Comptia pentest+ certification all in one exam guide (exam pt0 001) (ebook pdf) - The ebook with ric

CompTIAPenTest+CertificationAllinOneExam Guide(ExamPT0001)(EbookPDF)

https://ebookmass.com/product/comptia-pentest-certificationall-in-one-exam-guide-exam-pt0-001-ebook-pdf/

Instant digital products (PDF, ePub, MOBI) ready for you

Download now and discover formats that fit your needs...

CompTIA PenTest+ Certification All-in-One Exam Guide (Exam PT0-001) 1st Edition

https://ebookmass.com/product/comptia-pentest-certification-all-inone-exam-guide-exam-pt0-001-1st-edition/

ebookmass.com

CompTIA PenTest+ Certification All-in-One Exam Guide, Second Edition (Exam PT0-002), 2nd Edition Raymond Nutting

https://ebookmass.com/product/comptia-pentest-certification-all-inone-exam-guide-second-edition-exam-pt0-002-2nd-edition-raymondnutting/

ebookmass.com

CompTIA PenTest+ Certification All-in-One Exam Guide, Second Edition (Exam PT0-002), 2nd Edition Heather Linn

https://ebookmass.com/product/comptia-pentest-certification-all-inone-exam-guide-second-edition-exam-pt0-002-2nd-edition-heather-linn/

ebookmass.com

Instructor Manual For Essentials of Negotiation 5th

Edition by Roy Lewicki , Bruce Barry , David Saunders

https://ebookmass.com/product/instructor-manual-for-essentials-ofnegotiation-5th-edition-by-roy-lewicki-bruce-barry-david-saunders/

ebookmass.com

Exploring philosophy: an introductory anthology 6th ed Edition Cahn

https://ebookmass.com/product/exploring-philosophy-an-introductoryanthology-6th-ed-edition-cahn/

ebookmass.com

Italian Verb Drills, 4th Ed 4th Edition Paola Nanni-Tate

https://ebookmass.com/product/italian-verb-drills-4th-ed-4th-editionpaola-nanni-tate/

ebookmass.com

Mapping Violeta Parra’s Cultural Landscapes 1st Edition Patricia Vilches (Eds.)

https://ebookmass.com/product/mapping-violeta-parras-culturallandscapes-1st-edition-patricia-vilches-eds/

ebookmass.com

Improving Public Opinion Surveys Mcgraw

https://ebookmass.com/product/improving-public-opinion-surveys-mcgraw/

ebookmass.com

Psychonauts• psychedelics: A systematic, multilingual, web-crawling exercise Valeria Catalani & John Martin

Corkery & Amira Guirguis & Flavia Napoletano & Davide Arillotta & Caroline Zangani & Alessandro Vento & Fabrizio Schifano

https://ebookmass.com/product/psychonauts-psychedelics-a-systematicmultilingual-web-crawling-exercise-valeria-catalani-john-martincorkery-amira-guirguis-flavia-napoletano-davide-arillotta-carolinezangani/ ebookmass.com

https://ebookmass.com/product/public-relations-cases-9th-editionebook-pdf/

ebookmass.com

CONTENTS

Acknowledgments

Introduction

ObjectiveMap: Exam PT0-001

Chapter1Pre-engagement Activities

Target Audience

Impact Analysis

ScopeandMethodology

Typesof Assessment

Threat Modeling

Target Selection

Contractual Agreements

NondisclosureAgreement

Master ServiceAgreement

Statement of Work

Chapter Review

Questions

QuestionsandAnswers

Chapter2GettingtoKnowYour Targets

FootprintingandReconnaissance

InformationGathering

Tools,Methods,andFrameworks

DataMining

SpecializedSearchEngines

DNS,Website,andEmail Footprinting

MetadataAnalysis

Chapter Review

Questions

QuestionsandAnswers

Chapter3NetworkScanningandEnumeration

802.11WirelessStandards

WirelessSpectrum Bands

WirelessModesandTerminology

WirelessTestingEquipment

Popular Antennas

802.11NetworkDiscovery

802.11Frames

WirelessScanning

Host Discovery

PingScan

Port Scanning

Port ScanningMethods

CommonPortsandProtocols

TCPScan

Half-OpenScan

UDPScan

Enumeration

Chapter Review

Questions

QuestionsandAnswers

Chapter4VulnerabilityScanningandAnalysis

ResearchingVulnerabilities

CVE

CWE

CAPEC

ATT&CK

RemoteSecurityScanning

Credentialedvs.NoncredentialedScanning

ComplianceandConfigurationAuditing

Nontraditional Assets

WebandDatabaseScanning

OpenWebApplicationSecurityProject (OWASP)

FingerprintingWebandDatabaseServers

EnumeratingInformation

AuthenticationandAuthorizationTesting

DataValidationTesting

VulnerabilityMapping

Chapter Review

Questions

QuestionsandAnswers

Chapter5MobileDeviceandApplicationTesting

MobileDeviceArchitecture

iPhoneOperatingSystem

AndroidOperatingSystem

MobilePentestingFundamentals

StaticAnalysis

DynamicandRuntimeAnalysis

NetworkAnalysis

Server-SideTesting

iOSApplicationSecurityTesting

SettingUpaniOSTestingEnvironment

JailbreakinganiOSDevice

ConnectingtotheiOSDevice

iOSFunctional TestingandApplicationMapping

AndroidApplicationSecurityTesting

SettingUpanAndroidTestingEnvironment

RootinganAndroidDevice

ConnectingtotheAndroidDevice

AndroidFunctional TestingandApplicationMapping

SoftwareAssuranceTesting

UnderstandingProgrammingLogic

Chapter Review

Questions

QuestionsandAnswers

Chapter6Social Engineering

MotivationTechniques

Social EngineeringAttacks

Phishing

Email-Based

Phone-Based

Countermeasures

Chapter Review

Questions

QuestionsandAnswers

Chapter7Network-BasedAttacks

NameResolutionExploits

DNSSpoofingandCachePoisoning

AttackingLLMNRandNetBIOS

StressTestingApplicationsandProtocols

Denial of ServiceAttacks

ExecutingDDoSAttacks

NetworkPacket Manipulation

AnalyzingandInspectingPackets

ForgeandDecodePackets

Layer-2Attacks

AttackingtheSpanningTreeProtocol

VLANHopping

BypassingNetworkAccessControls

AttackingCommonProtocols

ExploitingSNMPv1

PoorlyConfiguredFileSharing

AbusingSMTP

Chapter Review

Questions

QuestionsandAnswers

Chapter8WirelessandRFAttacks

WirelessEncryptionStandards

SettingUpaWirelessTestingLab

CrackingWEP

Wi-Fi ProtectedAccess(WPA)

CrackingWPS

WirelessAttacksandExploitation

Man-in-the-MiddleAttacks

AttackingBluetooth

Chapter Review

Questions

QuestionsandAnswers

Chapter9WebandDatabaseAttacks

Server-SideAttacks

InjectionAttacks

AttackingAuthenticationandSessionManagement

InclusionAttacks

ExploitingSecurityMisconfigurations

Client-SideAttacks

HTMLInjection

Cross-SiteScripting

Cross-SiteRequest Forgery

Clickjacking

Chapter Review

Questions

QuestionsandAnswers

Chapter10AttackingLocal Host Vulnerabilities

OSVulnerabilities

Postexploitation

GainSituational Awareness

CollectingInformation

Exfiltration

PrivilegeEscalation

LinuxPrivilegeEscalation

WindowsPrivilegeEscalation

ExploitableServices

Buffer Overflows

UnquotedServicePaths

Lateral Movement

Lateral Movement inLinux

Lateral Movement inWindows

MaintainingPersistence

CoveringYour Tracks

ClearingCommandHistory

Timestomping

FileDeletion

Chapter Review

Questions

QuestionsandAnswers

Chapter11Physical PenetrationTesting

KeepingtheHonest PeopleHonest

Environmental Threats

Physical andEnvironmental Protection

Physical LocksandSecurity

Mechanical Locks

BasicToolsandOpeningTechniques

AlarmsandEarlyWarningSystems

Physical DeviceSecurity

ColdBoot Attack

BIOSAttacks

USBKeylogger

Chapter Review

Questions

QuestionsandAnswers

Chapter12ReportingandCommunication

WritingthePentest Report

DraftingtheReport

Postengagement Cleanup

Report Handling

Post-Report DeliveryActivities

Customer Debriefing

Follow-UpActions

CommunicationIsKey

Chapter Review

Questions

QuestionsandAnswers

AppendixAbout theOnlineContent

Glossary

Index

ACKNOWLEDGMENTS

I’dliketothankall of theopen-sourcesecuritypractitionerswhohave contributedinsomeway,shape,or form tothegreater goodof improving andstandardizing“informationsecurity”practices.Tonameeveryonewho hascontributedwouldrequireabookall toitself,but tonameafewI wouldsaythankyouOWASPfor providingfoundational learningmaterial ontheartsof webandmobileapplicationsecuritytesting.Thankyoutoall thosewhocontributedtotheOpenSourceSecurityTestingMethodology Manual (OSSTMM); theInformationSystemsSecurityAssessment Framework(ISSAF); thePenetrationTestingExecutionStandard(PTES); andtheCVE,CWE,CAPEC,andATT&CKframeworkprovidedby MITRE.ThankyoutoPentesterLabandother silent contributorswhohave sharedtheir knowledgeandexpertiseoncertainsubjectstohelpinspire thedevelopment of certainexercisesusedinthisbook.I wouldliketo acknowledgeandextendabigthankyoutoMcGraw-Hill Educationand mytecheditor,Heather Linn; myacquisitionseditor,AmyGray; andmy editorial coordinator,ClaireYee,for their guidanceandsupport throughout thisprocess.Toall myfriendswhohelpedmealongtheway, thankyou.Youknowwhoyouare!

INTRODUCTION

WhyCompTIAPenTest+?TheCompTIAPenTest+exam evaluatestesting candidatesinfivespecificdomainareas: PlanningandScoping, InformationGatheringandVulnerabilityIdentification,Attacksand Exploits,PenetrationTestingTools,andReportingandCommunication. Successful testingcandidatesshouldensuretheyhave,at aminimum,the intermediaryskillsandon-the-jobknowledgeofhowtoconduct and executepenetrationtestingactivitiesinall fivedomainareas,including: understandinglegal andcompliancerequirements,performingvulnerability scansandexecutingapenetrationtest,analyzingdata,andbeingableto effectivelyreport andcommunicatetheresultsofapenetrationtest.How manyyearsofexperienceequateto“intermediaryskillsandknowledge”? That answercanvary,dependingonyourworkandeducational background. CompTIArecommendshavingaNetwork+,Security+,orequivalent backgroundwithaminimum ofthreetofouryearsofhands-oninformation securityorrelatedexperience.Icansaythat havingadegreeincertain fieldsofstudysuchascomputerscienceorcomputerinformationsystems canhelpyouobtainsomeoftheintermediaryskillsnecessaryto understandingandappreciatingwhat it takestobeapenetrationtester. Ihavebeenconductingpenetrationtestingforoveradecadeandhave foundthat individualswhohaveasystem administratorordeveloper backgroundtendtodobetterinthepenetrationtestingfieldthanthosewho don’t.Knowinghowsystems,software,andnetworksaredesignedand configuredcanhelpyouidentifyimplementationorconfiguration weaknessesduringapentest.Anattackerislikelytotakethepathofleast resistancewhenattackinganetwork.Thiscouldbetheuseofdefault or weakpasswords,passwordreuse,lackofencryption,etc.Theseweaknesses cantypicallybemitigatedusingindustrybest practices,whichareall the thingssystem administratorsanddevelopersshouldbeapplyingtotheir systems.Therefore,ifyoualreadyknowhowtoimplement thesebest practicesandhowtheyapplytospecifictechnology,youshouldbeableto

findtheholesanddefineanexploitationpaththat anattackercanleverage togainaccesstoyourcustomer’snetwork.

CompTIAlaunchedthePenTest+certificationinJuly2018,withversion PT0-001.YoucanpurchaseaPenTest+exam voucherthroughCompTIAat https://store.comptia.org.Besuretousethe10percent offcouponcode includedwiththisbook!Theexam voucherexpires12monthsafterthe dateofpurchase.Then,onceyouarereadytosit andtaketheexam,you canscheduleadateandtimetodosoat aPearsonVUEfacilitynearyou (www.pearsonvue.com/comptia).Thereare85performance-basedand multiple-choicequestions.Youwill have165minutestocompletethe exam andapassingscoreof750(onascaleof100to900)isrequired.The CompTIAPenTest+certificationexam objectivesbreakdownthe percentageofexaminationbasedondomain(seethetableonthefollowing page).

Whentakingtheexam,youshouldbeabletosingleout thebest answer basedontheprocessofelimination.Thistest isbasedonhands-on knowledgeofpenetrationtesting.Youwill needtohaveanunderstanding ofprogramminglogic,networkservices,penetrationtestingtools(e.g., nmapandnetcat),andoperatingsystems.Don’t besurprisedifyousee thingsout oftheordinaryintheexam that makeyouquestion“Whouses that anymore”?Whentakingtheexam,sit down,relax,don’t overthinkthe questions,andrelyonyournormal thought processtohelpyoupassthe exam. HowtoUseThisBook

Thisbookwill covereverythingyouneedtoknowtopasstheCompTIA PenTest+PT0-001examinationandthensome.ThefivePenTest+domains arebrokenupinto12chaptersthat cover,from start tofinish,howto prepareforapenetrationtest,howtoexecutethepenetrationtest,howto writeapenetrationtest report,andwhat strategiesyoucanusetohelp effectivelycommunicatewiththecustomer.Tohelpyoucompletethe exercisesinthebook,Irecommenddownloadingthelatest versionofKali Linux(2018.2ornewer).Youcandownloadthelatest versionforyour specificarchitecturefrom https://www.kali.org/downloads/ .Tocheck whichversionofKali youhaveinstalled,youcanreadthecontentsofthe /etc/os-release file.

Eachchapterhasseveral componentsdesignedtoeffectively communicatetheinformationyou’ll needfortheexam:

•At thebeginningofeachchapter,bullet pointsandachapter introductionsummaryareprovidedtohelpyouprepareforthe informationyouwill learninthechapter.

•Tipsareusedthroughout thebooktoprovidereaderswithbest practicesforusingcertaintools,ortopassalongthingsIhave learnedduringmycareerthat Ifelt might benefit youasthereader, eitherduringyourstudiesorasapenetrationtester.

•Exam tipswill helppoint out specificthingsyoushouldconcentrate onduringyourstudies,asyoumayseethem coveredontheexam.

•Notesareashort referencetoexpandonatopic,provideessential informationregardingasectioninthechapter,orofferfurther readingguidanceforareasthat maygoaboveandbeyondwhat you needtoknowforthetest.

•Cautionareashelpreadersunderstandthat theuseofatool, technique,etc.,couldbedangerousorrequireadditional forethought beforeitsuse.Apenetrationtesterhasafunjob,but alevel ofdue diligencealsoisrequired.Thepenetrationtesteremulatesthe maliciousintent ofanattackertohelpthecustomerfindholesin theirnetworks,but apenetrationtesterdoesn’t dothingsdeliberately (ordestructively)without theknowledgeandconsent ofthe customer.

•Somechaptersprovidesidebarsthat elaborateonatopic,technique, oratechnologyregardingasectioninthechapter.

NOTEThisshouldnot betheonlybookyouuseforyourstudies.Although mybookcoversall oftheexam objectives,otherauthorsmayprovide additional insight ontopicsthat Imaynot havecoveredindetail.Reading booksfrom otherpentesterscanhelpprovideadifferenceinperspective, evenwhenfollowingsimilarmethodology.Suchaddedperspectivecanhelp giveyoutheadvantageyouneedtobesuccessful whentakingtheexam, andwhenfulfillingtheroleofapenetrationtester.

End-of-ChapterQuestions

At theendofeachchapteryou’ll findreviewquestionsthat coverthe material youlearnedinthat particularchapter.Will thesequestionscover everythingyouneedtoknowforthetest?Yesandno.Why“no”?Ifeel that therewasagreat deal ofknowledgemissingfrom thePenTest+exam that shouldbecoveredinthisdayandageforapenetrationtester,thussomeof that discoveryhasmadeitswayintothisbook.Foreachquestionthereis ananswerandexplanationastowhyit istheright answer.Youshouldfind theanswerstotheend-of-chapterquestionsalittlemoredefinitivethanthe answersontheCompTIAPenTest+exam.Someofthoseanswerscould swingeitherway,oryoumayfindthat noneoftheanswersprovidedisthe best choiceforthequestion.AsImentionedpreviously,atest-taking strategyyoucanusefortheCompTIAPenTest+exam (andthepractice questionsIprovide)isprocessofelimination.Thequestionsaremultiple choice(withtheexceptionofsomeoftheperformance-basedquestionsyou maybeasked),soyoushouldbeabletonarrowdownyourselectionto maximizeyourpotential forgettingthecorrect answer.

TheObjectiveMap

Theobjectivemapthat followsthisintroductionhasbeenconstructedto helpyoucross-referencetheofficial exam objectivesfrom CompTIAwith therelevant coverageinthebook.Referenceshavebeenprovidedforthe exam objectivesexactlyasCompTIAhaspresentedthem,withthesection that coverseachobjectiveandachapterreference.

TheOnlineContent

Thisbookincludesaccesstoonlinecontent that youcanusetofollow alongwithcertainchapterexercises,penetrationtestertool mappingand references,andtheTotalTesterOnlinepracticeexam softwarethat will allowyoutogeneratecompletepracticeexamsorcustomizedquizzesby chapterorbyexam domain.Unliketheend-of-chapterreviewquestions, theTotalTesterpracticeexam questionsareverysimilartothetypesof questionsyouwill seeonthereal exam.Formoreinformation,seethe appendix.

CAUTIONFollowalongwiththeexercisesat yourownrisk.McGraw-Hill Educationdoesnot assumeresponsibilityforanymishaps.

ObjectiveMap:ExamPT0-001