Cargando…
CompTIA PenTest+ study guide : exam PT0-002 /
Prepare for success on the new PenTest+ certification exam and an exciting career in penetration testing In the revamped Second Edition of CompTIA PenTest+ Study Guide: Exam PT0-002, veteran information security experts Dr. Mike Chapple and David Seidl deliver a comprehensive roadmap to the foundati...
| Clasificación: | Libro Electrónico |
|---|---|
| Autores principales: | , |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Hoboken, New Jersey :
John Wiley & Sons, Inc.,
2021.
|
| Edición: | Second edition. |
| Temas: | |
| Acceso en línea: | Texto completo (Requiere registro previo con correo institucional) |
Tabla de Contenidos:
- Introduction xxv
- Assessment Test xxxix
- Chapter 1 Penetration Testing 1
- What Is Penetration Testing? 2
- Cybersecurity Goals 2
- Adopting the Hacker Mindset 4
- Ethical Hacking 5
- Reasons for Penetration Testing 5
- Benefits of Penetration Testing 6
- Regulatory Requirements for Penetration Testing 7
- Who Performs Penetration Tests? 8
- Internal Penetration Testing Teams 8
- External Penetration Testing Teams 9
- Selecting Penetration Testing Teams 10
- The CompTIA Penetration Testing Process 10
- Planning and Scoping 11
- Information Gathering and Vulnerability Scanning 11
- Attacks and Exploits 12
- Reporting and Communication 13
- Tools and Code Analysis 13
- The Cyber Kill Chain 14
- Reconnaissance 15
- Weaponization 16
- Delivery 16
- Exploitation 16
- Installation 16
- Command and Control 16
- Actions on Objectives 17
- Tools of the Trade 17
- Reconnaissance 20
- Vulnerability Scanners 21
- Social Engineering 21
- Credential Testing Tools 22
- Debuggers and Software Testing Tools 22
- Network Testing 23
- Remote Access 23
- Exploitation 24
- Steganography 24
- Cloud Tools 25
- Summary 25
- Exam Essentials 25
- Lab Exercises 26
- Activity 1.1: Adopting the Hacker Mindset 26
- Activity 1.2: Using the Cyber Kill Chain 26
- Review Questions 27
- Chapter 2 Planning and Scoping Penetration Tests 31
- Scoping and Planning Engagements 34
- Assessment Types 35
- Known Environments and Unknown Environments 35
- The Rules of Engagement 37
- Scoping Considerations—A Deeper Dive 39
- Support Resources for Penetration Tests 42
- Penetration Testing Standards and Methodologies 44
- Key Legal Concepts for Penetration Tests 46
- Contracts 46
- Data Ownership and Retention 47
- Permission to Attack (Authorization) 47
- Environmental Differences and Location Restrictions 48
- Regulatory Compliance Considerations 49
- Summary 51
- Exam Essentials 52
- Lab Exercises 53
- Review Questions 54
- Chapter 3 Information Gathering 59
- Footprinting and Enumeration 63
- OSINT 64
- Location and Organizational Data 65
- Infrastructure and Networks 68
- Security Search Engines 74
- Google Dorks and Search Engine Techniques 77
- Password Dumps and Other Breach Data 77
- Source Code Repositories 78
- Passive Enumeration and Cloud Services 78
- Active Reconnaissance and Enumeration 78
- Hosts 79
- Services 79
- Networks, Topologies, and Network Traffic 85
- Packet Crafting and Inspection 88
- Enumeration 90
- Information Gathering and Code 97
- Avoiding Detection 99
- Information Gathering and Defenses 99
- Defenses Against Active Reconnaissance 100
- Preventing Passive Information Gathering 100
- Summary 100
- Exam Essentials 101
- Lab Exercises 102
- Activity 3.1: Manual OSINT Gathering 102
- Activity 3.2: Exploring Shodan 102
- Activity 3.3: Running an Nmap Scan 103
- Review Questions 104
- Chapter 4 Vulnerability Scanning 109
- Identifying Vulnerability Management Requirements 112
- Regulatory Environment 112
- Corporate Policy 116
- Support for Penetration Testing 116
- Identifying Scan Targets 117
- Determining Scan Frequency 118
- Active vs. Passive Scanning 120
- Configuring and Executing Vulnerability Scans 121
- Scoping Vulnerability Scans 121
- Configuring Vulnerability Scans 122
- Scanner Maintenance 129
- Software Security Testing 131
- Analyzing and Testing Code 131
- Web Application Vulnerability Scanning 133
- Developing a Remediation Workflow 138
- Prioritizing Remediation 140
- Testing and Implementing Fixes 141
- Overcoming Barriers to Vulnerability Scanning 141
- Summary 143
- Exam Essentials 143
- Lab Exercises 144
- Activity 4.1: Installing a Vulnerability Scanner 144
- Activity 4.2: Running a Vulnerability Scan 145
- Activity 4.3: Developing a Penetration Test Vulnerability Scanning Plan 145
- Review Questions 146
- Chapter 5 Analyzing Vulnerability Scans 151
- Reviewing and Interpreting Scan Reports 152
- Understanding CVSS 156
- Validating Scan Results 162
- False Positives 162
- Documented Exceptions 162
- Understanding Informational Results 163
- Reconciling Scan Results with Other Data Sources 164
- Trend Analysis 164
- Common Vulnerabilities 165
- Server and Endpoint Vulnerabilities 166
- Network Vulnerabilities 175
- Virtualization Vulnerabilities 181
- Internet of Things (IoT) 183
- Web Application Vulnerabilities 184
- Summary 186
- Exam Essentials 187
- Lab Exercises 188
- Activity 5.1: Interpreting a Vulnerability Scan 188
- Activity 5.2: Analyzing a CVSS Vector 188
- Activity 5.3: Developing a Penetration Testing Plan 189
- Review Questions 190
- Chapter 6 Exploiting and Pivoting 195
- Exploits and Attacks 198
- Choosing Targets 198
- Enumeration 199
- Identifying the Right Exploit 201
- Exploit Resources 204
- Exploitation Toolkits 206
- Metasploit 206
- PowerSploit 212
- BloodHound 213
- Exploit Specifics 213
- RPC/DCOM 213
- PsExec 214
- PS Remoting/WinRM 214
- WMI 214
- Fileless Malware and Living Off the Land 215
- Scheduled Tasks and cron Jobs 216
- SMB 217
- DNS 219
- RDP 220
- Apple Remote Desktop 220
- VNC 220
- SSH 220
- Network Segmentation Testing and Exploits 221
- Leaked Keys 222
- Leveraging Exploits 222
- Common Post-Exploit Attacks 222
- Cross Compiling 225
- Privilege Escalation 226
- Social Engineering 226
- Escaping and Upgrading Limited Shells 227
- Persistence and Evasion 228
- Scheduled Jobs and Scheduled Tasks 228
- Inetd Modification 228
- Daemons and Services 229
- Backdoors and Trojans 229
- Data Exfiltration and Covert Channels 230
- New Users 230
- Pivoting 231
- Covering Your Tracks 232
- Summary 233
- Exam Essentials 234
- Lab Exercises 235
- Activity 6.1: Exploit 235
- Activity 6.2: Discovery 235
- Activity 6.3: Pivot 236
- Review Questions 237
- Chapter 7 Exploiting Network Vulnerabilities 243
- Identifying Exploits 247
- Conducting Network Exploits 247
- VLAN Hopping 247
- DNS Cache Poisoning 249
- On-Path Attacks 251
- NAC Bypass 254
- DoS Attacks and Stress Testing 255
- Exploit Chaining 257
- Exploiting Windows Services 257
- NetBIOS Name Resolution Exploits 257
- SMB Exploits 261
- Identifying and Exploiting Common Services 261
- Identifying and Attacking Service Targets 262
- SNMP Exploits 263
- SMTP Exploits 264
- FTP Exploits 265
- Kerberoasting 266
- Samba Exploits 267
- Password Attacks 268
- Stress Testing for Availability 269
- Wireless Exploits 269
- Attack Methods 269
- Finding Targets 270
- Attacking Captive Portals 270
- Eavesdropping, Evil Twins, and Wireless On-Path Attacks 271
- Other Wireless Protocols and Systems 275
- RFID Cloning 276
- Jamming 277
- Repeating 277
- Summary 278
- Exam Essentials 279
- Lab Exercises 279
- Activity 7.1: Capturing Hashes 279
- Activity 7.2: Brute-Forcing
- Services 280
- Activity 7.3: Wireless Testing 281
- Review Questions 282
- Chapter 8 Exploiting Physical and Social Vulnerabilities 287
- Physical Facility Penetration Testing 290
- Entering Facilities 290
- Information Gathering 294
- Social Engineering 294
- In-Person Social Engineering 295
- Phishing Attacks 297
- Website-Based
- Attacks 298
- Using Social Engineering Tools 298
- Summary 302
- Exam Essentials 303
- Lab Exercises 303
- Activity 8.1: Designing a Physical Penetration Test 303
- Activity 8.2: Brute-Forcing Services 304
- Activity 8.3: Using BeEF 305
- Review Questions 306
- Chapter 9 Exploiting Application Vulnerabilities 311
- Exploiting Injection Vulnerabilities 314
- Input Validation 314
- Web Application Firewalls 315
- SQL Injection Attacks 316
- Code Injection Attacks 319
- Command Injection Attacks 319
- LDAP Injection Attacks 320
- Exploiting Authentication Vulnerabilities 320
- Password Authentication 321
- Session Attacks 322
- Kerberos Exploits 326
- Exploiting Authorization Vulnerabilities 327
- Insecure Direct Object References 327
- Directory Traversal 328
- File Inclusion 330
- Privilege Escalation 331
- Exploiting Web Application Vulnerabilities 331
- Cross-Site Scripting (XSS) 331
- Request Forgery 334
- Clickjacking 335
- Unsecure Coding Practices 335
- Source Code Comments 335
- Error Handling 336
- Hard-Coded Credentials 336
- Race Conditions 337
- Unprotected APIs 337
- Unsigned Code 338
- Steganography 340
- Application Testing Tools 341
- Static Application Security
- Testing (SAST) 341
- Dynamic Application Security Testing (DAST) 342
- Mobile Tools 346
- Summary 346
- Exam Essentials 347
- Lab Exercises 347
- Activity 9.1: Application Security Testing Techniques 347
- Activity 9.2: Using the ZAP Proxy 348
- Activity 9.3: Creating a Cross-Site Scripting Vulnerability 348
- Review Questions 349
- Chapter 10 Attacking Hosts, Cloud Technologies, and Specialized Systems 355
- Attacking Hosts 360
- Linux 361
- Windows 365
- Cross-Platform Exploits 367
- Credential Attacks and Testing Tools 368
- Credential Acquisition 368
- Offline Password Cracking 369
- Credential Testing and Brute-Forcing Tools 371
- Wordlists and Dictionaries 371
- Remote Access 372
- SSH 372
- NETCAT and Ncat 373
- Metasploit and Remote Access 373
- Proxies and Proxychains 374
- Attacking Virtual Machines and Containers 374
- Virtual Machine Attacks 375
- Containerization Attacks 377
- Attacking Cloud Technologies 379
- Attacking Cloud Accounts 379
- Attacking and Using Misconfigured Cloud Assets 380
- Other Cloud Attacks 382
- Tools for Cloud Technology Attacks 383
- Attacking Mobile Devices 384
- Attacking IoT, ICS, Embedded Systems, and SCADA Devices 389
- Attacking Data Storage 392
- Summary 393
- Exam Essentials 395
- Lab Exercises 396
- Activity 10.1 ...