Muutke küpsiste eelistusi

E-raamat: CompTIA PenTest+ Certification All-in-One Exam Guide, Second Edition (Exam PT0-002)

3.67/5 (6 hinnangut Goodreads-ist)
,
  • Formaat: 464 pages
  • Ilmumisaeg: 01-Apr-2022
  • Kirjastus: McGraw-Hill Education
  • Keel: eng
  • ISBN-13: 9781264274901
Teised raamatud teemal:
  • Formaat - EPUB+DRM
  • Hind: 62,40 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
CompTIA PenTest+ Certification All-in-One Exam Guide, Second Edition (Exam PT0-002)Suurem pilt
  • Formaat: 464 pages
  • Ilmumisaeg: 01-Apr-2022
  • Kirjastus: McGraw-Hill Education
  • Keel: eng
  • ISBN-13: 9781264274901
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

This fully-updated guide delivers complete coverage of every topic on the current version of the CompTIA PenTest+ certification exam.

Get complete coverage of all the objectives included on the CompTIA PenTest+ certification exam PT0-002 from this comprehensive resource. Written by expert penetration testers, the book provides learning objectives at the beginning of each chapter, hands-on exercises, exam tips, and practice questions with in-depth explanations. Designed to help you pass the exam with ease, this definitive volume also serves as an essential on-the-job reference.

Covers all exam topics, including:

  • Planning and engagement
  • Information gathering
  • Vulnerability scanning
  • Network-based attacks
  • Wireless and radio frequency attacks
  • Web and database attacks
  • Cloud attacks
  • Specialized and fragile systems
  • Social Engineering and physical attacks
  • Post-exploitation tools and techniques
  • Post-engagement activities
  • Tools and code analysis
  • And more

Online content includes:

  • 170 practice exam questions
  • Interactive performance-based questions
  • Test engine that provides full-length practice exams or customizable quizzes by chapter or exam objective

Acknowledgments xv
Introduction xvii
Chapter 1 Planning and Engagement 1(34)
Governance, Risk, and Compliance
1(5)
Regulatory and Compliance Considerations
2(4)
Testing Limitations
6(2)
Time-Based Limitations
6(1)
Asset Scope Limitations
7(1)
Tool Limitations
7(1)
Allowed and Disallowed Tests
8(1)
Contracts and Documentation
8(3)
Master Services Agreement
9(1)
Nondisclosure Agreement
9(1)
Statement of Work
9(1)
Rules of Engagement
10(1)
Permission to Test
10(1)
Scope and Requirements
11(15)
Standards
11(7)
Environmental Considerations for Scoping
18(1)
Target Selection
19(4)
Contract Review
23(2)
Communication Planning
25(1)
Professionalism and Integrity
26(4)
Communication
27(2)
Integrity
29(1)
Risks to the Tester
30(1)
Review
30(3)
Questions
31(1)
Answers
32(1)
References
33(2)
Chapter 2 Information Gathering and Vulnerability Scanning 35(54)
Passive Reconnaissance
36(22)
DNS Recon
36(8)
OSINT
44(7)
Search Engines
51(7)
Active Reconnaissance
58(20)
Host Enumeration
58(4)
Service Identification and Fingerprinting
62(6)
Web Content Enumeration
68(3)
User Enumeration
71(2)
Defense Detection and Detection Avoidance
73(5)
Vulnerability Scanning and Analysis
78(7)
Credentialed vs. Noncredentialed Scanning
79(2)
Compliance and Configuration Auditing
81(1)
Vulnerability Research Sources
82(3)
Review
85(2)
Questions
85(2)
Answers
87(1)
References
87(2)
Chapter 3 Network-Based Attacks 89(34)
Name Resolution Exploits
89(10)
DNS Spoofing and Cache Poisoning
91(3)
Attacking LLMNR and NetBIOS
94(5)
Password Attacks
99(6)
Brute-Force and Dictionary Attacks
100(1)
Password Spraying
101(1)
Hash Cracking
101(4)
Stress Testing Applications and Protocols
105(3)
Network Packet Manipulation
108(3)
Analyzing and Inspecting Packets
108(1)
Forge and Decode Packets
109(2)
Layer 2 Attacks
111(3)
Attacking the Spanning Tree Protocol
111(2)
VLAN Hopping
113(1)
Bypassing Network Access Controls
114(1)
Researching an Attack
114(5)
An Attack on FTP
114(2)
An Attack on Samba and NFS
116(3)
Review
119(4)
Questions
120(1)
Answers
121(2)
Chapter 4 Wireless and RF Attacks 123(34)
802.11 Wireless
123(25)
Wireless Networking Overview
123(8)
Wireless Testing Equipment
131(1)
Attacking Wireless
132(16)
Attacking Bluetooth
148(2)
Bluetooth Specifications
148(1)
Device Discovery
149(1)
Bluetooth Attacks
149(1)
RFID and NFC
150(3)
Review
153(3)
Questions
153(2)
Answers
155(1)
References
156(1)
Chapter 5 Web and Database Attacks 157(38)
OWASP Top Ten
157(1)
Injection Attacks
157(16)
Command Injection
158(3)
SQL Injection
161(7)
LDAP Injection
168(1)
Cross-Site Scripting
169(2)
Cross-Site Request Forgery
171(2)
Attacking Authentication and Session Management
173(7)
Brute-Force Login Pages
173(3)
Session Management Testing
176(4)
Data Exposure and Insecure Configuration
180(8)
Weak Access Controls
181(1)
Exposing Sensitive Data
182(2)
Directory and Path Traversals
184(3)
Sensitive Data Exposure
187(1)
Inclusion Attacks
188(1)
Race Conditions
189(1)
Review
189(6)
Questions
190(2)
Answers
192(3)
Chapter 6 Attacking the Cloud 195(20)
Account and Privilege Attacks
196(7)
Credential Harvesting
196(1)
Privesc
197(5)
Account Takeover
202(1)
Password Spraying
202(1)
Misconfigured Cloud Assets
203(6)
Identity and Access Management
203(2)
Federation
205(1)
Object Storage
205(3)
Containerization Technologies
208(1)
Cloud-Centric Attacks
209(4)
Denial of Service
209(1)
Cloud Malware Injection
210(1)
Side-Channel Attacks
211(1)
Software Development Kits
211(2)
Review
213(2)
Questions
213(1)
Answers
214(1)
Chapter 7 Specialized and Fragile Systems 215(34)
Mobile Devices
216(23)
Testing Concepts
216(2)
Mobile Hardware
218(1)
Mobile Operating Systems Overview
219(2)
Mobile Applications Overview
221(3)
Testing iOS
224(6)
Testing Android
230(9)
Virtual and Containerized Systems
239(1)
Other Nontraditional Systems
240(3)
SCADA and Industrial Control Systems
240(3)
Embedded Systems
243(1)
Review
243(6)
Questions
244(2)
Answers
246(3)
Chapter 8 Social Engineering and Physical Attacks 249(24)
Physical Security and Social Engineering
250(5)
Pretexting and Impersonation
254(1)
Methods of Influence
255(1)
Social Engineering and Physical Attacks
255(12)
Phishing Attacks
256(3)
Other Web Attacks
259(1)
Social Engineering Tools
260(5)
Dumpster Diving
265(1)
USB Dropping
265(1)
Shoulder Surfing
265(1)
Tailgating
266(1)
Badges
266(1)
Basic Physpen Tools
266(1)
Countermeasures
267(1)
Review
268(3)
Questions
269(2)
Answers
271(1)
References
271(2)
Chapter 9 Post-Exploitation 273(50)
Enumeration
273(14)
Discovery
274(5)
Credential Access
279(8)
Privilege Escalation
287(18)
Linux Privilege Escalation
288(7)
Windows Privilege Escalation
295(10)
Covert Channels and Data Exfiltration
305(4)
SSH Tunneling
306(2)
Shell Types
308(1)
Command and Control
308(1)
Data Exfiltration
309(1)
Lateral Movement
309(4)
Living Off the Land
309(1)
Passing the Hash
310(1)
RPC/DCOM
311(1)
Remote Desktop Protocol
312(1)
WinRM
312(1)
Maintaining Persistence
313(3)
Windows
314(1)
Linux
315(1)
Covering Your Tracks
316(3)
Clearing Command History
316(1)
Timestomping
317(2)
File Deletion
319(1)
Review
319(4)
Questions
320(2)
Answers
322(1)
Chapter 10 Post-Engagement Activities 323(24)
The Anatomy of a Pentest Report
323(10)
Reporting Audience
324(1)
Report Contents
325(7)
Storage and Secure Distribution
332(1)
Attestations
333(1)
Findings, Recommendations, and Analysis
333(8)
Recommendations
337(3)
Common Themes and Root Causes
340(1)
Post-Engagement Activities
341(2)
Cleanup
342(1)
Client Acceptance
342(1)
Lessons Learned
342(1)
Retesting and Follow-up
343(1)
Review
343(2)
Questions
343(2)
Answers
345(1)
References
345(2)
Chapter 11 Tools and Code Analysis 347(32)
Logic Constructs
347(4)
Conditionals
348(1)
Loops
349(1)
Boolean Operators
349(1)
Arithmetic and String Operators
350(1)
Data Structures
351(3)
Key Values and Keys
351(1)
Arrays, Dictionaries, and Lists
352(1)
Trees
352(1)
CSV, XML, and JSON
352(2)
Other Programming Concepts
354(3)
Procedures
354(1)
Functions
355(1)
Classes
356(1)
Libraries
357(1)
Practical Examples
357(8)
Bash
358(2)
Python
360(1)
Perl
361(1)
Ruby
362(1)
JavaScript
363(1)
PowerShell
364(1)
Specialized Examples
365(10)
Bash Shells
365(1)
Bash Automation
366(2)
PowerShell Shells
368(1)
PowerShell: Enumerating AD Users and Computers
369(1)
Python Port Scanner
370(2)
Python Encoding
372(1)
Using Python to Upgrade to a Fully Interactive Shell
372(1)
Using Perl to Modify IP Addresses in a File
373(1)
Perl Reverse Shell
374(1)
JavaScript Downloader
374(1)
Review
375(22)
Questions
376(1)
Answers
377(2)
Chapter 12 Tools Inventory 379(18)
Appendix A Objective Map 397(2)
Objective Map: Exam PTO-002
397(2)
Appendix B About the Online Content 399(4)
System Requirements
399(1)
Your Total Seminars Training Hub Account
399(1)
Privacy Notice
399(1)
Single User License Terms and Conditions
399(2)
Total Tester Online
401(1)
Other Book Resources
401(1)
Performance-Based Questions
401(1)
Downloadable Content
402(1)
Technical Support
402(1)
Glossary 403(22)
Index 425
Heather Linn, CompTIA PenTest+, has over 20 years in the security industry and has held roles in corporate security, penetration testing, and as part of a hunt team. She has served as the technical editor for CompTIA PenTest+ Certification All-in-One Exam Guide, First Edition, CompTIA PenTest+ Certification Practice Exams, and Gray Hat Hacking, Fifth Edition. She is the author of CompTIA PenTest+ Passport.

Raymond Nutting, CompTIA PenTest+, CISSP-ISSEP, is a published author and security practitioner with over 20 years of experience in the field of information security. He is the co-owner and founder of nDepth Security, a managed security service provider that specializes in penetration testing. Ray holds numerous industry-recognized certifications and has presented at various conferences and events throughout his career. 
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97812642749016e.html
Märksõnad: