CompTIA PenTest+ Study Guide

CompTIA PenTest+ Study Guide

Exam PT0-002
2. Aufl.

von: Mike Chapple, David Seidl

38,99 €

Verlag: Wiley
Format: EPUB
Veröffentl.: 05.10.2021
ISBN/EAN: 9781119823827
Sprache: englisch
Anzahl Seiten: 576

DRM-geschütztes eBook, Sie benötigen z.B. Adobe Digital Editions und eine Adobe ID zum Lesen.


<p><b>Prepare for success on the new PenTest+ certification exam and an exciting career in penetration testing </b></p> <p>In the revamped Second Edition of <i>CompTIA PenTest+ Study Guide: Exam PT0-002</i>, veteran information security experts Dr. Mike Chapple and David Seidl deliver a comprehensive roadmap to the foundational and advanced skills every pentester (penetration tester) needs to secure their CompTIA PenTest+ certification, ace their next interview, and succeed in an exciting new career in a growing field. </p> <p>You’ll learn to perform security assessments of traditional servers, desktop and mobile operating systems, cloud installations, Internet-of-Things devices, and industrial or embedded systems. You’ll plan and scope a penetration testing engagement including vulnerability scanning, understand legal and regulatory compliance requirements, analyze test results, and produce a written report with remediation techniques. </p> <p>This book will: </p> <ul> <li>Prepare you for success on the newly introduced CompTIA PenTest+ PT0-002 Exam </li> <li>Multiply your career opportunities with a certification that complies with ISO 17024 standards and meets Department of Defense Directive 8140/8570.01-M requirements </li> <li>Allow access to the Sybex online learning center, with chapter review questions, full-length practice exams, hundreds of electronic flashcards, and a glossary of key terms </li> </ul> <p>Perfect for anyone preparing for the updated CompTIA PenTest+ certification exam, <i>CompTIA PenTest+ Study Guide: Exam PT0-002 </i>is also a must-read resource for aspiring penetration testers and IT security professionals seeking to expand and improve their skillset. </p>
<p>Introduction xxv</p> <p>Assessment Test xxxix</p> <p><b>Chapter 1 Penetration Testing 1</b></p> <p>What Is Penetration Testing? 2</p> <p>Cybersecurity Goals 2</p> <p>Adopting the Hacker Mindset 4</p> <p>Ethical Hacking 5</p> <p>Reasons for Penetration Testing 5</p> <p>Benefits of Penetration Testing 6</p> <p>Regulatory Requirements for Penetration Testing 7</p> <p>Who Performs Penetration Tests? 8</p> <p>Internal Penetration Testing Teams 8</p> <p>External Penetration Testing Teams 9</p> <p>Selecting Penetration Testing Teams 10</p> <p>The CompTIA Penetration Testing Process 10</p> <p>Planning and Scoping 11</p> <p>Information Gathering and Vulnerability Scanning 11</p> <p>Attacks and Exploits 12</p> <p>Reporting and Communication 13</p> <p>Tools and Code Analysis 13</p> <p>The Cyber Kill Chain 14</p> <p>Reconnaissance 15</p> <p>Weaponization 16</p> <p>Delivery 16</p> <p>Exploitation 16</p> <p>Installation 16</p> <p>Command and Control 16</p> <p>Actions on Objectives 17</p> <p>Tools of the Trade 17</p> <p>Reconnaissance 20</p> <p>Vulnerability Scanners 21</p> <p>Social Engineering 21</p> <p>Credential Testing Tools 22</p> <p>Debuggers and Software Testing Tools 22</p> <p>Network Testing 23</p> <p>Remote Access 23</p> <p>Exploitation 24</p> <p>Steganography 24</p> <p>Cloud Tools 25</p> <p>Summary 25</p> <p>Exam Essentials 25</p> <p>Lab Exercises 26</p> <p>Activity 1.1: Adopting the Hacker Mindset 26</p> <p>Activity 1.2: Using the Cyber Kill Chain 26</p> <p>Review Questions 27</p> <p><b>Chapter 2 Planning and Scoping Penetration Tests 31</b></p> <p>Scoping and Planning Engagements 34</p> <p>Assessment Types 35</p> <p>Known Environments and Unknown Environments 35</p> <p>The Rules of Engagement 37</p> <p>Scoping Considerations—A Deeper Dive 39</p> <p>Support Resources for Penetration Tests 42</p> <p>Penetration Testing Standards and Methodologies 44</p> <p>Key Legal Concepts for Penetration Tests 46</p> <p>Contracts 46</p> <p>Data Ownership and Retention 47</p> <p>Permission to Attack (Authorization) 47</p> <p>Environmental Differences and Location Restrictions 48</p> <p>Regulatory Compliance Considerations 49</p> <p>Summary 51</p> <p>Exam Essentials 52</p> <p>Lab Exercises 53</p> <p>Review Questions 54</p> <p><b>Chapter 3 Information Gathering 59</b></p> <p>Footprinting and Enumeration 63</p> <p>OSINT 64</p> <p>Location and Organizational Data 65</p> <p>Infrastructure and Networks 68</p> <p>Security Search Engines 74</p> <p>Google Dorks and Search Engine Techniques 77</p> <p>Password Dumps and Other Breach Data 77</p> <p>Source Code Repositories 78</p> <p>Passive Enumeration and Cloud Services 78</p> <p>Active Reconnaissance and Enumeration 78</p> <p>Hosts 79</p> <p>Services 79</p> <p>Networks, Topologies, and Network Traffic 85</p> <p>Packet Crafting and Inspection 88</p> <p>Enumeration 90</p> <p>Information Gathering and Code 97</p> <p>Avoiding Detection 99</p> <p>Information Gathering and Defenses 99</p> <p>Defenses Against Active Reconnaissance 100</p> <p>Preventing Passive Information Gathering 100</p> <p>Summary 100</p> <p>Exam Essentials 101</p> <p>Lab Exercises 102</p> <p>Activity 3.1: Manual OSINT Gathering 102</p> <p>Activity 3.2: Exploring Shodan 102</p> <p>Activity 3.3: Running an Nmap Scan 103</p> <p>Review Questions 104</p> <p><b>Chapter 4 Vulnerability Scanning 109</b></p> <p>Identifying Vulnerability Management Requirements 112</p> <p>Regulatory Environment 112</p> <p>Corporate Policy 116</p> <p>Support for Penetration Testing 116</p> <p>Identifying Scan Targets 117</p> <p>Determining Scan Frequency 118</p> <p>Active vs. Passive Scanning 120</p> <p>Configuring and Executing Vulnerability Scans 121</p> <p>Scoping Vulnerability Scans 121</p> <p>Configuring Vulnerability Scans 122</p> <p>Scanner Maintenance 129</p> <p>Software Security Testing 131</p> <p>Analyzing and Testing Code 131</p> <p>Web Application Vulnerability Scanning 133</p> <p>Developing a Remediation Workflow 138</p> <p>Prioritizing Remediation 140</p> <p>Testing and Implementing Fixes 141</p> <p>Overcoming Barriers to Vulnerability Scanning 141</p> <p>Summary 143</p> <p>Exam Essentials 143</p> <p>Lab Exercises 144</p> <p>Activity 4.1: Installing a Vulnerability Scanner 144</p> <p>Activity 4.2: Running a Vulnerability Scan 145</p> <p>Activity 4.3: Developing a Penetration Test Vulnerability Scanning Plan 145</p> <p>Review Questions 146</p> <p><b>Chapter 5 Analyzing Vulnerability Scans 151</b></p> <p>Reviewing and Interpreting Scan Reports 152</p> <p>Understanding CVSS 156</p> <p>Validating Scan Results 162</p> <p>False Positives 162</p> <p>Documented Exceptions 162</p> <p>Understanding Informational Results 163</p> <p>Reconciling Scan Results with Other Data Sources 164</p> <p>Trend Analysis 164</p> <p>Common Vulnerabilities 165</p> <p>Server and Endpoint Vulnerabilities 166</p> <p>Network Vulnerabilities 175</p> <p>Virtualization Vulnerabilities 181</p> <p>Internet of Things (IoT) 183</p> <p>Web Application Vulnerabilities 184</p> <p>Summary 186</p> <p>Exam Essentials 187</p> <p>Lab Exercises 188</p> <p>Activity 5.1: Interpreting a Vulnerability Scan 188</p> <p>Activity 5.2: Analyzing a CVSS Vector 188</p> <p>Activity 5.3: Developing a Penetration Testing Plan 189</p> <p>Review Questions 190</p> <p><b>Chapter 6 Exploiting and Pivoting 195</b></p> <p>Exploits and Attacks 198</p> <p>Choosing Targets 198</p> <p>Enumeration 199</p> <p>Identifying the Right Exploit 201</p> <p>Exploit Resources 204</p> <p>Exploitation Toolkits 206</p> <p>Metasploit 206</p> <p>PowerSploit 212</p> <p>BloodHound 213</p> <p>Exploit Specifics 213</p> <p>RPC/DCOM 213</p> <p>PsExec 214</p> <p>PS Remoting/WinRM 214</p> <p>WMI 214</p> <p>Fileless Malware and Living Off the Land 215</p> <p>Scheduled Tasks and cron Jobs 216</p> <p>SMB 217</p> <p>DNS 219</p> <p>RDP 220</p> <p>Apple Remote Desktop 220</p> <p>VNC 220</p> <p>SSH 220</p> <p>Network Segmentation Testing and Exploits 221</p> <p>Leaked Keys 222</p> <p>Leveraging Exploits 222</p> <p>Common Post-Exploit Attacks 222</p> <p>Cross Compiling 225</p> <p>Privilege Escalation 226</p> <p>Social Engineering 226</p> <p>Escaping and Upgrading Limited Shells 227</p> <p>Persistence and Evasion 228</p> <p>Scheduled Jobs and Scheduled Tasks 228</p> <p>Inetd Modification 228</p> <p>Daemons and Services 229</p> <p>Backdoors and Trojans 229</p> <p>Data Exfiltration and Covert Channels 230</p> <p>New Users 230</p> <p>Pivoting 231</p> <p>Covering Your Tracks 232</p> <p>Summary 233</p> <p>Exam Essentials 234</p> <p>Lab Exercises 235</p> <p>Activity 6.1: Exploit 235</p> <p>Activity 6.2: Discovery 235</p> <p>Activity 6.3: Pivot 236</p> <p>Review Questions 237</p> <p><b>Chapter 7 Exploiting Network Vulnerabilities 243</b></p> <p>Identifying Exploits 247</p> <p>Conducting Network Exploits 247</p> <p>VLAN Hopping 247</p> <p>DNS Cache Poisoning 249</p> <p>On-Path Attacks 251</p> <p>NAC Bypass 254</p> <p>DoS Attacks and Stress Testing 255</p> <p>Exploit Chaining 257</p> <p>Exploiting Windows Services 257</p> <p>NetBIOS Name Resolution Exploits 257</p> <p>SMB Exploits 261</p> <p>Identifying and Exploiting Common Services 261</p> <p>Identifying and Attacking Service Targets 262</p> <p>SNMP Exploits 263</p> <p>SMTP Exploits 264</p> <p>FTP Exploits 265</p> <p>Kerberoasting 266</p> <p>Samba Exploits 267</p> <p>Password Attacks 268</p> <p>Stress Testing for Availability 269</p> <p>Wireless Exploits 269</p> <p>Attack Methods 269</p> <p>Finding Targets 270</p> <p>Attacking Captive Portals 270</p> <p>Eavesdropping, Evil Twins, and Wireless On-Path Attacks 271</p> <p>Other Wireless Protocols and Systems 275</p> <p>RFID Cloning 276</p> <p>Jamming 277</p> <p>Repeating 277</p> <p>Summary 278</p> <p>Exam Essentials 279</p> <p>Lab Exercises 279</p> <p>Activity 7.1: Capturing Hashes 279</p> <p>Activity 7.2: Brute-Forcing</p> <p>Services 280</p> <p>Activity 7.3: Wireless Testing 281</p> <p>Review Questions 282</p> <p><b>Chapter 8 Exploiting Physical and Social Vulnerabilities 287</b></p> <p>Physical Facility Penetration Testing 290</p> <p>Entering Facilities 290</p> <p>Information Gathering 294</p> <p>Social Engineering 294</p> <p>In-Person Social Engineering 295</p> <p>Phishing Attacks 297</p> <p>Website-Based</p> <p>Attacks 298</p> <p>Using Social Engineering Tools 298</p> <p>Summary 302</p> <p>Exam Essentials 303</p> <p>Lab Exercises 303</p> <p>Activity 8.1: Designing a Physical Penetration Test 303</p> <p>Activity 8.2: Brute-Forcing Services 304</p> <p>Activity 8.3: Using BeEF 305</p> <p>Review Questions 306</p> <p><b>Chapter 9 Exploiting Application Vulnerabilities 311</b></p> <p>Exploiting Injection Vulnerabilities 314</p> <p>Input Validation 314</p> <p>Web Application Firewalls 315</p> <p>SQL Injection Attacks 316</p> <p>Code Injection Attacks 319</p> <p>Command Injection Attacks 319</p> <p>LDAP Injection Attacks 320</p> <p>Exploiting Authentication Vulnerabilities 320</p> <p>Password Authentication 321</p> <p>Session Attacks 322</p> <p>Kerberos Exploits 326</p> <p>Exploiting Authorization Vulnerabilities 327</p> <p>Insecure Direct Object References 327</p> <p>Directory Traversal 328</p> <p>File Inclusion 330</p> <p>Privilege Escalation 331</p> <p>Exploiting Web Application Vulnerabilities 331</p> <p>Cross-Site Scripting (XSS) 331</p> <p>Request Forgery 334</p> <p>Clickjacking 335</p> <p>Unsecure Coding Practices 335</p> <p>Source Code Comments 335</p> <p>Error Handling 336</p> <p>Hard-Coded Credentials 336</p> <p>Race Conditions 337</p> <p>Unprotected APIs 337</p> <p>Unsigned Code 338</p> <p>Steganography 340</p> <p>Application Testing Tools 341</p> <p>Static Application Security Testing (SAST) 341</p> <p>Dynamic Application Security Testing (DAST) 342</p> <p>Mobile Tools 346</p> <p>Summary 346</p> <p>Exam Essentials 347</p> <p>Lab Exercises 347</p> <p>Activity 9.1: Application Security Testing Techniques 347</p> <p>Activity 9.2: Using the ZAP Proxy 348</p> <p>Activity 9.3: Creating a Cross-Site Scripting Vulnerability 348</p> <p>Review Questions 349</p> <p><b>Chapter 10 Attacking Hosts, Cloud Technologies, and Specialized Systems 355</b></p> <p>Attacking Hosts 360</p> <p>Linux 361</p> <p>Windows 365</p> <p>Cross-Platform Exploits 367</p> <p>Credential Attacks and Testing Tools 368</p> <p>Credential Acquisition 368</p> <p>Offline Password Cracking 369</p> <p>Credential Testing and Brute-Forcing Tools 371</p> <p>Wordlists and Dictionaries 371</p> <p>Remote Access 372</p> <p>SSH 372</p> <p>NETCAT and Ncat 373</p> <p>Metasploit and Remote Access 373</p> <p>Proxies and Proxychains 374</p> <p>Attacking Virtual Machines and Containers 374</p> <p>Virtual Machine Attacks 375</p> <p>Containerization Attacks 377</p> <p>Attacking Cloud Technologies 379</p> <p>Attacking Cloud Accounts 379</p> <p>Attacking and Using Misconfigured Cloud Assets 380</p> <p>Other Cloud Attacks 382</p> <p>Tools for Cloud Technology Attacks 383</p> <p>Attacking Mobile Devices 384</p> <p>Attacking IoT, ICS, Embedded Systems, and SCADA Devices 389</p> <p>Attacking Data Storage 392</p> <p>Summary 393</p> <p>Exam Essentials 395</p> <p>Lab Exercises 396</p> <p>Activity 10.1: Dumping and Cracking the Windows SAM and Other Credentials 396</p> <p>Activity 10.2: Cracking Passwords Using Hashcat 397</p> <p>Activity 10.3: Setting Up a Reverse Shell and a Bind Shell 398</p> <p>Review Questions 400</p> <p><b>Chapter 11 Reporting and Communication 405</b></p> <p>The Importance of Communication 409</p> <p>Defining a Communication Path 409</p> <p>Communication Triggers 410</p> <p>Goal Reprioritization 410</p> <p>Recommending Mitigation Strategies 411</p> <p>Finding: Shared Local Administrator Credentials 412</p> <p>Finding: Weak Password Complexity 413</p> <p>Finding: Plaintext Passwords 414</p> <p>Finding: No Multifactor Authentication 414</p> <p>Finding: SQL Injection 416</p> <p>Finding: Unnecessary Open Services 416</p> <p>Writing a Penetration Testing Report 416</p> <p>Structuring the Written Report 417</p> <p>Secure Handling and Disposition of Reports 420</p> <p>Wrapping Up the Engagement 421</p> <p>Post-Engagement Cleanup 421</p> <p>Client Acceptance 421</p> <p>Lessons Learned 421</p> <p>Follow-Up</p> <p>Actions/Retesting 422</p> <p>Attestation of Findings 422</p> <p>Retention and Destruction of Data 422</p> <p>Summary 423</p> <p>Exam Essentials 423</p> <p>Lab Exercises 424</p> <p>Activity 11.1: Remediation Strategies 424</p> <p>Activity 11.2: Report Writing 424</p> <p>Review Questions 425</p> <p><b>Chapter 12 Scripting for Penetration Testing 429</b></p> <p>Scripting and Penetration Testing 431</p> <p>Bash 432</p> <p>PowerShell 433</p> <p>Ruby 434</p> <p>Python 435                                                                             </p> <p>Perl 435</p> <p>JavaScript 436</p> <p>Variables, Arrays, and Substitutions 438</p> <p>Bash 439</p> <p>PowerShell 440</p> <p>Ruby 441</p> <p>Python 441</p> <p>Perl 442</p> <p>JavaScript 442</p> <p>Comparison Operations 444</p> <p>String Operations 445</p> <p>Bash 446</p> <p>PowerShell 447</p> <p>Ruby 448</p> <p>Python 449</p> <p>Perl 450</p> <p>JavaScript 451</p> <p>Flow Control 452</p> <p>Conditional Execution 453</p> <p><i>for </i>Loops 458</p> <p><i>while </i>Loops 465</p> <p>Input and Output (I/O) 471</p> <p>Redirecting Standard Input and Output 471</p> <p>Comma-Separated</p> <p>Values (CSV) 472</p> <p>Error Handling 472</p> <p>Bash 472</p> <p>PowerShell 473</p> <p>Ruby 473</p> <p>Python 473</p> <p>Advanced Data Structures 474</p> <p>JavaScript Object Notation (JSON) 474</p> <p>Trees 475</p> <p>Reusing Code 475</p> <p>The Role of Coding in Penetration Testing 476</p> <p>Analyzing Exploit Code 476</p> <p>Automating Penetration Tests 477</p> <p>Summary 477</p> <p>Exam Essentials 477</p> <p>Lab Exercises 478</p> <p>Activity 12.1: Reverse DNS Lookups 478</p> <p>Activity 12.2: Nmap Scan 479</p> <p>Review Questions 480</p> <p><b>Appendix A Answers to Review Questions 485</b></p> <p>Chapter 1: Penetration Testing 486</p> <p>Chapter 2: Planning and Scoping Penetration Tests 487</p> <p>Chapter 3: Information Gathering 489</p> <p>Chapter 4: Vulnerability Scanning 491</p> <p>Chapter 5: Analyzing Vulnerability Scans 493</p> <p>Chapter 6: Exploiting and Pivoting 495</p> <p>Chapter 7: Exploiting Network Vulnerabilities 497</p> <p>Chapter 8: Exploiting Physical and Social Vulnerabilities 499</p> <p>Chapter 9: Exploiting Application Vulnerabilities 501</p> <p>Chapter 10: Attacking Hosts, Cloud Technologies, and Specialized Systems 503</p> <p>Chapter 11: Reporting and Communication 505</p> <p>Chapter 12: Scripting for Penetration Testing 506</p> <p><b>Appendix B Solution to Lab Exercise 509</b></p> <p>Solution to Activity 5.2: Analyzing a CVSS Vector 510</p> <p>Index 511</p>
<p><b>MIKE CHAPPLE, Security+, CySA+, CISSP,</b> is Teaching Professor of IT, Analytics, and Operations at the University of Notre Dame. He's a cybersecurity professional and educator with over 20 years of experience. Mike provides cybersecurity certification resources at his website,</p> <p><b>DAVID SEIDL, Security+, CySA+, CISSP, PenTest+,</b> is Vice President for Information Technology and CIO at Miami University. David co-led Notre Dame's move to the cloud, and has written multiple cybersecurity certification books.</p>
<p><b>Everything You Need to Succeed on the New CompTIA PenTest+ Certification Exam</b></p> <p>CompTIA’s PenTest+ is an intermediate-level cybersecurity certification that verifies you are fully prepared to engage in the full penetration testing process, from planning an engagement through reconnaissance, vulnerability detection, exploitation and reporting. This complete <i>CompTIA<sup>®</sup> PenTest+ Study Guide: Exam PT0-002, Second Edition</i> gets you ready for the exam with a comprehensive review of all objectives. It helps you identify what you already know, learn what you don’t, test your progress, and perfect your skills. Enhance your learning with access to the exclusive Sybex interactive online learning environment, including practice tests, electronic flashcards, and a searchable glossary of terms. It’s the faster, smarter way to prepare. <p><b>Coverage of the exam objectives in this Study Guide means you’ll be ready for:</b> <ul><li>Planning and Scoping Penetration Tests</li> <li>Information Gathering</li> <li>Vulnerability Scanning and Interpreting Results</li> <li>Exploiting Network Vulnerabilities</li> <li>Exploiting Physical and Social Vulnerabilities</li> <li>Exploiting Application and Host Vulnerabilities</li> <li>Scripting for Penetration Testing</li> <li>Reporting and Communication</li></ul> <p><b>ABOUT THE COMPTIA PENTEST+ CERTIFICATION</b> <p>The CompTIA PenTest+ certification verifies that successful candidates have the knowledge and skills required to plan and scope an assessment, understand legal and compliance requirements, perform vulnerability scanning and penetration testing, analyze data, and effectively report and communicate results.

Diese Produkte könnten Sie auch interessieren:

C für Dummies
C für Dummies
von: Dan Gookin
EPUB ebook
23,99 €