Atjaunināt sīkdatņu piekrišanu

CompTIA PenTestplus Certification Kit: Exam PT0-001 [Mīkstie vāki]

5.00/5 (2 ratings by Goodreads)
, , , (University of Notre Dame)
  • Formāts: Paperback / softback, 960 pages, height x width x depth: 234x186x62 mm, weight: 1606 g
  • Izdošanas datums: 17-Sep-2019
  • Izdevniecība: Sybex Inc.,U.S.
  • ISBN-10: 1119633567
  • ISBN-13: 9781119633563
Citas grāmatas par šo tēmu:
  • Mīkstie vāki
  • Cena: 94,16 €*
  • * Šī grāmata vairs netiek publicēta. Jums tiks paziņota lietotas grāmatas cena
  • Šī grāmata vairs netiek publicēta. Jums tiks paziņota lietotas grāmatas cena.
  • Daudzums:
  • Ielikt grozā
  • Pievienot vēlmju sarakstam
CompTIA PenTestplus Certification Kit: Exam PT0-001Palielināt
  • Formāts: Paperback / softback, 960 pages, height x width x depth: 234x186x62 mm, weight: 1606 g
  • Izdošanas datums: 17-Sep-2019
  • Izdevniecība: Sybex Inc.,U.S.
  • ISBN-10: 1119633567
  • ISBN-13: 9781119633563
Citas grāmatas par šo tēmu:
Permanent link: https://www.kriso.lv/db/9781119633563.html

Your career as a Penetration Tester begins here with the NEW CompTIA PenTest+ Certification Kit! Includes CompTIA PenTest+ Study Guide AND CompTIA PenTest+ Practice Tests!

About the CompTIA PenTest+ Study Guide

Penetration testers simulate cyber attacks to find security weaknesses in networks, operating systems, and applications. Information security experts worldwide use penetration techniques to evaluate enterprise defenses. Typical penetration testing consists of low-level hackers attacking a system with a list of known vulnerabilities, and defenders preventing those hacks using an equally well-known list of defensive scans. In CompTIA PenTest+ Study Guide: Exam PT0-001, you're introduced to the core skills and techniques that every pen tester needs:

  • Perform assessments of traditional server and desktop operating systems as well as new types of network devices, including mobile, cloud, IoT, industrial, and embedded
  • Identify security weaknesses
  • Manage system vulnerabilities
  • Determine if existing cybersecurity practices deviate from accepted practices, configurations and policies
About the CompTIA PenTest+ Practice Tests

This book provides five unique practice tests, covering the five CompTIA PenTest+ objective domains, PLUS two additional  practice exams, for a total of 1000 practice test questions. Coverage of all exam objective domains includes:

  • Planning and Scoping
  • Information Gathering and Vulnerability Identification
  • Attacks and Exploits
  • Penetration Testing Tools
  • Reporting and Communication
This book helps you gain the confidence you need for taking the CompTIA PenTest+ Exam PT0-001. The practice test questions prepare you for test success.

Readers will also have access to additional online study tools, including hundreds of bonus practice exam questions, electronic flashcards, and a searchable Glossary of important terms. Prepare smarter with Sybex's superior interactive online learning environment and test bank.
CompTIA® PenTest+: Study Guide
Introduction
xxv
Assessment Test
lvi
Chapter 1 Penetration Testing
1(30)
What Is Penetration Testing?
2(3)
Cybersecurity Goals
2(2)
Adopting the Hacker Mind-Set
4(1)
Reasons for Penetration Testing
5(3)
Benefits of Penetration Testing
5(1)
Regulatory Requirements for Penetration Testing
6(2)
Who Performs Penetration Tests?
8(2)
Internal Penetration Testing Teams
8(1)
External Penetration Testing Teams
9(1)
Selecting Penetration Testing Teams
9(1)
The CompTIA Penetration Testing Process
10(3)
Planning and Scoping
11(1)
Information Gathering and Vulnerability Identification
11(1)
Attacking and Exploiting
12(1)
Reporting and Communicating Results
13(1)
The Cyber Kill Chain
13(4)
Reconnaissance
15(1)
Weaponization
15(1)
Delivery
16(1)
Exploitation
16(1)
Installation
16(1)
Command and Control
16(1)
Actions on Objectives
17(1)
Tools of the Trade
17(6)
Reconnaissance
19(1)
Vulnerability Scanners
20(1)
Social Engineering
21(1)
Credential-Testing Tools
21(1)
Debuggers
21(1)
Software Assurance
22(1)
Network Testing
22(1)
Remote Access
23(1)
Exploitation
23(1)
Summary
23(1)
Exam Essentials
24(1)
Lab Exercises
25(1)
Activity 1.1: Adopting the Hacker Mind-Set
25(1)
Activity 1.2: Using the Cyber Kill Chain
25(1)
Review Questions
26(5)
Chapter 2 Planning and Scoping Penetration Tests
31(26)
Scoping and Planning Engagements
35(10)
Assessment Types
36(1)
White Box, Black Box, or Gray Box?
36(2)
The Rules of Engagement
38(2)
Scoping Considerations: A Deeper Dive
40(2)
Support Resources for Penetration Tests
42(3)
Key Legal Concepts for Penetration Tests
45(3)
Contracts
45(1)
Data Ownership and Retention
46(1)
Authorization
46(1)
Environmental Differences
46(2)
Understanding Compliance-Based Assessments
48(2)
Summary
50(1)
Exam Essentials
51(1)
Lab Exercises
52(1)
Review Questions
53(4)
Chapter 3 Information Gathering
57(42)
Footprinting and Enumeration
60(14)
OSINT
61(3)
Location and Organizational Data
64(3)
Infrastructure and Networks
67(5)
Security Search Engines
72(2)
Active Reconnaissance and Enumeration
74(15)
Hosts
75(1)
Services
75(6)
Networks, Topologies, and Network Traffic
81(2)
Packet Crafting and Inspection
83(1)
Enumeration
84(4)
Information Gathering and Code
88(1)
Information Gathering and Defenses
89(1)
Defenses Against Active Reconnaissance
90(1)
Preventing Passive Information Gathering
90(1)
Summary
90(1)
Exam Essentials
91(1)
Lab Exercises
92(2)
Activity 3.1: Manual OSINT Gathering
92(1)
Activity 3.2: Exploring Shodan
93(1)
Activity 3.3: Running a Nessus Scan
93(1)
Review Questions
94(5)
Chapter 4 Vulnerability Scanning
99(38)
Identifying Vulnerability Management Requirements
102(7)
Regulatory Environment
102(4)
Corporate Policy
106(1)
Support for Penetration Testing
106(1)
Identifying Scan Targets
106(1)
Determining Scan Frequency
107(2)
Configuring and Executing Vulnerability Scans
109(10)
Scoping Vulnerability Scans
110(1)
Configuring Vulnerability Scans
111(6)
Scanner Maintenance
117(2)
Software Security Testing
119(6)
Analyzing and Testing Code
120(1)
Web Application Vulnerability Scanning
121(4)
Developing a Remediation Workflow
125(2)
Prioritizing Remediation
126(1)
Testing and Implementing Fixes
127(1)
Overcoming Barriers to Vulnerability Scanning
127(2)
Summary
129(1)
Exam Essentials
129(1)
Lab Exercises
130(2)
Activity 4.1: Installing a Vulnerability Scanner
130(1)
Activity 4.2: Running a Vulnerability Scan
130(1)
Activity 4.3: Developing a Penetration Test
Vulnerability Scanning Plan
131(1)
Review Questions
132(5)
Chapter 5 Analyzing Vulnerability Scans
137(44)
Reviewing and Interpreting Scan Reports
138(9)
Understanding CVSS
142(5)
Validating Scan Results
147(3)
False Positives
147(1)
Documented Exceptions
147(1)
Understanding Informational Results
148(1)
Reconciling Scan Results with Other Data Sources
149(1)
Trend Analysis
149(1)
Common Vulnerabilities
150(22)
Server and Endpoint Vulnerabilities
151(10)
Network Vulnerabilities
161(6)
Virtualization Vulnerabilities
167(2)
Internet of Things (IoT)
169(1)
Web Application Vulnerabilities
170(2)
Summary
172(1)
Exam Essentials
173(1)
Lab Exercises
174(2)
Activity 5.1: Interpreting a Vulnerability Scan
174(1)
Activity 5.2: Analyzing a CVSS Vector
174(1)
Activity 5.3: Developing a Penetration Testing Plan
175(1)
Review Questions
176(5)
Chapter 6 Exploit and Pivot
181(42)
Exploits and Attacks
184(7)
Choosing Targets
184(1)
Identifying the Right Exploit
185(3)
Exploit Resources
188(1)
Developing Exploits
189(2)
Exploitation Toolkits
191(8)
Metasploit
192(6)
PowerSploit
198(1)
Exploit Specifics
199(5)
RPC/DCOM
199(1)
PsExec
199(1)
PS Remoting/WinRM
199(1)
WMI
200(1)
Scheduled Tasks and cron Jobs
200(1)
SMB
201(1)
RDP
202(1)
Apple Remote Desktop
203(1)
VNC
203(1)
X-Server Forwarding
203(1)
Telnet
203(1)
SSH
204(1)
Leveraging Exploits
204(5)
Common Post-Exploit Attacks
204(3)
Privilege Escalation
207(1)
Social Engineering
208(1)
Persistence and Evasion
209(2)
Scheduled Jobs and Scheduled Tasks
209(1)
Inetd Modification
210(1)
Daemons and Services
210(1)
Back Doors and Trojans
210(1)
New Users
211(1)
Pivoting
211(1)
Covering Your Tracks
212(1)
Summary
213(1)
Exam Essentials
214(1)
Lab Exercises
215(2)
Activity 6.1: Exploit
215(1)
Activity 6.2: Discovery
215(1)
Activity 6.3: Pivot
216(1)
Review Questions
217(6)
Chapter 7 Exploiting Network Vulnerabilities
223(36)
Conducting Network Exploits
226(10)
VLAN Hopping
226(2)
Network Proxies
228(1)
DNS Cache Poisoning
228(1)
Man-in-the-Middle
229(4)
NAC Bypass
233(1)
DoS Attacks and Stress Testing
234(2)
Exploiting Windows Services
236(4)
NetBIOS Name Resolution Exploits
236(4)
SMB Exploits
240(1)
Exploiting Common Services
240(5)
SNMP Exploits
241(1)
SMTP Exploits
242(1)
FTP Exploits
243(1)
Samba Exploits
244(1)
Wireless Exploits
245(5)
Evil Twins and Wireless MITM
245(2)
Other Wireless Protocols and Systems
247(1)
RFID Cloning
248(1)
Jamming
249(1)
Repeating
249(1)
Summary
250(1)
Exam Essentials
251(1)
Lab Exercises
251(3)
Activity 7.1: Capturing Hashes
251(1)
Activity 7.2: Brute-Forcing Services
252(1)
Activity 7.3: Wireless Testing
253(1)
Review Questions
254(5)
Chapter 8 Exploiting Physical and Social Vulnerabilities
259(24)
Physical Facility Penetration Testing
262(4)
Entering Facilities
262(4)
Information Gathering
266(1)
Social Engineering
266(7)
In-Person Social Engineering
267(2)
Phishing Attacks
269(1)
Website-Based Attacks
270(1)
Using Social Engineering Tools
270(3)
Summary
273(1)
Exam Essentials
274(1)
Lab Exercises
275(3)
Activity 8.1: Designing a Physical Penetration Test
275(1)
Activity 8.2: Brute-Forcing Services
276(1)
Activity 8.3: Using BeEF
276(2)
Review Questions
278(5)
Chapter 9 Exploiting Application Vulnerabilities
283(38)
Exploiting Injection Vulnerabilities
287(6)
Input Validation
287(1)
Web Application Firewalls
288(1)
SQL Injection Attacks
289(3)
Code Injection Attacks
292(1)
Command Injection Attacks
293(1)
Exploiting Authentication Vulnerabilities
293(6)
Password Authentication
294(1)
Session Attacks
295(3)
Kerberos Exploits
298(1)
Exploiting Authorization Vulnerabilities
299(3)
Insecure Direct Object References
299(1)
Directory Traversal
300(1)
File Inclusion
301(1)
Exploiting Web Application Vulnerabilities
302(4)
Cross-Site Scripting (XSS)
302(3)
Cross-Site Request Forgery (CSRF/XSRF)
305(1)
Clickjacking
305(1)
Unsecure Coding Practices
306(2)
Source Code Comments
306(1)
Error Handling
306(1)
Hard-Coded Credentials
307(1)
Race Conditions
308(1)
Unprotected APIs
308(1)
Unsigned Code
308(1)
Application Testing Tools
308(5)
Static Application Security Testing (SAST)
309(1)
Dynamic Application Security Testing (DAST)
310(3)
Mobile Tools
313(1)
Summary
313(1)
Exam Essentials
313(1)
Lab Exercises
314(2)
Activity 9.1: Application Security Testing Techniques
314(1)
Activity 9.2: Using the ZAP Proxy
314(1)
Activity 9.3: Creating a Cross-Site Scripting Vulnerability
315(1)
Review Questions
316(5)
Chapter 10 Exploiting Host Vulnerabilities
321(42)
Attacking Hosts
325(15)
Linux
325(6)
Windows
331(7)
Cross-Platform Exploits
338(2)
Remote Access
340(2)
SSH
340(1)
NETCAT and Ncat
341(1)
Proxies and Proxychains
341(1)
Metasploit and Remote Access
342(1)
Attacking Virtual Machines and Containers
342(3)
Virtual Machine Attacks
343(1)
Container Attacks
344(1)
Physical Device Security
345(2)
Cold-Boot Attacks
345(1)
Serial Consoles
345(1)
JTAG Debug Pins and Ports
346(1)
Attacking Mobile Devices
347(1)
Credential Attacks
348(4)
Credential Acquisition
348(1)
Offline Password Cracking
349(1)
Credential Testing and Brute-Forcing Tools
350(1)
Wordlists and Dictionaries
351(1)
Summary
352(1)
Exam Essentials
353(1)
Lab Exercises
354(4)
Activity 10.1: Dumping and Cracking the Windows SAM and Other Credentials
354(1)
Activity 10.2: Cracking Passwords Using Hashcat
355(1)
Activity 10.3: Setting Up a Reverse Shell and a Bind Shell
356(2)
Review Questions
358(5)
Chapter 11 Scripting for Penetration Testing
363(42)
Scripting and Penetration Testing
364(4)
Bash
365(1)
PowerShell
366(1)
Ruby
367(1)
Python
368(1)
Variables, Arrays, and Substitutions
368(4)
Bash
370(1)
PowerShell
371(1)
Ruby
371(1)
Python
372(1)
Comparison Operations
372(1)
String Operations
373(5)
Bash
375(1)
PowerShell
376(1)
Ruby
377(1)
Python
378(1)
Flow Control
378(16)
Conditional Execution
379(5)
For Loops
384(5)
While Loops
389(5)
Input and Output (I/O)
394(1)
Redirecting Standard Input and Output
394(1)
Error Handling
395(2)
Bash
395(1)
PowerShell
396(1)
Ruby
396(1)
Python
396(1)
Summary
397(1)
Exam Essentials
397(1)
Lab Exercises
398(1)
Activity 11.1: Reverse DNS Lookups
398(1)
Activity 11.2: Nmap Scan
398(1)
Review Questions
399(6)
Chapter 12 Reporting and Communication
405(20)
The Importance of Communication
408(1)
Defining a Communication Path
408(1)
Communication Triggers
408(1)
Goal Reprioritization
409(1)
Recommending Mitigation Strategies
409(6)
Finding: Shared Local Administrator Credentials
411(1)
Finding: Weak Password Complexity
411(2)
Finding: Plain Text Passwords
413(1)
Finding: No Multifactor Authentication
413(1)
Finding: SQL Injection
414(1)
Finding: Unnecessary Open Services
415(1)
Writing a Penetration Testing Report
415(3)
Structuring the Written Report
415(2)
Secure Handling and Disposition of Reports
417(1)
Wrapping Up the Engagement
418(2)
Post-Engagement Cleanup
418(1)
Client Acceptance
419(1)
Lessons Learned
419(1)
Follow-Up Actions/Retesting
419(1)
Attestation of Findings
419(1)
Summary
420(1)
Exam Essentials
420(1)
Lab Exercises
421(1)
Activity 12.1: Remediation Strategies
421(1)
Activity 12.2: Report Writing
421(1)
Review Questions
422(3)
Appendix Answers to Review Questions
425(22)
Chapter 1: Penetration Testing
426(1)
Chapter 2: Planning and Scoping Penetration Tests
427(2)
Chapter 3: Information Gathering
429(2)
Chapter 4: Vulnerability Scanning
431(2)
Chapter 5: Analyzing Vulnerability Scans
433(1)
Chapter 6: Exploit and Pivot
434(2)
Chapter 7: Exploiting Network Vulnerabilities
436(2)
Chapter 8: Exploiting Physical and Social Vulnerabilities
438(2)
Chapter 9: Exploiting Application Vulnerabilities
440(2)
Chapter 10: Exploiting Host Vulnerabilities
442(2)
Chapter 11: Script for Penetration Testing
444(1)
Chapter 12: Reporting and Communication
445(2)
Index
447
CompTIA® PenTesst+™: Practice Tests
Introduction
xv
Chapter 1 Planning and Scoping Penetration Tests
1(40)
Chapter 2 Information Gathering and Vulnerability Identification
41(48)
Chapter 3 Attacks and Exploits
89(48)
Chapter 4 Penetration Testing Tools
137(44)
Chapter 5 Reporting and Communication
181(32)
Chapter 6 Practice Exam 1
213(18)
Chapter 7 Practice Exam 2
231(20)
Appendix Answers and Explanations
251(110)
Chapter 1: Planning and Scoping Penetration Tests
252(19)
Chapter 2: Information Gathering and Vulnerability Identification
271(18)
Chapter 3: Attacks and Exploits
289(20)
Chapter 4: Penetration Testing Tools
309(14)
Chapter 5: Reporting and Communication
323(13)
Chapter 6: Practice Exam 1
336(12)
Chapter 7: Practice Exam 2
348(13)
Index
361
Mike Chapple, Ph.D., Security+, is Senior Director for IT Service Delivery at Notre Dame overseeing information security, data governance, IT architecture, project management, strategic planning and product management functions and teaches undergraduate courses on Information Security. Mike spent 4 years in the information security research group at NSA and served as an  intelligence officer in the U.S. Air Force. He is a technical editor for Information Security Magazine and has written several books.

David Seidl, Security+, GPEN, GCIH is the Senior Director for Campus Technology Services at the University of Notre Dame. As the Senior Director for CTS, David is responsible for central platform and operating system support, database administration and services, identity and access management, application services, and email and digital signage. During his 18 year IT career, he has served in a variety of technical and information security roles including leading Notre Dame's information security team as Notre Dame's Director of Information Security. He currently teaches a popular course on networking and security for Notre Dame's Mendoza College of Business.

Crystal Panek (Farmington, NH) holdsMCP, MCP+I, MCSA, MCSE, MCTS, MCDBA certifications. For many years she trained as a contract instructor teaching at such places as the MicroC, Stellacon Corporation and the University of New Hampshire. She then became the vice-president for a large IT training company and for 15 years she developed training materials and courseware to help 1000's of students get through their certification exams. She currently works on a contract basis creating courseware for several large IT training facilities.

Robb Tracy (Santaquin, UT) is an experienced instructional designer and trainer in the e-learning industry. He has written several IT certification titles, including CompTIA Linux+/LPIC-1 Certification All-in-One Exam Guide, Second Edition (Exams LX0-103 & LX0-104/101-400 & 102-400). He is the President at ACTbrainy, an ACT test prep e-learning company.