acquisition 368 -- Offline Password Cracking 369 -- Credential Testing and Brute-Forcing Tools 371 -- Wordlists and Dictionaries 371 -- Remote Access 372 -- SSH 372 -- NETCAT and Ncat 373 -- Metasploit and Remote Access 373 -- Proxies and Proxychains 374 -- Attacking Virtual Machines and Containers 374 -- Virtual Machine Attacks 375 -- Containerization Attacks 377 -- Attacking Cloud Technologies 379 -- Attacking Cloud Accounts 379 -- Attacking and Using Misconfigured Cloud Assets 380 -- Other Cloud Attacks 382 -- Tools for Cloud Technology Attacks 383 -- Attacking Mobile Devices 384 -- Attacking IoT, ICS, Embedded Systems, and SCADA Devices 389 -- Attacking Data Storage 392 -- Summary 393 -- Exam Essentials 395 -- Lab Exercises 396 -- Activity 10.1 ... | |
| 590 | |a O'Reilly |b O'Reilly Online Learning: Academic/Public Library Edition | ||
| 650 | 0 | |a Computer security |x Examinations |v Study guides. | |
| 650 | 0 | |a Penetration testing (Computer security) |x Examinations |v Study guides. | |
| 650 | 0 | |a Hackers |x Examinations |v Study guides. | |
| 650 | 0 | |a Computer networks |x Examinations |v Study guides. | |
| 650 | 6 | |a Sécurité informatique |x Examens |v Guides de l'étudiant. | |
| 650 | 6 | |a Tests d'intrusion |x Examens |v Guides de l'étudiant. | |
| 650 | 6 | |a Pirates informatiques |x Examens |v Guides de l'étudiant. | |
| 650 | 6 | |a Réseaux d'ordinateurs |x Examens |v Guides de l'étudiant. | |
| 650 | 7 | |a Computer networks |x Examinations. |2 fast |0 (OCoLC)fst00872313 | |
| 650 | 7 | |a Computer security |x Examinations. |2 fast |0 (OCoLC)fst00872489 | |
| 655 | 7 | |a Study guides. |2 fast |0 (OCoLC)fst01423888 | |
| 700 | 1 | |a Seidl, David, |c CISSP, |e author. | |
| 856 | 4 | 0 | |u https://learning.oreilly.com/library/view/~/9781119823810/?ar |z Texto completo (Requiere registro previo con correo institucional) |
| 938 | |a YBP Library Services |b YANK |n 302511686 | ||
| 938 | |a EBSCOhost |b EBSC |n 3059702 | ||
| 994 | |a 92 |b IZTAP | ||