Muutke küpsiste eelistusi

CompTIA PenTestplus PT0-001 Cert Guide [Multiple-component retail product]

3.50/5 (4 hinnangut Goodreads-ist)
,
  • Formaat: Multiple-component retail product, 608 pages, kõrgus x laius x paksus: 234x194x34 mm, kaal: 1180 g, Contains 1 Hardback and 1 Digital product license key
  • Sari: Certification Guide
  • Ilmumisaeg: 27-Nov-2018
  • Kirjastus: Pearson IT Certification
  • ISBN-10: 0789760355
  • ISBN-13: 9780789760357
Teised raamatud teemal:
CompTIA PenTestplus PT0-001 Cert GuideSuurem pilt
  • Formaat: Multiple-component retail product, 608 pages, kõrgus x laius x paksus: 234x194x34 mm, kaal: 1180 g, Contains 1 Hardback and 1 Digital product license key
  • Sari: Certification Guide
  • Ilmumisaeg: 27-Nov-2018
  • Kirjastus: Pearson IT Certification
  • ISBN-10: 0789760355
  • ISBN-13: 9780789760357
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9780789760357.html
Märksõnad:
Learn, prepare, and practice for CompTIA Pentest+ PT0-001 exam success with this CompTIA Cert Guide from Pearson IT Certification, a leader in IT Certification.





Master CompTIA Pentest+ PT0-001 exam topics Assess your knowledge with chapter-ending quizzes Review key concepts with exam preparation tasks Practice with realistic exam questions Get practical guidance for next steps and more advanced certifications

CompTIA Pentest+ Cert Guide is a best-of-breed exam study guide. Best-selling author Omar Santos and leading IT security expert Ron Taylor share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

The book presents you with an organized test preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly. Review questions help you assess your knowledge, and a final preparation chapter guides you through tools and resources to help you craft your final study plan.

The companion website contains the powerful Pearson Test Prep practice test software, complete with 340 exam-realistic questions. The assessment engine offers you a wealth of customization options and reporting features, laying out a complete assessment of your knowledge to help you focus your study where it is needed most.

Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this study guide helps you master the concepts and techniques that will allow you to succeed on the exam the first time.

The CompTIA study guide helps you master all the topics on the Pentest+ exam, including:





Planning and scoping: Explain the importance of proper planning and scoping, understand key legal concepts, explore key aspects of compliance-based assessments Information gathering and vulnerability identification: Understand passive and active reconnaissance, conduct appropriate information gathering and use open source intelligence (OSINT); perform vulnerability scans; analyze results; explain how to leverage gathered information in exploitation; understand weaknesses of specialized systems Attacks and exploits: Compare and contrast social engineering attacks; exploit network-based, wireless, RF-based, application-based, and local host vulnerabilities; summarize physical security attacks; perform post-exploitation techniques Penetration testing tools: Use numerous tools to perform reconnaissance, exploit vulnerabilities and perform post-exploitation activities; leverage the Bash shell, Python, Ruby, and PowerShell for basic scripting Reporting and communication: Write reports containing effective findings and recommendations for mitigation; master best practices for reporting and communication; perform post-engagement activities such as cleanup of tools or shells
Introduction xxiii
Chapter 1 Introduction to Ethical Hacking and Penetration Testing 3(22)
"Do I Know This Already?" Quiz
3(3)
Understanding Ethical Hacking and Penetration Testing
6(1)
What Is the Difference Between Ethical Hacking and Nonethical Hacking?
6(1)
Why Do We Need to Do Penetration Testing?
7(1)
Understanding the Current Threat Landscape
7(3)
Ransomware
8(1)
IoT
8(1)
Threat Actors
9(1)
Exploring Penetration Testing Methodologies
10(6)
Why Do We Need to Follow a Methodology for Penetration Testing?
10(1)
Penetration Testing Methods
11(2)
Surveying Penetration Testing Methodologies
13(3)
Building Your Own Lab
16(4)
Requirements and Guidelines for Penetration Testing Labs
18(1)
What Tools Should You Use in Your Lab?
18(1)
What if You Break Something?
19(1)
Review All Key Topics
20(1)
Define Key Terms
20(1)
Q&&A
21(4)
Chapter 2 Planning and Scoping a Penetration Testing Assessment 25(38)
"Do I Know This Already?" Quiz
25(4)
Explaining the Importance of the Planning and Preparation Phase
29(12)
Understanding the Target Audience
29(1)
Rules of Engagement
30(1)
Communication Escalation Path
31(1)
Confidentiality of Findings
32(1)
Budget
32(1)
Point-in-Time Assessment
33(1)
Impact Analysis and Remediation Timelines
34(4)
Disclaimers
38(1)
Technical Constraints
39(1)
Support Resources
40(1)
Understanding the Legal Concepts of Penetration Testing
41(3)
Contracts
41(1)
Written Authorization
42(1)
SOW
42(1)
MSA
42(1)
NDA
43(1)
Export Restrictions
43(1)
Corporate Policies
43(1)
Learning How to Scope a Penetration Testing Engagement Properly
44(6)
Scope Creep
44(1)
Types of Assessment
45(1)
Special Scoping Considerations
45(1)
Target Selection
46(1)
Strategy
47(1)
Risk Acceptance, Tolerance, and Management
47(1)
Understanding Risk Management
48(1)
Risk Acceptance
48(1)
Risk Mitigation
48(1)
Risk Transfer, Avoidance, and Sharing
49(1)
Risk Appetite and Tolerance
49(1)
Learning the Key Aspects of Compliance-Based Assessments
50(8)
Rules for Completing Compliance-Based Assessments
50(1)
Regulations in the Financial Sector
50(2)
Regulations in the Healthcare Sector
52(1)
Payment Card Industry Data Security Standard (PCI DSS)
53(3)
Key Technical Elements in Regulations You Should Consider
56(1)
Limitations When Performing Compliance-Based Assessments
57(1)
Review All Key Topics
58(1)
Define Key Terms
59(1)
Q&&A
59(4)
Chapter 3 Information Gathering and Vulnerability Identification 63(58)
"Do I Know This Already?" Quiz
63(4)
Understanding Information Gathering and Reconnaissance
67(36)
Understanding Active Reconnaissance vs. Passive Reconnaissance
70(1)
Understanding Active Reconnaissance
71(2)
Nmap Scan Types
73(1)
TCP Connect Scan (-sT)
73(1)
UDP Scan (-sU)
74(2)
TCP FIN Scan (-sF)
76(1)
Ping scan (-sn)
77(1)
Exploring the Different Types of Enumeration
78(1)
Host Enumeration
78(2)
User Enumeration
80(1)
Group Enumeration
81(1)
Network Share Enumeration
82(1)
Web Page Enumeration/Web Application Enumeration
83(2)
Service Enumeration
85(1)
Exploring Enumeration via Packet Crafting
85(2)
Understanding Passive Reconnaissance
87(1)
Domain Enumeration
88(2)
Packet Inspection and Eavesdropping
90(1)
Understanding Open Source Intelligence (OSINT) Gathering
90(1)
Exploring Reconnaissance with Recon-ng
90(13)
Understanding the Art of Performing Vulnerability Scans
103(9)
How a Typical Automated Vulnerability Scanner Works
103(1)
Understanding the Types of Vulnerability Scans
104(1)
Unauthenticated Scans
104(1)
Authenticated Scans
105(1)
Discovery Scans
106(1)
Full Scans
106(2)
Stealth Scans
108(1)
Compliance Scans
109(1)
Challenges to Consider When Running a Vulnerability Scan
110(1)
Considering the Best Time to Run a Scan
110(1)
Determining What Protocols Are in Use
110(1)
Network Topology
110(1)
Bandwidth Limitations
111(1)
Query Throttling
111(1)
Fragile Systems/Nontraditional Assets
111(1)
Understanding How to Analyze Vulnerability Scan Results
112(4)
US-CERT
113(1)
The CERT Division of Carnegie Mellon University
113(1)
NIST
114(1)
JPCERT
114(1)
CAPEC
114(1)
CVE
114(1)
CWE
115(1)
How to Deal with a Vulnerability
115(1)
Review All Key Topics
116(1)
Define Key Terms
117(1)
Q&&A
117(4)
Chapter 4 Social Engineering Attacks 121(22)
"Do I Know This Already?" Quiz
121(4)
Understanding Social Engineering Attacks
125(1)
Phishing
126(1)
Pharming
126(1)
Malvertising
127(1)
Spear Phishing
128(6)
SMS Phishing
134(1)
Voice Phishing
135(1)
Whaling
135(1)
Elicitation, Interrogation, and Impersonation (Pretexting)
135(2)
Social Engineering Motivation Techniques
137(1)
Shoulder Surfing
137(1)
USB Key Drop and Social Engineering
138(1)
Review All Key Topics
138(1)
Define Key Terms
139(1)
Q&&A
139(4)
Chapter 5 Exploiting Wired and Wireless Networks 143(64)
"Do I Know This Already?" Quiz
143(5)
Exploiting Network-Based Vulnerabilities
148(37)
Exploring Windows Name Resolution and SMB Attacks
148(1)
NetBIOS Name Service and LLMNR
148(3)
SMB Exploits
151(4)
DNS Cache Poisoning
155(2)
SNMP Exploits
157(2)
SMTP Exploits
159(1)
SMTP Open Relays
160(1)
Useful SMTP Commands
160(3)
Using Known SMTP Server Exploits
163(3)
FTP Exploits
166(2)
Pass-the-Hash Attacks
168(1)
Kerberos and LDAP-Based Attacks
169(4)
Understanding Man-in-the-Middle Attacks
173(1)
Understanding ARP Spoofing and ARP Cache Poisoning
173(2)
Downgrade Attacks
175(1)
Route Manipulation Attacks
175(1)
Understanding Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
176(1)
Direct DoS Attacks
176(2)
Reflected DDoS Attacks
178(1)
Amplification DDoS Attacks
178(1)
Network Access Control (NAC) Bypass
179(2)
ULAN Hopping
181(2)
DHCP Starvation Attacks and Rogue DHCP Servers
183(2)
Exploiting Wireless and RF-Based Attacks and Vulnerabilities
185(15)
Installing Rogue Access Points
185(1)
Evil Twin Attacks
185(1)
Deauthentication Attacks
186(3)
Attacking the Preferred Network Lists
189(1)
Jamming Wireless Signals and Causing Interference
189(1)
War Driving
190(1)
Initialization Vector (IV) Attacks and Unsecured Wireless Protocols
190(1)
Attacking WEP
190(2)
Attacking WPA
192(4)
KRACK Attacks
196(1)
Attacking Wi-Fi Protected Setup (WPS)
197(1)
KARMA Attacks
197(1)
Fragmentation Attacks
197(2)
Credential Harvesting
199(1)
Bluejacking and Bluesnarfing
199(1)
Radio-Frequency Identification (RFID) Attacks
200(1)
Review All Key Topics
200(2)
Define Key Terms
202(1)
Q&&A
202(5)
Chapter 6 Exploiting Application-Based Vulnerabilities 207(70)
"Do I Know This Already?" Quiz
207(6)
Overview of Web Applications for Security Professionals
213(11)
The HTTP Protocol
213(8)
Understanding Web Sessions
221(3)
How to Build Your Own Web Application Lab
224(3)
Understanding Injection-Based Vulnerabilities
227(15)
Exploiting SQL Injection Vulnerabilities
228(1)
A Brief Introduction to SQL
228(4)
SQL Injection Categories
232(2)
Fingerprinting a Database
234(1)
Surveying the UNION Exploitation Technique
235(2)
Using Boolean in SQL Injection Attacks
237(1)
Understanding Out-of-Band Exploitation
237(2)
Exploring the Time-Delay SQL Injection Technique
239(1)
Surveying a Stored Procedure SQL Injection
239(1)
Understanding SQL Injection Mitigations
240(1)
HTML Injection Vulnerabilities
241(1)
Command Injection Vulnerabilities
241(1)
Exploiting Authentication-Based Vulnerabilities
242(8)
Exploring Credential Brute Forcing
243(2)
Understanding Session Hijacking
245(4)
Understanding Redirect Attacks
249(1)
Taking Advantage of Default Credentials
249(1)
Exploiting Kerberos Vulnerabilities
250(1)
Exploiting Authorization-Based Vulnerabilities
250(2)
Understanding Parameter Pollution
250(1)
Exploiting Insecure Direct Object Reference Vulnerabilities
251(1)
Understanding Cross-Site Scripting (XSS) Vulnerabilities
252(8)
Reflected XSS Attacks
253(2)
Stored XSS Attacks
255(1)
DOM-Based XSS Attacks
256(1)
XSS Evasion Techniques
257(1)
XSS Mitigations
258(2)
Understanding Cross-Site Request Forgery Attacks
260(1)
Understanding Clickjacking
261(1)
Exploiting Security Misconfigurations
262(2)
Exploiting Directory Traversal Vulnerabilities
262(1)
Understanding Cookie Manipulation Attacks
263(1)
Exploiting File Inclusion Vulnerabilities
264(1)
Local File Inclusion Vulnerabilities
264(1)
Remote File Inclusion Vulnerabilities
264(1)
Exploiting Insecure Code Practices
265(6)
Comments in Source Code
265(1)
Lack of Error Handling and Overly Verbose Error Handling
266(1)
Hard-Coded Credentials
266(1)
Race Conditions
266(1)
Unprotected APIs
267(3)
Hidden Elements
270(1)
Lack of Code Signing
270(1)
Review All Key Topics
271(1)
Define Key Terms
272(1)
Q&&A
273(4)
Chapter 7 Exploiting Local Host and Physical Security Vulnerabilities 277(56)
"Do I Know This Already?" Quiz
277(4)
Exploiting Local Host Vulnerabilities
281(45)
Insecure Service and Protocol Configurations
281(4)
Local Privilege Escalation
285(1)
Understanding Linux Permissions
286(5)
Understanding SUID or SGID and Unix Programs
291(3)
Insecure SUDO Implementations
294(4)
Ret2libc Attacks
298(1)
Windows Privileges
299(1)
CPassword
299(1)
Clear-Text Credentials in LDAP
300(1)
Kerberoasting
301(1)
Credentials in Local Security Authority Subsystem Service (LSASS)
301(1)
SAM Database
302(1)
Understanding Dynamic Link Library Hijacking
303(1)
Exploitable Services
304(1)
Insecure File and Folder Permissions
305(1)
Understanding Windows Group Policy
305(1)
Keyloggers
306(1)
Scheduled Tasks
307(1)
Escaping the Sandbox
308(2)
Virtual Machine Escape
310(1)
Understanding Container Security
310(4)
Mobile Device Security
314(2)
Understanding Android Security
316(7)
Understanding Apple iOS Security
323(3)
Understanding Physical Security Attacks
326(2)
Understanding Physical Device Security
326(1)
Protecting Your Facilities Against Physical Security Attacks
327(1)
Review All Key Topics
328(1)
Define Key Terms
329(1)
Q&&A
329(4)
Chapter 8 Performing Post-Exploitation Techniques 333(28)
"Do I Know This Already?" Quiz
333(4)
Maintaining Persistence After Compromising a System
337(10)
Creating Reverse and Bind Shells
338(6)
Command and Control (C2) Utilities
344(2)
Creating and Manipulating Scheduled Jobs and Tasks
346(1)
Creating Custom Daemons, Processes, and Additional Backdoors
346(1)
Creating New Users
346(1)
Understanding How to Perform Lateral Movement
347(9)
Post-Exploitation Scanning
347(1)
Using Remote Access Protocols
348(1)
Using Windows Legitimate Utilities
349(1)
Using PowerShell for Post-Exploitation Tasks
349(2)
Using PowerSploit
351(3)
Using the Windows Management Instrumentation for Post-Exploitation Tasks
354(1)
Using Sysinternals and PSExec
355(1)
Understanding How to Cover Your Tracks and Clean Up Systems After a Penetration Testing Engagement
356(1)
Review All Key Topics
357(1)
Define Key Terms
358(1)
Q&&A
358(3)
Chapter 9 Penetration Testing Tools 361(110)
"Do I Know This Already?" Quiz
361(4)
Understanding the Different Use Cases of Penetration Testing Tools and How to Analyze Their Output
365(95)
Penetration Testing-Focused Linux Distributions
365(1)
Kali Linux
366(1)
Parrot
367(1)
BlackArch Linux
367(2)
CAINE
369(1)
Security Onion
369(1)
Common Tools for Reconnaissance and Enumeration
370(1)
Tools for Passive Reconnaissance
370(20)
Tools for Active Reconnaissance
390(10)
Common Tools for Vulnerability Scanning
400(20)
Common Tools for Credential Attacks
420(1)
John the Ripper
420(4)
Cain and Abel
424(1)
Hashcat
425(3)
Hydra
428(1)
Rainbow Crack
429(1)
Medusa and Ncrack
430(1)
CeWL
431(1)
Mimikatz
432(1)
Patator
432(1)
Common Tools for Persistence
433(1)
Common Tools for Evasion
434(1)
Veil
434(4)
Tor
438(1)
Prolychains
439(1)
Encryption
439(1)
Encapsulation and Tunneling Using DNS and Other Protocols Like NTP
440(2)
Exploitation Frameworks
442(1)
Metasploit
442(7)
BeEF
449(1)
Common Decompilation, Disassembling, and Debugging Tools
450(1)
The GNU Project Debugger (GDB)
450(2)
Windows Debugger
452(1)
011yDbg
452(1)
edb Debugger
452(2)
Immunity Debugger
454(1)
IDA
454(1)
Objdump
455(2)
Common Tools for Forensics
457(1)
Common Tools for Software Assurance
458(1)
Findbugs, Findsecbugs, and SonarQube
458(1)
Fuzzers and Fuzz Testing
458(1)
Peach
459(1)
Mutiny Fuzzing Framework
459(1)
American Fuzzy Lop
459(1)
Wireless Tools
459(1)
Leveraging Bash, Python, Ruby, and PowerShell in Penetration Testing Engagements
460(2)
Introducing the Bash Shell
460(1)
A Brief Introduction to Python
461(1)
A Brief Introduction to Ruby
461(1)
A Brief Introduction to PowerShell
462(1)
Review All Key Topics
462(3)
Define Key Terms
465(1)
Q&&A
465(6)
Chapter 10 Understanding How to Finalize a Penetration Test 471(34)
"Do I Know This Already?" Quiz
471(3)
Explaining Post-Engagement Activities
474(1)
Surveying Report Writing Best Practices
475(24)
Understanding the Importance of a Quality Report
475(1)
Discussing Best Practices of Writing a Penetration Testing Report
476(1)
Knowing Your Audience
476(1)
Avoiding Cutting and Pasting
477(1)
Relating the Findings to the Environment
477(1)
Starting the Report While You Are Testing
478(1)
Exploring Tools for Collecting and Sharing Information
478(1)
Using Dradis for Effective Information Sharing and Reporting
478(1)
Steps in Using the Dradis Framework CE on Kali Linux
479(11)
Exploring the Common Report Elements
490(1)
PCI Data Security Standard Reporting Guidelines
491(2)
Expanding on the Common Report Elements
493(1)
Executive Summary
493(1)
Methodology
494(1)
Finding Metrics and Measurements
494(1)
Findings and Recommendations for Remediation
495(4)
Understanding Report Handling and Communications Best Practices
499(2)
Understanding Best Practices in Report Handling
499(1)
Correctly Classifying Report Contents
499(1)
Controlling Distribution Method and Media
499(1)
Explaining the Importance of Appropriate Communication
500(1)
Review All Key Topics
501(1)
Define Key Terms
502(1)
Q&&A
502(3)
Chapter 11 Final Preparation 505(6)
Tools for Final Preparation
505(4)
Pearson Cert Practice Test Engine and Questions on the Website
505(1)
Accessing the Pearson Test Prep Software Online
506(1)
Accessing the Pearson Test Prep Software Offline
506(1)
Customizing Your Exams
507(1)
Updating Your Exams
508(1)
Premium Edition
508(1)
Chapter-Ending Review Tools
509(1)
Suggested Plan for Final Review/Study
509(1)
Summary
509(2)
Appendix A Answers to the "Do I Know This Already?" Quizzes and Q&&A Sections 511(30)
Index 541
Omar Santos is a principal engineer in the Cisco Product Security Incident Response Team (PSIRT) within Ciscos Security Research and Operations. He mentors and leads engineers and incident managers during the investigation and resolution of security vulnerabilities in all Cisco products, including cloud services. Omar has been working with information technology and cybersecurity since the mid-1990s. He has designed, implemented, and supported numerous secure networks for Fortune 100 and 500 companies and the U.S. government. Prior to his current role, he was a technical leader within the Worldwide Security Practice and the Cisco Technical Assistance Center (TAC), where he taught, led, and mentored many engineers within both organizations.

Omar is an active member of the security community, where he leads several industrywide initiatives and standards bodies. His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants that are dedicated to increasing the security of the critical infrastructure. Omar often delivers technical presentations at many cybersecurity conferences. He is the author of more than 20 books and video courses. You can follow Omar on any of the following:





Personal website: omarsantos.io and theartofhacking.org Twitter: @santosomar LinkedIn: https://www.linkedin.com/in/santosomar

Ron Taylor has been in the information security field for almost 20 years, 10 of which were spent in consulting. In 2008, he joined the Cisco Global Certification Team as an SME in information assurance. In 2012, he moved into a position with the Security Research & Operations group, where his focus was mostly on penetration testing of Cisco products and services. He was also involved in developing and presenting security training to internal development and test teams globally. In addition, he provided consulting support to many product teams as an SME on product security testing. He then spent some time as a consulting systems engineer specializing in Ciscos security product line. In his current role, he works in the Cisco Product Security Incident Response Team (PSIRT). He has held a number of industry certifications, including GPEN, GWEB, GCIA, GCIH, GWAPT, RHCE, CCSP, CCNA, CISSP, and MCSE. Ron is also a Cisco Security Blackbelt, SANS mentor, cofounder and president of the Raleigh BSides Security Conference, and an active member of the Packet Hacking Village team at Defcon.

You can follow Ron on any of the following:





Twitter: @Gu5G0rman LinkedIn: www.linkedin.com/in/-RonTaylor