CompTIA Pentest+ Certification For Dummies

CompTIA Pentest+ Certification For Dummies
Автор книги: id книги: 2273264     Оценка: 0.0     Голосов: 0     Отзывы, комментарии: 0 3624,13 руб.     (36,38$) Читать книгу Купить и скачать книгу Электронная книга Жанр: Учебная литература Правообладатель и/или издательство: John Wiley & Sons Limited Дата добавления в каталог КнигаЛит: ISBN: 9781119867296 Скачать фрагмент в формате   fb2   fb2.zip Возрастное ограничение: 0+ Оглавление Отрывок из книги

Реклама. ООО «ЛитРес», ИНН: 7719571260.

Описание книги

Advance your existing career, or build a new one, with the PenTest+ certification Looking for some hands-on help achieving one of the tech industry's leading new certifications? Complete with an online test bank to help you prep for the exam, CompTIA PenTest+ Certification For Dummies, 2nd Edition guides you through every competency tested by the exam. Whether you're a seasoned security pro looking to looking to add a new cert to your skillset, or you're an early-career cybersecurity professional seeking to move forward, you'll find the practical, study-centered guidance you need to succeed on the certification exam. In this book and online, you'll get: A thorough introduction to the planning and information gathering phase of penetration testing, including scoping and vulnerability identification Comprehensive examinations of system exploits, vulnerabilities in wireless networks, and app-based intrusions In-depth descriptions of the PenTest+ exam and an Exam Reference Matrix to help you get more familiar with the structure of the test Three practice tests online with questions covering every competency on the exam Perfect for cybersecurity pros looking to add an essential new certification to their repertoire, CompTIA PenTest+ Certification For Dummies, 2nd Edition is also a great resource for those looking for a way to cement and build on fundamental pentesting skills.

Оглавление

Glen E. Clarke. CompTIA Pentest+ Certification For Dummies

CompTIA® Pentest+® Certification For Dummies® Table of Contents

List of Tables

List of Illustrations

Guide

Pages

Introduction

About This Book

Conventions Used in This Book

Foolish Assumptions

How This Book Is Organized

Pre-assessment

Part 1: Planning and Information Gathering

Part 2: Attacks and Exploits

Part 3: Post-Exploitation and Reporting

Appendixes

Practice exam

Icons Used in This Book

Beyond the Book

Where to Go from Here

Pre-Assessment

Questions

Answers

Planning and Information Gathering

Introduction to Penetration Testing

Penetration Testing Overview

Reasons for a pentest

Who should perform a pentest

Internal staff

External third party

Qualified pentesters

How often a pentest should be performed

Regular schedule

After major changes

Other considerations

Defining Penetration Testing Terminology

Types of assessments

Pentest strategy

Threat actors and threat models

Capabilities and intent

Threat actor

Adversary tier

Threat modeling

Looking at CompTIA’s Penetration Testing Phases

Planning and scoping

Information gathering and vulnerability identification

Information gathering

Vulnerability identification

Attacks and exploits

Reporting and communication

Identifying Testing Standards and Methodologies

MITRE ATT&CK

Open Web Application Security Project (OWASP)

OWASP Top 10 (2017)

OWASP Top 10 (2021)

National Institute of Standards and Technology (NIST)

OSSTMM, PTES, and ISSAF

Reviewing Key Concepts

Prep Test

Answers

Planning and Scoping

Understanding Key Legal Concepts

Written authorization

Contracts and agreements

Disclaimers

Scoping the Project

Target list/in-scope assets

General questions

Web application testing questions

Wireless network testing questions

Physical security testing questions

Social engineering testing questions

Testing questions for IT staff

Identifying the Rules of Engagement (RoE)

Environmental considerations

Target audience and reason for the pentest

Communication escalation path

Resources and requirements

Confidentiality of findings

Known versus unknown

Support for the pentester

Budget

Impact analysis and remediation timelines

Defining Targets for the Pentest

Internal and external targets

First-party versus third-party hosted

Other targets

Target considerations

Verifying Acceptance to Risk

Scheduling the Pentest and Managing Scope Creep

Scheduling

Scope creep

Conducting Compliance-based Assessments

Considerations with compliance-based assessments

Restrictions with compliance-based assessments

Validate scope of engagement

Maintaining professionalism and integrity

Risks to the professional

Reviewing Key Concepts

Prep Test

Answers

Information Gathering

Looking at Information-Gathering Tools and Techniques

Passive information gathering/passive reconnaissance

Website reconnaissance

OPEN-SOURCE INTELLIGENCE (OSINT) GATHERING

Social media scraping

Using Google hacking

Referencing online cybersecurity sources

Types of data

Cryptographic flaws

Passive information-gathering tools

WHOIS

theHarvester

SHODAN

MALTEGO

RECON-NG

CENSYS

FOCA

DNS LOOKUPS/PROFILING

nslookup

dig

Active information gathering/active reconnaissance

Understanding Scanning and Enumeration

Passive scanning

Packet inspection

Eavesdropping

Active scanning

Ping sweep (-sP or -sn)

Full connect scan (-sT)

Port selection (-p)

SYN scan (-sS)

Service identification (-sV)

OS fingerprinting (-O)

UDP scan (-sU)

Disabling ping (-Pn)

Target input file (-iL)

Timing (-T)

Miscellaneous options (-A)

Output parameters

Packet crafting

Other scanning considerations

Enumeration

Analyze the results of a reconnaissance exercise

Detection Methods and Tokens

Defense detection

Security tokens

Lab Exercises

Exercise 3-1: Conduct a Whois Search

Exercise 3-2: Use theHarvester to collect email addresses

Exercise 3-3: Use Shodan to discover systems on the Internet

Exercise 3-4: Use recon-ng for OSINT information gathering

Exercise 3-5: Use dig for DNS profiling

Exercise 3-6: Use Nmap to port scan

Reviewing Key Concepts

Prep Test

Answers

Vulnerability Identification

Understanding Vulnerabilities

Types of vulnerability scans

Credentialed versus non-credentialed scans

Application scans

Vulnerability scan considerations

Timing of the scans

Protocols used

Network topology

Bandwidth limitations

Query throttling

Fragile systems/non-traditional assets

Performing a Vulnerability Scan

Installing Nessus

Running Nessus

Using other vulnerability scanners

Nikto

SQLmap

Analyzing Vulnerability Results

Mapping vulnerabilities to exploits

Understanding the CVSS base score

Exploitability metrics

ACCESS VECTOR (AV)

ATTACK COMPLEXITY (AC)

AUTHENTICATION (AU)

Impact metrics

CONFIDENTIALITY (C)

INTEGRITY (I)

AVAILABILITY (A)

Prioritizing activities

Severity level

Vulnerability exposure

Criticality of the system

Statement of work

Considerations for analyzing scan results

Asset categorization

Adjudication

Prioritization of vulnerabilities

Common themes

Attacks and Weaknesses in Specialized Systems

Mobile devices

Attacks

Vulnerabilities

Tools

Cloud technologies

Attacks

Tools

Internet of things (IoT) devices

Special considerations

Vulnerabilities

Data storage system vulnerabilities

Underlying software vulnerabilities

Management interface vulnerabilities

Vulnerabilities related to SCADA, IIoT, and ICS

Vulnerabilities related to virtual environments and containers

Lab Exercises

Exercise 4-1: Download and install Nessus

Exercise 4-2: Perform a vulnerability scan

Exercise 4-3: Perform a web application vulnerability scan with Nessus

Reviewing Key Concepts

Prep Test

Answers

Attacks and Exploits

Exploiting Systems

Exploiting Systems with Metasploit

Starting Metasploit

Searching for an exploit

Using an exploit

Running the exploit

Setting the payload

Using msfvenom

Phase 1: Create the malicious program

Phase 2: Set up a listener on your system

Phase 3: Trick users into running the program

Using exploit resources

Understanding Social Engineering

Email phishing

USB key drop

Other forms of social engineering

Methods of influence

Using SET to perform an attack

Phase 1: Set up the cloned site

Phase 2: Trick the victim into visiting the fake site

Phase 3: Check the harvester file for passwords

Using BeEF to perform an attack

Phase 1: Start BeEF

Phase 2: Create the malicious site

Phase 3: Attack client systems

Call spoofing tools

Pretexting

Looking at Attacks on Physical Security

Types of physical security controls

Exploiting physical security

Piggybacking/tailgating

Dumpster diving

Shoulder surfing

Badge cloning

Fence jumping

Attacks on locks

Common Attack Techniques

Password cracking

Dictionary attacks

Credential brute forcing

Hybrid

Rainbow tables

Password spraying

Hash cracking

Using exploits

Exploit database

Proof-of-concept development (exploit development)

Cross-compiling code

Exploit modification

Exploit chaining

Deception

Exploiting Network-Based Vulnerabilities

Common tools used for network-based attacks

Common network-based exploits

Man-in-the-middle (MiTM) attacks

ARP poisoning

Capture, replay, and relay

SSL stripping and downgrade

Using SETH to perform a MiTM attack

Other common attacks

DNS cache poisoning

Pass the hash

DoS/stress testing

NAC bypass

VLAN hopping

MAC spoofing

Exploiting Local-Host Vulnerabilities

Operating system vulnerabilities

Unsecure service and protocol configurations

Privilege escalation

Linux-specific

Windows-specific

Exploitable services

Unsecure file/folder permissions

Keylogger

Scheduled tasks

Kernel exploits

Default account settings

Sandbox escape

Physical device security

Lab Exercises

Exercise 5-1: Exploit an SMB service with Metasploit

Exercise 5-2: Use the meterpreter exploit payload

Exercise 5-3: Conduct a MiTM attack with SETH

Exercise 5-4: Use SET for credential harvesting

Phase 1: Set up the cloned site

Phase 2: Trick the victim into visiting the fake site

Phase 3: Check the harvester file for passwords

Exercise 5-5: Use BeEF to exploit a web browser

Phase 1: Start BeEF

Phase 2: Create the malicious site

Phase 3: Attack client systems

Reviewing Key Concepts

Prep Test

Answers

Exploiting Wireless Vulnerabilities

Understanding Wireless Terminology

Wireless concepts

Wireless agencies

Wireless LAN frequencies

Wireless equipment and configuration

Wireless network card

Wireless access point

The SSID

Wireless clients

Types of wireless networks

Ad hoc mode

Infrastructure mode

Introducing Wireless Standards

802.11a

802.11b

802.11g

802.11n

802.11ac

Looking at Wireless Configuration and Troubleshooting

Reviewing the Basic Service Set

Designing a multi-access point WLAN

Troubleshooting wireless networks

Implementing Wireless Security Practices

General security practices

Change the SSID

Disable SSID broadcasting

Restrict by MAC

Enable encryption

Use certificate-based security

Encryption protocols

WEP

WPA

WPA2

WPA3

Exploiting Wireless Vulnerabilities

Understanding attack methods and tools

Looking at 802.11 wireless vulnerabilities

Evil twin, karma attack, and downgrade attack

Captive portal

Deauthentication attacks

Fragmentation attacks

Credential harvesting

Looking at RF-based vulnerabilities

Cracking WEP encryption

Stage 1: Verify wireless NIC

Stage 2: Discover networks with Airodump-ng

Stage 3: Capture traffic with Airodump-ng

Stage 4: Associate with access point and replay traffic

Stage 5: Crack the WEP key

WPS pin attack

Cracking WPA/WPA2 encryption keys

Stage 1: Verify wireless NIC

Stage 2: Discover networks with Airodump-ng

Stage 3: Perform deauthentication attack

Stage 4: Crack the WPA/WPA2 key

Using Wifite to hack wireless networks

Exploiting Bluetooth devices

Stage 1: View your Bluetooth adapter

Stage 2: Retrieve data using Bluesnarfer

Lab Exercises

Exercise 6-1: Crack WEP encryption

Exercise 6-2: Crack the WPS pin

Exercise 6-3: Crack the WPA/WPA2 encryption key

Exercise 6-4: Test Bluetooth devices

Reviewing Key Concepts

Prep Test

Answers

Exploiting Application-Based Vulnerabilities

Looking at Common Application-Based Attacks

Injection attacks

SQL injection attack

TYPES OF SQL INJECTION ATTACKS

PROTECTING AGAINST SQL INJECTION ATTACKS

HTML injection attack

Command injection attack

Code injection attack

LDAP injection and XML injection attacks

Authentication attacks

Credential brute-forcing

Session attacks and session hijacking

Redirect

Default credentials

Weak credentials

Kerberos exploits

Authorization attacks

Parameter pollution

Insecure direct object reference

XSS and CSRF/XSRF attacks

Cross-site scripting (XSS)

STORED/PERSISTENT

REFLECTED

DOM

Cross-site request forgery (CSRF/XSRF)

CSRF/XSRF URL

PREVENTING CSRF/XSRF

Server-side request forgery (SSRF)

Understanding Application Security Vulnerabilities

Clickjacking

Security misconfiguration

Directory traversal

Cookie manipulation

File inclusion

Privilege escalation

Session replay and session fixation

Common Coding Mistakes

Business logic flaws

Comments in source code

Lack of error handling

Overly verbose error handling

Hard-coded credentials

Race conditions

Unauthorized use of functions/unprotected APIs

Hidden elements/sensitive information in the DOM

Insecure data transmission

Lack of code signing

Secure Coding Best Practices

Validation

Sanitization

Escaping

Parameterized queries

Common Tools and Resources

Common tools

Common resources

Lab Exercises

Exercise 7-1: Perform a CSRF attack

Exercise 7-2: Perform a SQL injection

Exercise 7-3: Perform a command injection attack

Exercise 7-4: Perform a reflected XSS attack

Exercise 7-5: Perform a persistent XSS attack

Exercise 7-6: Reset the DVWA

Reviewing Key Concepts

Prep Test

Answers

Post-Exploitation and Reporting

Understanding Post-Exploitation Actions

Common Post-Exploitation Tasks

Understanding the context

Collecting information

Obtaining a shell

Retrieving password hashes

Disabling the antivirus software

Migrating to a different process

Privilege escalation and restrictive shells

Taking screenshots

Taking remote control

Capturing keystrokes

Enabling the webcam

Network segmentation testing

Performing Lateral Movement

PS remoting/WinRM

Using PsExec

Using PsExec with pass the hash

Using RDP

Using RPC/DCOM

Using remote services

WORKING WITH METERPRETER SESSIONS

Other techniques for lateral movement

Maintaining Access (Persistence)

New user creation

Planting backdoors and trojans

Other techniques for maintaining access

Detection avoidance

Covering Your Tracks

Lab Exercises

Exercise 8-1: Exploit a system and collect information

Exercise 8-2: Record keystrokes

Exercise 8-3: Obtain password hashes

Exercise 8-4: Move laterally

Exercise 8-5: Create a backdoor account

Exercise 8-6: Cover your tracks

Reviewing Key Concepts

Prep Test

Answers

Common Penetration Testing Tools

Understanding Use Cases for Common Pentest Tools

Reconnaissance

Enumeration

Vulnerability scanning

Credential attacks

Persistence

Configuration compliance

Evasion

Decompilation and debugging

Forensics

Software assurance

Looking at Common Pentest Tools

Scanners

Nmap

Nikto and w3af

Nessus

OpenVAS

SQLmap

Open Security Content Automation Protocol (OSCAP)

Wapiti

WPScan

Brakeman

Scout Suite

Credential testing tools

Hashcat

Medusa and Hydra

CeWL

John the Ripper

Cain and Abel

Mimikatz

Patator and DirBuster

Debuggers

Software-assurance tools

Open-source intelligence (OSINT) tools

Wireless tools

Aircrack-ng suite

Kismet

Wifite

Wifite2

Other wireless tools

Web application tools/web proxies

OWASP ZAP

Burp Suite

Gobuster

Social engineering tools

SET

BeEF

Remote access tools

Networking tools

Wireshark

hping3

Mobile tools

Steganography tools

Steghide

Other steganography tools

Cloud tools

Miscellaneous tools

Analyzing Tool Output

Password cracking

Pass the hash

Setting up a bind shell

Getting a reverse shell

Proxying a connection

Uploading a web shell

Create the reverse shell PHP web page

Create the listener on a pentest system

Injections

Lab Exercises

Exercise 9-1: Crack passwords with John the Ripper

Exercise 9-2: Locate web servers

Exercise 9-3: Scan web applications for vulnerabilities

Exercise 9-4: Use Hydra for password cracking over RDP

Exercise 9-5: Use Hydra to crack website credentials

Exercise 9-6: Use CeWL to create a wordlist

Exercise 9-7: Use Netcat/Ncat to create a bind shell

Exercise 9-8: Using Responder and John the Ripper to capture and crack password hashes

Reviewing Key Concepts

Prep Test

Answers

Analyzing Script Functionality

Reviewing Scripting Concepts

Variables and arrays

Looping and flow control

If statements

APPLICATION LOGIC

Loops

Comparisons

Understanding operators

Data structures

Parts of software and scripts

Common operations

Encoding/decoding

Input and output

String operations and substitutions

Error handling

Using Bash Scripting

Variables and arrays

Working with variables

Using arrays

Looping and flow control

If statements

For loop

While loop

Executing the script

Error handling

Input and output

Understanding Python Scripting

Variables and arrays

Working with variables

Using arrays

Looping and flow control

If statements

For loop

While loop

Executing the script

Error handling

Input and output

Working with Ruby Scripting

Variables and arrays

Working with variables

Using arrays

Looping and flow control

If statements

Do loops

For loop

Executing the script

Error handling

Input and output

Coding in PowerShell Scripting

Variables and arrays

Working with variables

Using arrays

Looping and flow control

If statements

Do loops

For next loop

Executing the script

Error handling

Input and output

Code Examples and Automation

Analyze exploit code

Performing a ping sweep

Performing a port scan

Download files

Launch remote access

USING SOCKETS

USING WinRM

Enumerate users

Enumerate assets

Opportunities for automation

Lab Exercises

Exercise 10-1: Review Bash script

Exercise 10-2: Review Python script

Exercise 10-3: Review PowerShell script

Reviewing Key Concepts

Prep Test

Answers

Reporting and Communication

Communicating During a PenTest

Understanding communication paths

Communication triggers

Critical findings

Status reports

Indicators of prior compromise

Reasons for communication

Goal reprioritization and presentation of findings

Findings and Remediations

Shared local administrator credentials

Weak password complexity

Plain text passwords

No multifactor authentication

SQL injection

Unnecessary open services

Focusing Your Remediation Strategies

Recommending the Appropriate Remediation Strategy

Common technical controls

Common administrative controls

Common operational controls

Common physical controls

Writing and Handling the Pentest Report

Common themes/root causes

Notetaking and normalization of data

Risk appetite

Report audience

Report structure

Title page and table of contents

Executive summary

Scope details

Methodology

Findings and remediation

BUSINESS IMPACT ANALYSIS

Conclusion

Appendix

Secure handling and distribution of reports

Format

Storage time

Secure distribution

Delivering the Report and Post-Report Activities

Post-engagement cleanup

Client acceptance

Administrative tasks

Follow-up actions and retesting

Attestation of findings

Lessons learned

Data destruction process

Lab Exercises

Exercise 11-1: Create a pentest report

Exercise 11-2: Encrypt the pentest report

Reviewing Key Concepts

Prep Test

Answers

Appendixes

PenTest+ Exam Details

CompTIA PenTest+ Certification and Why You Need It

Checking Out the Exam and Its Objectives

Using This Book to Prepare for the Exam

Steps to Prepare for the Exam

Making Arrangements to Take the Exam

The Day the Earth Stood Still: Exam Day

Arriving at the exam location

Testing online (from home or work)

Taking the exam

How does CompTIA set the pass level?

CompTIA PenTest+ Exam Reference Matrix

2021 PenTest+ Exam Objectives — PTO-002

Lab Setup

Setting Up the Virtual Machines

Obtaining the Software Needed

VMware Workstation

Windows Server 2012/2016/2019

Windows 7

Kali Linux

Metasploitable2

Index. A

B

C

D

E

F

G

H

I

J

K

L

M

N

O

P

Q

R

S

T

U

V

W

X

Y

About the Author

Dedication

Author’s Acknowledgments

WILEY END USER LICENSE AGREEMENT

Отрывок из книги

The CompTIA PenTest+ certification is a fast-growing cybersecurity certification that security professionals attain to prove their security and penetration testing knowledge. The CompTIA PenTest+ certification is a well-recognized certification that not only tests your knowledge on the common tools used to perform a penetration test, but also it tests your knowledge on the process to follow when performing a penetration test.

CompTIA PenTest+ Certification For Dummies is designed to be a hands-on, practical guide to help you pass the CompTIA PenTest+ certification exam. This book is written in a way that helps you understand complex technical content and prepares you to apply that knowledge to real-world scenarios.

.....

(B) Continue the pentest and add evidence to the report

(C) Patch the system and continue the pentest

.....

Добавление нового отзыва

Комментарий Поле, отмеченное звёздочкой  — обязательно к заполнению

Отзывы и комментарии читателей

Нет рецензий. Будьте первым, кто напишет рецензию на книгу CompTIA Pentest+ Certification For Dummies
Подняться наверх