Muutke küpsiste eelistusi

E-raamat: CompTIA PenTest+ Study Guide: Exam PT0-002

4.00/5 (35 hinnangut Goodreads-ist)
(Miami University), (University of Notre Dame)
  • Formaat: EPUB+DRM
  • Sari: Sybex Study Guide
  • Ilmumisaeg: 05-Oct-2021
  • Kirjastus: Sybex Inc.,U.S.
  • Keel: eng
  • ISBN-13: 9781119823827
Teised raamatud teemal:
  • Formaat - EPUB+DRM
  • Hind: 62,98 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
CompTIA PenTest+ Study Guide: Exam PT0-002Suurem pilt
  • Formaat: EPUB+DRM
  • Sari: Sybex Study Guide
  • Ilmumisaeg: 05-Oct-2021
  • Kirjastus: Sybex Inc.,U.S.
  • Keel: eng
  • ISBN-13: 9781119823827
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

Prepare for success on the new PenTest+ certification exam and an exciting career in penetration testing 

In the revamped Second Edition of CompTIA PenTest+ Study Guide: Exam PT0-002, veteran information security experts Dr. Mike Chapple and David Seidl deliver a comprehensive roadmap to the foundational and advanced skills every pentester (penetration tester) needs to secure their CompTIA PenTest+ certification, ace their next interview, and succeed in an exciting new career in a growing field. 

You’ll learn to perform security assessments of traditional servers, desktop and mobile operating systems, cloud installations, Internet-of-Things devices, and industrial or embedded systems. You’ll plan and scope a penetration testing engagement including vulnerability scanning, understand legal and regulatory compliance requirements, analyze test results, and produce a written report with remediation techniques. 

This book will: 

  • Prepare you for success on the newly introduced CompTIA PenTest+ PT0-002 Exam 
  • Multiply your career opportunities with a certification that complies with ISO 17024 standards and meets Department of Defense Directive 8140/8570.01-M requirements 
  • Allow access to the Sybex online learning center, with chapter review questions, full-length practice exams, hundreds of electronic flashcards, and a glossary of key terms 

Perfect for anyone preparing for the updated CompTIA PenTest+ certification exam, CompTIA PenTest+ Study Guide: Exam PT0-002 is also a must-read resource for aspiring penetration testers and IT security professionals seeking to expand and improve their skillset. 

Introduction xxv
Assessment Test xxxix
Chapter 1 Penetration Testing
1(30)
What Is Penetration Testing?
2(3)
Cybersecurity Goals
2(2)
Adopting the Hacker Mindset
4(1)
Ethical Hacking
5(1)
Reasons for Penetration Testing
5(3)
Benefits of Penetration Testing
6(1)
Regulatory Requirements for Penetration Testing
7(1)
Who Performs Penetration Tests?
8(2)
Internal Penetration Testing Teams
8(1)
External Penetration Testing Teams
9(1)
Selecting Penetration Testing Teams
10(1)
The CompTIA Penetration Testing Process
10(4)
Planning and Scoping
11(1)
Information Gathering and Vulnerability Scanning
11(1)
Attacks and Exploits
12(1)
Reporting and Communication
13(1)
Tools and Code Analysis
13(1)
The Cyber Kill Chain
14(3)
Reconnaissance
15(1)
Weaponization
16(1)
Delivery
16(1)
Exploitation
16(1)
Installation
16(1)
Command and Control
16(1)
Actions on Objectives
17(1)
Tools of the Trade
17(8)
Reconnaissance
20(1)
Vulnerability Scanners
21(1)
Social Engineering
21(1)
Credential Testing Tools
22(1)
Debuggers and Software Testing Tools
22(1)
Network Testing
23(1)
Remote Access
23(1)
Exploitation
24(1)
Steganography
24(1)
Cloud Tools
25(1)
Summary
25(1)
Exam Essentials
25(1)
Lab Exercises
26(1)
Activity 1.1 Adopting the Hacker Mindset
26(1)
Activity 1.2 Using the Cyber Kill Chain
26(1)
Review Questions
27(4)
Chapter 2 Planning and Scoping Penetration Tests
31(28)
Scoping and Planning Engagements
34(10)
Assessment Types
35(1)
Known Environments and Unknown Environments
35(2)
The Rules of Engagement
37(2)
Scoping Considerations---A Deeper Dive
39(3)
Support Resources for Penetration Tests
42(2)
Penetration Testing Standards and Methodologies
44(2)
Key Legal Concepts for Penetration Tests
46(3)
Contracts
46(1)
Data Ownership and Retention
47(1)
Permission to Attack (Authorization)
47(1)
Environmental Differences and Location Restrictions
48(1)
Regulatory Compliance Considerations
49(2)
Summary
51(1)
Exam Essentials
52(1)
Lab Exercises
53(1)
Review Questions
54(5)
Chapter 3 Information Gathering
59(50)
Footprinting and Enumeration
63(15)
OSINT
64(1)
Location and Organizational Data
65(3)
Infrastructure and Networks
68(6)
Security Search Engines
74(3)
Google Dorks and Search Engine Techniques
77(1)
Password Dumps and Other Breach Data
77(1)
Source Code Repositories
78(1)
Passive Enumeration and Cloud Services
78(1)
Active Reconnaissance and Enumeration
78(21)
Hosts
79(1)
Services
79(6)
Networks, Topologies, and Network Traffic
85(3)
Packet Crafting and Inspection
88(2)
Enumeration
90(7)
Information Gathering and Code
97(2)
Avoiding Detection
99(1)
Information Gathering and Defenses
99(1)
Defenses Against Active Reconnaissance
100(1)
Preventing Passive Information Gathering
100(1)
Summary
100(1)
Exam Essentials
101(1)
Lab Exercises
102(2)
Activity 3.1 Manual OSINT Gathering
102(1)
Activity 3.2 Exploring Shodan
102(1)
Activity 3.3 Running an Nmap Scan
103(1)
Review Questions
104(5)
Chapter 4 Vulnerability Scanning
109(42)
Identifying Vulnerability Management Requirements
112(9)
Regulatory Environment
112(4)
Corporate Policy
116(1)
Support for Penetration Testing
116(1)
Identifying Scan Targets
117(1)
Determining Scan Frequency
118(2)
Active vs. Passive Scanning
120(1)
Configuring and Executing Vulnerability Scans
121(10)
Scoping Vulnerability Scans
121(1)
Configuring Vulnerability Scans
122(7)
Scanner Maintenance
129(2)
Software Security Testing
131(7)
Analyzing and Testing Code
131(2)
Web Application Vulnerability Scanning
133(5)
Developing a Remediation Workflow
138(3)
Prioritizing Remediation
140(1)
Testing and Implementing Fixes
141(1)
Overcoming Barriers to Vulnerability Scanning
141(2)
Summary
143(1)
Exam Essentials
143(1)
Lab Exercises
144(2)
Activity 4.1 Installing a Vulnerability Scanner
144(1)
Activity 4.2 Running a Vulnerability Scan
145(1)
Activity 4.3 Developing a Penetration Test Vulnerability Scanning Plan
145(1)
Review Questions
146(5)
Chapter 5 Analyzing Vulnerability Scans
151(44)
Reviewing and Interpreting Scan Reports
152(10)
Understanding CVSS
156(6)
Validating Scan Results
162(3)
False Positives
162(1)
Documented Exceptions
162(1)
Understanding Informational Results
163(1)
Reconciling Scan Results with Other Data Sources
164(1)
Trend Analysis
164(1)
Common Vulnerabilities
165(21)
Server and Endpoint Vulnerabilities
166(9)
Network Vulnerabilities
175(6)
Virtualization Vulnerabilities
181(2)
Internet of Things (IoT)
183(1)
Web Application Vulnerabilities
184(2)
Summary
186(1)
Exam Essentials
187(1)
Lab Exercises
188(2)
Activity 5.1 Interpreting a Vulnerability Scan
188(1)
Activity 5.2 Analyzing a CVSS Vector
188(1)
Activity 5.3 Developing a Penetration Testing Plan
189(1)
Review Questions
190(5)
Chapter 6 Exploiting and Pivoting
195(48)
Exploits and Attacks
198(8)
Choosing Targets
198(1)
Enumeration
199(2)
Identifying the Right Exploit
201(3)
Exploit Resources
204(2)
Exploitation Toolkits
206(7)
Metasploit
206(6)
PowerSploit
212(1)
BloodHound
213(1)
Exploit Specifics
213(9)
RPC/DCOM
213(1)
PsExec
214(1)
PS Remoting/WinRM
214(1)
WMI
214(1)
Fileless Malware and Living Off the Land
215(1)
Scheduled Tasks and cron Jobs
216(1)
SMB
217(2)
DNS
219(1)
RDP
220(1)
Apple Remote Desktop
220(1)
VNC
220(1)
SSH
220(1)
Network Segmentation Testing and Exploits
221(1)
Leaked Keys
222(1)
Leveraging Exploits
222(6)
Common Post-Exploit Attacks
222(3)
Cross Compiling
225(1)
Privilege Escalation
226(1)
Social Engineering
226(1)
Escaping and Upgrading Limited Shells
227(1)
Persistence and Evasion
228(3)
Scheduled Jobs and Scheduled Tasks
228(1)
Inetd Modification
228(1)
Daemons and Services
229(1)
Backdoors and Trojans
229(1)
Data Exfiltration and Covert Channels
230(1)
New Users
230(1)
Pivoting
231(1)
Covering Your Tracks
232(1)
Summary
233(1)
Exam Essentials
234(1)
Lab Exercises
235(2)
Activity 6.1 Exploit
235(1)
Activity 6.2 Discovery
235(1)
Activity 6.3 Pivot
236(1)
Review Questions
237(6)
Chapter 7 Exploiting Network Vulnerabilities
243(44)
Identifying Exploits
247(1)
Conducting Network Exploits
247(10)
VLAN Hopping
247(2)
DNS Cache Poisoning
249(2)
On-Path Attacks
251(3)
NAC Bypass
254(1)
DoS Attacks and Stress Testing
255(2)
Exploit Chaining
257(1)
Exploiting Windows Services
257(4)
NetBIOS Name Resolution Exploits
257(4)
SMB Exploits
261(1)
Identifying and Exploiting Common Services
261(8)
Identifying and Attacking Service Targets
262(1)
SNMP Exploits
263(1)
SMTP Exploits
264(1)
FTP Exploits
265(1)
Kerberoasting
266(1)
Samba Exploits
267(1)
Password Attacks
268(1)
Stress Testing for Availability
269(1)
Wireless Exploits
269(9)
Attack Methods
269(1)
Finding Targets
270(1)
Attacking Captive Portals
270(1)
Eavesdropping, Evil Twins, and Wireless On-Path Attacks
271(4)
Other Wireless Protocols and Systems
275(1)
RFID Cloning
276(1)
Jamming
277(1)
Repeating
277(1)
Summary
278(1)
Exam Essentials
279(1)
Lab Exercises
279(3)
Activity 7.1 Capturing Hashes
279(1)
Activity 7.2 Brute-Forcing Services
280(1)
Activity 7.3 Wireless Testing
281(1)
Review Questions
282(5)
Chapter 8 Exploiting Physical and Social Vulnerabilities
287(24)
Physical Facility Penetration Testing
290(4)
Entering Facilities
290(4)
Information Gathering
294(1)
Social Engineering
294(8)
In-Person Social Engineering
295(2)
Phishing Attacks
297(1)
Website-Based Attacks
298(1)
Using Social Engineering Tools
298(4)
Summary
302(1)
Exam Essentials
303(1)
Lab Exercises
303(3)
Activity 8.1 Designing a Physical Penetration Test
303(1)
Activity 8.2 Brute-Forcing Services
304(1)
Activity 8.3 Using BeEF
305(1)
Review Questions
306(5)
Chapter 9 Exploiting Application Vulnerabilities
311(44)
Exploiting Injection Vulnerabilities
314(6)
Input Validation
314(1)
Web Application Firewalls
315(1)
SQL Injection Attacks
316(3)
Code Injection Attacks
319(1)
Command Injection Attacks
319(1)
LDAP Injection Attacks
320(1)
Exploiting Authentication Vulnerabilities
320(7)
Password Authentication
321(1)
Session Attacks
322(4)
Kerberos Exploits
326(1)
Exploiting Authorization Vulnerabilities
327(4)
Insecure Direct Object References
327(1)
Directory Traversal
328(2)
File Inclusion
330(1)
Privilege Escalation
331(1)
Exploiting Web Application Vulnerabilities
331(4)
Cross-Site Scripting (XSS)
331(3)
Request Forgery
334(1)
Clickjacking
335(1)
Unsecure Coding Practices
335(5)
Source Code Comments
335(1)
Error Handling
336(1)
Hard-Coded Credentials
336(1)
Race Conditions
337(1)
Unprotected APIs
337(1)
Unsigned Code
338(2)
Steganography
340(1)
Application Testing Tools
341(5)
Static Application Security Testing (SAST)
341(1)
Dynamic Application Security Testing (DAST)
342(4)
Mobile Tools
346(1)
Summary
346(1)
Exam Essentials
347(1)
Lab Exercises
347(2)
Activity 9.1 Application Security Testing Techniques
347(1)
Activity 9.2 Using the ZAP Proxy
348(1)
Activity 9.3 Creating a Cross-Site Scripting Vulnerability
348(1)
Review Questions
349(6)
Chapter 10 Attacking Hosts, Cloud Technologies, and Specialized Systems
355(50)
Attacking Hosts
360(8)
Linux
361(4)
Windows
365(2)
Cross-Platform Exploits
367(1)
Credential Attacks and Testing Tools
368(4)
Credential Acquisition
368(1)
Offline Password Cracking
369(2)
Credential Testing and Brute-Forcing Tools
371(1)
Wordlists and Dictionaries
371(1)
Remote Access
372(2)
SSH
372(1)
NETCAT and Neat
373(1)
Metasploit and Remote Access
373(1)
Proxies and Proxychains
374(1)
Attacking Virtual Machines and Containers
374(5)
Virtual Machine Attacks
375(2)
Containerization Attacks
377(2)
Attacking Cloud Technologies
379(5)
Attacking Cloud Accounts
379(1)
Attacking and Using Misconfigured Cloud Assets
380(2)
Other Cloud Attacks
382(1)
Tools for Cloud Technology Attacks
383(1)
Attacking Mobile Devices
384(5)
Attacking IoT, ICS, Embedded Systems, and SCADA Devices
389(3)
Attacking Data Storage
392(1)
Summary
393(2)
Exam Essentials
395(1)
Lab Exercises
396(4)
Activity 10.1 Dumping and Cracking the Windows SAM and Other Credentials
396(1)
Activity 10.2 Cracking Passwords Using Hashcat
397(1)
Activity 10.3 Setting Up a Reverse Shell and a Bind Shell
398(2)
Review Questions
400(5)
Chapter 11 Reporting and Communication
405(24)
The Importance of Communication
409(2)
Defining a Communication Path
409(1)
Communication Triggers
410(1)
Goal Reprioritization
410(1)
Recommending Mitigation Strategies
411(5)
Finding: Shared Local Administrator Credentials
412(1)
Finding: Weak Password Complexity
413(1)
Finding: Plaintext Passwords
414(1)
Finding: No Multifactor Authentication
414(2)
Finding: SQL Injection
416(1)
Finding: Unnecessary Open Services
416(1)
Writing a Penetration Testing Report
416(5)
Structuring the Written Report
417(3)
Secure Handling and Disposition of Reports
420(1)
Wrapping Up the Engagement
421(2)
Post-Engagement Cleanup
421(1)
Client Acceptance
421(1)
Lessons Learned
421(1)
Follow-Up Actions/Retesting
422(1)
Attestation of Findings
422(1)
Retention and Destruction of Data
422(1)
Summary
423(1)
Exam Essentials
423(1)
Lab Exercises
424(1)
Activity 11.1 Remediation Strategies
424(1)
Activity 11.2 Report Writing
424(1)
Review Questions
425(4)
Chapter 12 Scripting for Penetration Testing
429(56)
Scripting and Penetration Testing
431(7)
Bash
432(1)
PowerShell
433(1)
Ruby
434(1)
Python
435(1)
Perl
435(1)
JavaScript
436(2)
Variables, Arrays, and Substitutions
438(6)
Bash
439(1)
PowerShell
440(1)
Ruby
441(1)
Python
441(1)
Perl
442(1)
JavaScript
442(2)
Comparison Operations
444(1)
String Operations
445(7)
Bash
446(1)
PowerShell
447(1)
Ruby
448(1)
Python
449(1)
Perl
450(1)
JavaScript
451(1)
Flow Control
452(1)
Conditional Execution
453(18)
For Loops
458(7)
While Loops
465(6)
Input and Output (I/O)
471(1)
Redirecting Standard Input and Output
471(1)
Comma-Separated Values (CSV)
472(1)
Error Handling
472(2)
Bash
472(1)
PowerShell
473(1)
Ruby
473(1)
Python
473(1)
Advanced Data Structures
474(1)
JavaScript Object Notation (JSON)
474(1)
Trees
475(1)
Reusing Code
475(1)
The Role of Coding in Penetration Testing
476(1)
Analyzing Exploit Code
476(1)
Automating Penetration Tests
477(1)
Summary
477(1)
Exam Essentials
477(1)
Lab Exercises
478(2)
Activity 12.1 Reverse DNS Lookups
478(1)
Activity 12.2 Nmap Scan
479(1)
Review Questions
480(5)
Appendix A Answers to Review Questions
485(24)
Chapter 1 Penetration Testing
486(1)
Chapter 2 Planning and Scoping Penetration Tests
487(2)
Chapter 3 Information Gathering
489(2)
Chapter 4 Vulnerability Scanning
491(2)
Chapter 5 Analyzing Vulnerability Scans
493(2)
Chapter 6 Exploiting and Pivoting
495(2)
Chapter 7 Exploiting Network Vulnerabilities
497(2)
Chapter 8 Exploiting Physical and Social Vulnerabilities
499(2)
Chapter 9 Exploiting Application Vulnerabilities
501(2)
Chapter 10 Attacking Hosts, Cloud Technologies, and Specialized Systems
503(2)
Chapter 11 Reporting and Communication
505(1)
Chapter 12 Scripting for Penetration Testing
506(3)
Appendix B Solution to Lab Exercise
509(2)
Solution to Activity 5.2 Analyzing a CVSS Vector
510(1)
Index 511
MIKE CHAPPLE, Security+, CySA+, CISSP, is Teaching Professor of IT, Analytics, and Operations at the University of Notre Dame. He's a cybersecurity professional and educator with over 20 years of experience. Mike provides cybersecurity certification resources at his website, CertMike.com.

DAVID SEIDL, Security+, CySA+, CISSP, PenTest+, is Vice President for Information Technology and CIO at Miami University. David co-led Notre Dame's move to the cloud, and has written multiple cybersecurity certification books.
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97811198238276e.html
Märksõnad: