CompTIA PenTest+ Certification For Dummies

CompTIA PenTest+ Certification For Dummies
Автор книги: id книги: 1880288     Оценка: 0.0     Голосов: 0     Отзывы, комментарии: 0 2549,91 руб.     (25,6$) Читать книгу Купить и скачать книгу Купить бумажную книгу Электронная книга Жанр: Зарубежная компьютерная литература Правообладатель и/или издательство: John Wiley & Sons Limited Дата добавления в каталог КнигаЛит: ISBN: 9781119633587 Скачать фрагмент в формате   fb2   fb2.zip Возрастное ограничение: 0+ Оглавление Отрывок из книги

Реклама. ООО «ЛитРес», ИНН: 7719571260.

Описание книги

Prepare for the CompTIA PenTest+ certification  CompTIA's PenTest+ Certification is an essential certification to building a successful penetration testing career. Test takers must pass an 85-question exam to be certified, and this book—plus the online test bank—will help you reach your certification goal. C ompTIA PenTest+ Certification For Dummies includes a map to the exam’s objectives and helps you get up to speed on planning and scoping, information gathering and vulnerability identification, attacks and exploits, penetration testing tools and reporting, and communication skills. Pass the PenTest+ Certification exam and grow as a Pen Testing professional Learn to demonstrate hands-on ability to Pen Test Practice with hundreds of study questions in a free online test bank Find test-taking advice and a review of the types of questions you'll see on the exam Get ready to acquire all the knowledge you need to pass the PenTest+ exam and start your career in this growing field in cybersecurity!

Оглавление

Glen E. Clarke. CompTIA PenTest+ Certification For Dummies

CompTIA® PenTest+® Certification For Dummies® To view this book's Cheat Sheet, simply go to www.dummies.com and search for “CompTIA PenTest+ Certification For Dummies Cheat Sheet” in the Search box. Table of Contents

List of Tables

List of Illustrations

Guide

Pages

Introduction

About This Book

Conventions Used in This Book

Foolish Assumptions

How This Book Is Organized

Pre-assessment

Part 1: Planning and Information Gathering

Part 2: Exploiting Systems

Part 3: Post-Exploitation and Reporting

Appendixes

Practice exam

Icons Used in This Book

Beyond the Book

Where to Go from Here

Pre-Assessment

Questions

Answers

Planning and Information Gathering

Introduction to Penetration Testing

Penetration Testing Overview

Reasons for a pentest

Who should perform a pentest

Internal staff

External third party

Qualified pentesters

How often a pentest should be performed

Regular schedule

After major changes

Other considerations

Defining Penetration Testing Terminology

Types of assessments

Pentest strategies

Threat actors and threat models

Capabilities and intent

Threat actor

Adversary tier

Threat modeling

Looking at CompTIA’s Penetration Testing Phases

Planning and scoping

Information gathering and vulnerability identification

Information gathering

Vulnerability identification

Attacks and exploits

Reporting and communication

Reviewing Key Concepts

Prep Test

Answers

Planning and Scoping

Understanding Key Legal Concepts

Written authorization

Contracts

Disclaimers

Scoping the Project

General questions

Web application testing questions

Wireless network testing questions

Physical security testing questions

Social engineering testing questions

Testing questions for IT staff

Identifying the Rules of Engagement

Target audience and reason for the pentest

Communication escalation path

Resources and requirements

Confidentiality of findings

Known versus unknown

Support for the pentester

Budget

Impact analysis and remediation timelines

Defining Targets for the Pentest

Internal and external targets

First-party versus third-party hosted

Other targets

Target considerations

Verifying Acceptance to Risk

Scheduling the Pentest and Managing Scope Creep

Scheduling

Scope creep

Conducting Compliance-based Assessments

Reviewing Key Concepts

Prep Test

Answers

Information Gathering

Looking at Information-Gathering Tools and Techniques

Passive information gathering

OPEN-SOURCE INTELLIGENCE (OSINT) GATHERING

Browsing Internet resources

Using Google hacking

Referencing online cybersecurity sources

Passive information-gathering tools

WHOIS

THEHARVESTER

SHODAN

MALTEGO

RECON-NG

CENSYS

FOCA

Active information gathering

nslookup

dig

Understanding Scanning and Enumeration

Passive scanning

Packet inspection

Eavesdropping

Active scanning

Ping sweep (-sP)

Full connect scan (-sT)

Port selection (-p)

SYN scan (-sS)

Service identification (-sV)

OS fingerprinting (-O)

Disabling ping (-Pn)

Target input file (-iL)

Timing (-T)

Output parameters

Packet crafting

Other scanning considerations

Enumeration

Lab Exercises

Exercise 3-1: Conduct a Whois Search

Exercise 3-2: Use theHarvester to collect email addresses

Exercise 3-3: Use Shodan to discover systems on the Internet

Exercise 3-4: Use recon-ng for OSINT information gathering

Exercise 3-5: Use dig for DNS profiling

Exercise 3-6: Use Nmap to port scan

Reviewing Key Concepts

Prep Test

Answers

Vulnerability Identification

Understanding Vulnerabilities

Types of vulnerability scans

Credentialed versus non-credentialed scans

CONTAINER SECURITY AND VIRTUALIZATION

Application scans

Vulnerability scan considerations

Timing of the scans

Protocols used

Network topology

Bandwidth limitations

Query throttling

Fragile systems/non-traditional assets

Performing a Vulnerability Scan

Installing Nessus

Running Nessus

Using other vulnerability scanners

Nikto

Sqlmap

Analyzing Vulnerability Results

Mapping vulnerabilities to exploits

Understanding the CVSS base score

Exploitability metrics

ACCESS VECTOR (AV)

ATTACK COMPLEXITY (AC)

AUTHENTICATION (AU)

Impact metrics

CONFIDENTIALITY (C)

INTEGRITY (I)

AVAILABILITY (A)

Prioritizing activities

Severity level

Vulnerability exposure

Criticality of the system

Statement of work

Considerations for analyzing scan results

Asset categorization

Adjudication

Prioritization of vulnerabilities

Common themes

Types of Weaknesses in Specialized Systems

Lab Exercises

Exercise 4-1: Download and install Nessus

Exercise 4-2: Perform a vulnerability scan

Exercise 4-3: Perform a web application vulnerability scan with Nessus

Reviewing Key Concepts

Prep Test

Answers

Attacks and Exploits

Exploiting Systems

Exploiting Systems with Metasploit

Starting Metasploit

Searching for an exploit

Using an exploit

Running the exploit

Setting the payload

Using msfvenom

Phase 1: Create the malicious program

Phase 2: Set up a listener on your system

Phase 3: Trick users into running the program

Understanding Social Engineering

Phishing

Shoulder surfing

USB key drop

Other forms of social engineering

Motivation techniques

Using SET to perform an attack

Phase 1: Set up the cloned site

Phase 2: Trick the victim into visiting the fake site

Phase 3: Check the harvester file for passwords

Using BeEF to perform an attack

Phase 1: Start BeEF

Phase 2: Create the malicious site

Phase 3: Attack client systems

Looking at Attacks on Physical Security

Types of physical security controls

Exploiting physical security

Piggybacking/tailgating

Dumpster diving

Badge cloning

Fence jumping

Attacks on locks

Common Attack Techniques

Password cracking

Dictionary attacks

Credential brute forcing

Hybrid

Rainbow tables

Using exploits

Exploit database

Proof-of-concept development (exploit development)

Cross-compiling code

Exploit modification

Exploit chaining

Deception

Exploiting Network-Based Vulnerabilities

Common network-based exploits

Man-in-the-middle (MiTM) attacks

ARP spoofing

Capture, replay, and relay

SSL stripping and downgrade

Using SETH to perform a MiTM attack

Other common attacks

DNS cache poisoning

Pass the hash

DoS/stress test

NAC bypass

VLAN hopping

Exploiting Local Host Vulnerabilities

Operating system vulnerabilities

Unsecure service and protocol configurations

Privilege escalation

Linux-specific

Windows-specific

Exploitable services

Unsecure file/folder permissions

Keylogger

Scheduled tasks

Kernel exploits

Default account settings

Sandbox escape

Physical device security

Lab Exercises

Exercise 5-1: Exploit an SMB service with Metasploit

Exercise 5-2: Use the Meterpreter exploit payload

Exercise 5-3: Conduct a MiTM attack with SETH

Exercise 5-4: Use SET for credential harvesting

Phase 1: Set up the cloned site

Phase 2: Trick the victim into visiting the fake site

Phase 3: Check the harvester file for passwords

Exercise 5-5: Use BeEF to exploit a web browser

Phase 1: Start BeEF

Phase 2: Create the malicious site

Phase 3: Attack client systems

Reviewing Key Concepts

Prep Test

Answers

Exploiting Wireless Vulnerabilities

Understanding Wireless Terminology

Wireless concepts

Wireless agencies

Wireless LAN frequencies

Wireless equipment and configuration

Wireless network card

Wireless access point

The SSID

Wireless clients

Types of wireless networks

Ad hoc mode

Infrastructure mode

Introducing Wireless Standards

802.11a

802.11b

802.11g

802.11n

802.11ac

Looking at Wireless Configuration and Troubleshooting

Reviewing the Basic Service Set

Designing a multi-access point WLAN

Troubleshooting wireless networks

Implementing Wireless Security Practices

General security practices

Change the SSID

Disable SSID broadcasting

Restrict by MAC

Enable encryption

Use certificate-based security

Encryption protocols

WEP

WPA

WPA2

Exploiting Wireless Vulnerabilities

Looking at 802.11 wireless vulnerabilities

Evil twin, karma attack, and downgrade attack

Deauthentication attacks

Fragmentation attacks

Credential harvesting

Looking at RF-based vulnerabilities

Cracking WEP encryption

Stage 1: Verify wireless NIC

Stage 2: Discover networks with Airodump-ng

Stage 3: Capture traffic with Airodump-ng

Stage 4: Associate with access point and replay traffic

Stage 5: Crack the WEP key

Cracking WPS implementation weakness

Cracking WPA/WPA2 encryption keys

Stage 1: Verify wireless NIC

Stage 2: Discover networks with Airodump-ng

Stage 3: Perform deauthentication attack

Stage 4: Crack the WPA/WPA2 key

Using Wifite to hack wireless networks

Exploiting Bluetooth devices

Stage 1: View your Bluetooth adapter

Stage 2: Retrieve data using Bluesnarfer

Lab Exercises

Exercise 6-1: Crack WEP encryption

Exercise 6-2: Crack the WPS pin

Exercise 6-3: Crack the WPA/WPA2 encryption key

Exercise 6-4: Test Bluetooth devices

Reviewing Key Concepts

Prep Test

Answers

Exploiting Application-Based Vulnerabilities

Looking at Common Application-Based Attacks

Injection attacks

SQL

HTML

Command

Code

Authentication

Credential brute-forcing

Session hijacking

Redirect

Default credentials

Weak credentials

Kerberos exploits

Authorization

Parameter pollution

Insecure direct object reference

XSS and CSRF/XSRF

Cross-site scripting (XSS)

STORED/PERSISTENT

REFLECTED

DOM

Cross-site request forgery (CSRF/XSRF)

CSRF/XSRF URL

PREVENTING CSRF/XSRF

Understanding Application Security Vulnerabilities

Clickjacking

Security misconfiguration

Directory traversal

Cookie manipulation

File inclusion

Identifying Unsecure Coding Practices

Comments in source code

Lack of error handling

Overly verbose error handling

Hard-coded credentials

Race conditions

Unauthorized use of functions/unprotected APIs

Hidden elements/sensitive information in the DOM

Lack of code signing

Secure Coding Best Practices

Validation

Sanitization

Escaping

Parameterized queries

Lab Exercises

Exercise 7-1: Perform a CSRF attack

Exercise 7-2: Perform a SQL injection

Exercise 7-3: Perform a command injection attack

Exercise 7-4: Perform a reflected XSS attack

Exercise 7-5: Perform a persistent XSS attack

Exercise 7-6: Reset the DVWA

Reviewing Key Concepts

Prep Test

Answers

Post-Exploitation and Reporting

Understanding Post-Exploitation Actions

Common Post-Exploitation Tasks

Understanding the context

Collecting information

Obtaining a shell

Retrieving password hashes

Disabling the antivirus software

Migrating to a different process

Taking screenshots

Taking remote control

Capturing keystrokes

Enabling the webcam

Performing Lateral Movement

PS remoting/WinRM

Using PsExec

Using PsExec with pass the hash

Using RDP

Using RPC/DCOM

Using remote services

WORKING WITH METERPRETER SESSIONS

Other techniques for lateral movement

Maintaining Access (Persistence)

New user creation

Planting backdoors and trojans

Other techniques for maintaining access

Covering Your Tracks

Lab Exercises

Exercise 8-1: Exploit a system and collect information

Exercise 8-2: Record keystrokes

Exercise 8-3: Obtain password hashes

Exercise 8-4: Move laterally

Exercise 8-5: Create a backdoor account

Exercise 8-6: Cover your tracks

Reviewing Key Concepts

Prep Test

Answers

Common Penetration Testing Tools

Understanding Use Cases for Common Pentest Tools

Reconnaissance

Enumeration

Vulnerability scanning

Credential attacks

Persistence

Configuration compliance

Evasion

Decompilation and debugging

Forensics

Software assurance

Looking at Common Pentest Tools

Scanners

Nmap

Nikto and w3af

Nessus

OpenVAS

SQLmap

Credential testing tools

Hashcat

Medusa and Hydra

CeWL

John the Ripper

Cain and Abel

Mimikatz

patator and DirBuster

Debuggers

Software assurance

Open-source intelligence (OSINT)

Wireless

Aircrack-ng

Kismet

Wifite

Web proxies

OWASP ZAP

Burp Suite

Social engineering tools

SET

BeEF

Remote access tools

Networking tools

Wireshark

hping3

Mobile tools

Miscellaneous tools

Analyzing Tool Output

Password cracking

Pass the hash

Setting up a bind shell

Getting a reverse shell

Proxying a connection

Uploading a web shell

Create the reverse shell PHP web page

Create the listener on a pentest system

Injections

Lab Exercises

Exercise 9-1: Crack passwords with John the Ripper

Exercise 9-2: Locate web servers

Exercise 9-3: Scan web applications for vulnerabilities

Exercise 9-4: Use Hydra for password cracking over RDP

Exercise 9-5: Use Hydra to crack website credentials

Exercise 9-6: Use CeWL to create a wordlist

Exercise 9-7: Use Netcat/Ncat to create a bind shell

Reviewing Key Concepts

Prep Test

Answers

Analyzing Script Functionality

Reviewing Scripting Concepts

Variables and arrays

Looping and flow control

If statements

APPLICATION LOGIC

Loops

Comparisons

Common operations

Encoding/decoding

Input and output

String operations and substitutions

Error handling

Using Bash Scripting

Variables and arrays

Working with variables

Using arrays

Looping and flow control

If statements

For loop

While loop

Executing the script

Error handling

Input and output

Understanding Python Scripting

Variables and arrays

Working with variables

Using arrays

Looping and flow control

If statements

For loop

While loop

Executing the script

Error handling

Input and output

Working with Ruby Scripting

Variables and arrays

Working with variables

Using arrays

Looping and flow control

If statements

Do loops

For loop

Executing the script

Error handling

Input and output

Coding in PowerShell Scripting

Variables and arrays

Working with variables

Using arrays

Looping and flow control

If statements

Do loops

For next loop

Executing the script

Error handling

Input and output

Lab Exercises

Exercise 10-1: Review Bash script

Exercise 10-2: Review Python script

Exercise 10-3: Review PowerShell script

Reviewing Key Concepts

Prep Test

Answers

Reporting and Communication

Communicating During a PenTest

Communication triggers

Critical findings

Stages

Indicators of prior compromise

Reasons for communication

Findings and Remediations

Shared local administrator credentials

Weak password complexity

Plain text passwords

No multifactor authentication

SQL injection

Unnecessary open services

Focusing Your Remediation Strategies

Writing and Handling the Pentest Report

Normalization of data

Risk appetite

Report structure

Title page and table of contents

Executive summary

Methodology

Findings and remediation

Conclusion

Secure handling and disposition of reports

Format

Storage time

Delivering the Report and Post-Report Activities

Post-engagement cleanup

Client acceptance

Administrative tasks

Follow-up actions and retesting

Attestation of findings

Lessons learned

Lab Exercises

Exercise 11-1: Create a pentest report

Exercise 11-2: Encrypt the pentest report

Reviewing Key Concepts

Prep Test

Answers

Appendixes

PenTest+ Exam Details

CompTIA PenTest+ Certification and Why You Need It

Checking Out the Exam and Its Objectives

Using This Book to Prepare for the Exam

Making Arrangements to Take the Exam

The Day the Earth Stood Still: Exam Day

Arriving at the exam location

Taking the exam

How does CompTIA set the pass level?

CompTIA PenTest+ Exam Reference Matrix

2018 PenTest+ Exam Objectives — PT0-001

Lab Setup

Setting Up the Virtual Machines

Obtaining the Software Needed

VMware Workstation

Windows Server 2012/2016/2019

Windows 7

Kali Linux

Metasploitable2

Index. Numbers

A

B

C

D

E

F

G

H

I

J

K

L

M

N

O

P

Q

R

S

T

U

V

W

X

Y

Z

About the Author

Dedication

Author’s Acknowledgments

WILEY END USER LICENSE AGREEMENT

Отрывок из книги

The CompTIA PenTest+ certification is a fast-growing cybersecurity certification that security professionals attain to prove their security and penetration testing knowledge. The CompTIA PenTest+ certification is a well-recognized certification that not only tests your knowledge on the common tools used to perform a penetration test, but also it tests your knowledge on the process to follow when performing a penetration test.

CompTIA PenTest+ Certification For Dummies is designed to be a hands-on, practical guide to help you pass the CompTIA PenTest+ certification exam. This book is written in a way that helps you understand complex technical content and prepares you to apply that knowledge to real-world scenarios.

.....

(D) hashdump

14. What language was used to write the following code?

.....

Добавление нового отзыва

Комментарий Поле, отмеченное звёздочкой  — обязательно к заполнению

Отзывы и комментарии читателей

Нет рецензий. Будьте первым, кто напишет рецензию на книгу CompTIA PenTest+ Certification For Dummies
Подняться наверх