Muutke küpsiste eelistusi

E-raamat: CompTIA PenTest+ Certification All-in-One Exam Guide (Exam PT0-001)

4.09/5 (30 hinnangut Goodreads-ist)
  • Formaat: 656 pages
  • Ilmumisaeg: 14-Dec-2018
  • Kirjastus: McGraw-Hill Education
  • Keel: eng
  • ISBN-13: 9781260135954
Teised raamatud teemal:
  • Formaat - PDF+DRM
  • Hind: 56,16 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
CompTIA PenTest+ Certification All-in-One Exam Guide (Exam PT0-001)Suurem pilt
  • Formaat: 656 pages
  • Ilmumisaeg: 14-Dec-2018
  • Kirjastus: McGraw-Hill Education
  • Keel: eng
  • ISBN-13: 9781260135954
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

Publisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product.


This comprehensive exam guide offers 100% coverage of every topic on the CompTIA PenTest+ exam

Get complete coverage of all the objectives included on the CompTIA PenTest+ certification exam PT0-001 from this comprehensive resource. Written by an expert penetration tester, the book provides learning objectives at the beginning of each chapter, hands-on exercises, exam tips, and practice questions with in-depth answer explanations. Designed to help you pass the exam with ease, this definitive volume also serves as an essential on-the-job reference.

Covers all exam topics, including:

Pre-engagement activities

Getting to know your targets

Network scanning and enumeration

Vulnerability scanning and analysis

Mobile device and application testing

Social engineering

Network-based attacks

Wireless and RF attacks

Web and database attacks

Attacking local operating systems

Physical penetration testing

Writing the pen test report

And more

Online content includes:

Interactive performance-based questions 

Test engine that provides full-length practice exams and customized quizzes by chapter or by exam domain

Downloadable virtual machine files for use with some of the exercises in the book 

Penetration Testing Tools and References appendix


Acknowledgments xi
Introduction xiii
Objective Map: Exam PT0-001 xvi
Chapter 1 Pre-engagement Activities 1(22)
Target Audience
1(1)
Impact Analysis
2(1)
Scope and Methodology
3(9)
Types of Assessment
5(2)
Threat Modeling
7(3)
Target Selection
10(2)
Contractual Agreements
12(4)
Nondisclosure Agreement
14(1)
Master Service Agreement
14(1)
Statement of Work
14(2)
Chapter Review
16(7)
Questions
16(2)
Questions and Answers
18(5)
Chapter 2 Getting to Know Your Targets 23(22)
Footprinting and Reconnaissance
23(1)
Information Gathering
23(1)
Tools, Methods, and Frameworks
24(15)
Data Mining
24(5)
Specialized Search Engines
29(4)
DNS, Website, and Email Footprinting
33(6)
Metadata Analysis
39(1)
Chapter Review
39(6)
Questions
40(2)
Questions and Answers
42(3)
Chapter 3 Network Scanning and Enumeration 45(26)
802.11 Wireless Standards
45(4)
Wireless Spectrum Bands
46(1)
Wireless Modes and Terminology
46(3)
Wireless Testing Equipment
49(1)
Popular Antennas
50(1)
802.11 Network Discovery
50(4)
802.11 Frames
51(2)
Wireless Scanning
53(1)
Host Discovery
54(3)
Ping Scan
55(2)
Port Scanning
57(5)
Port Scanning Methods
57(1)
Common Ports and Protocols
58(1)
TCP Scan
59(1)
Half-Open Scan
60(1)
UDP Scan
61(1)
Enumeration
62(2)
Chapter Review
64(7)
Questions
64(2)
Questions and Answers
66(5)
Chapter 4 Vulnerability Scanning and Analysis 71(34)
Researching Vulnerabilities
71(5)
CVE
72(1)
CWE
73(1)
CAPEC
74(1)
ATT&CK
75(1)
Remote Security Scanning
76(9)
Credentialed vs. Noncredentialed Scanning
78(2)
Compliance and Configuration Auditing
80(1)
Nontraditional Assets
81(4)
Web and Database Scanning
85(13)
Open Web Application Security Project (OWASP)
85(1)
Fingerprinting Web and Database Servers
86(2)
Enumerating Information
88(1)
Authentication and Authorization Testing
89(7)
Data Validation Testing
96(1)
Vulnerability Mapping
97(1)
Chapter Review
98(7)
Questions
98(2)
Questions and Answers
100(5)
Chapter 5 Mobile Device and Application Testing 105(42)
Mobile Device Architecture
105(5)
iPhone Operating System
107(2)
Android Operating System
109(1)
Mobile Pentesting Fundamentals
110(3)
Static Analysis
111(1)
Dynamic and Runtime Analysis
112(1)
Network Analysis
112(1)
Server-Side Testing
113(1)
iOS Application Security Testing
113(10)
Setting Up an iOS Testing Environment
113(1)
Jailbreaking an iOS Device
113(2)
Connecting to the iOS Device
115(2)
iOS Functional Testing and Application Mapping
117(6)
Android Application Security Testing
123(7)
Setting Up an Android Testing Environment
123(1)
Rooting an Android Device
124(1)
Connecting to the Android Device
124(1)
Android Functional Testing and Application Mapping
125(5)
Software Assurance Testing
130(7)
Understanding Programming Logic
131(6)
Chapter Review
137(10)
Questions
138(3)
Questions and Answers
141(6)
Chapter 6 Social Engineering 147(16)
Motivation Techniques
147(1)
Social Engineering Attacks
148(1)
Phishing
149(6)
Email-Based
149(6)
Phone-Based
155(1)
Countermeasures
155(1)
Chapter Review
156(7)
Questions
157(1)
Questions and Answers
158(5)
Chapter 7 Network-Based Attacks 163(42)
Name Resolution Exploits
163(13)
DNS Spoofing and Cache Poisoning
165(4)
Attacking LLMNR and NetBIOS
169(7)
Stress Testing Applications and Protocols
176(3)
Denial of Service Attacks
176(2)
Executing DDoS Attacks
178(1)
Network Packet Manipulation
179(4)
Analyzing and Inspecting Packets
179(2)
Forge and Decode Packets
181(2)
Layer-2 Attacks
183(3)
Attacking the Spanning Tree Protocol
183(1)
VLAN Hopping
184(1)
Bypassing Network Access Controls
185(1)
Attacking Common Protocols
186(12)
Exploiting SNMPv1
186(2)
Poorly Configured File Sharing
188(9)
Abusing SMTP
197(1)
Chapter Review
198(7)
Questions
198(2)
Questions and Answers
200(5)
Chapter 8 Wireless and RF Attacks 205(28)
Wireless Encryption Standards
206(1)
Setting Up a Wireless Testing Lab
206(13)
Cracking WEP
206(6)
Wi-Fi Protected Access (WPA)
212(5)
Cracking WPS
217(2)
Wireless Attacks and Exploitation
219(6)
Man-in-the-Middle Attacks
220(2)
Attacking Bluetooth
222(3)
Chapter Review
225(8)
Questions
226(2)
Questions and Answers
228(5)
Chapter 9 Web and Database Attacks 233(38)
Server-Side Attacks
233(27)
Injection Attacks
233(12)
Attacking Authentication and Session Management
245(6)
Inclusion Attacks
251(2)
Exploiting Security Misconfigurations
253(7)
Client-Side Attacks
260(4)
HTML Injection
261(1)
Cross-Site Scripting
261(2)
Cross-Site Request Forgery
263(1)
Clickjacking
264(1)
Chapter Review
264(7)
Questions
265(2)
Questions and Answers
267(4)
Chapter 10 Attacking Local Host Vulnerabilities 271(74)
OS Vulnerabilities
271(2)
Postexploitation
273(6)
Gain Situational Awareness
273(3)
Collecting Information
276(2)
Exfiltration
278(1)
Privilege Escalation
279(21)
Linux Privilege Escalation
279(6)
Windows Privilege Escalation
285(15)
Exploitable Services
300(18)
Buffer Overflows
300(13)
Unquoted Service Paths
313(5)
Lateral Movement
318(13)
Lateral Movement in Linux
318(10)
Lateral Movement in Windows
328(3)
Maintaining Persistence
331(5)
Covering Your Tracks
333(1)
Clearing Command History
333(1)
Timestomping
334(2)
File Deletion
336(1)
Chapter Review
336(9)
Questions
337(2)
Questions and Answers
339(6)
Chapter 11 Physical Penetration Testing 345(30)
Keeping the Honest People Honest
347(18)
Environmental Threats
347(1)
Physical and Environmental Protection
348(4)
Physical Locks and Security
352(1)
Mechanical Locks
353(7)
Basic Tools and Opening Techniques
360(3)
Alarms and Early Warning Systems
363(2)
Physical Device Security
365(2)
Cold Boot Attack
365(1)
BIOS Attacks
365(2)
USB Keylogger
367(1)
Chapter Review
367(8)
Questions
368(2)
Questions and Answers
370(5)
Chapter 12 Reporting and Communication 375(30)
Writing the Pentest Report
375(23)
Drafting the Report
377(19)
Postengagement Cleanup
396(1)
Report Handling
397(1)
Post-Report Delivery Activities
398(1)
Customer Debriefing
398(1)
Follow-Up Actions
398(1)
Communication Is Key
398(1)
Chapter Review
399(6)
Questions
400(2)
Questions and Answers
402(3)
Appendix About the Online Content 405(4)
Glossary 409(14)
Index 423
Raymond G. Nutting, CompTIA PenTest+, CISSP-ISSEP, is a security practitioner with over 19 years' experience in the field of information security. He is the co-owner and founder of nDepth Security; a managed security service provider that specializes in penetration testing.  Raymond holds numerous industry-recognized certifications and has presented at various conferences and events throughout his career.
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97812601359542e.html
Märksõnad: