Book Description
This effective study guide provides 100% coverage of every topic on the GPEN GIAC Penetration Tester exam
This effective self-study guide fully prepares you for the Global Information Assurance Certification’s challenging Penetration Tester exam, which validates advanced IT security skills. The book features exam-focused coverage of penetration testing methodologies, legal issues, and best practices. GPEN GIAC Certified Penetration Tester All-in-One Exam Guide contains useful tips and tricks, real-world examples, and case studies drawn from authors’ extensive experience. Beyond exam preparation, the book also serves as a valuable on-the-job reference.
Covers every topic on the exam, including:
- Pre-engagement and planning activities
- Reconnaissance and open source intelligence gathering
- Scanning, enumerating targets, and identifying vulnerabilities
- Exploiting targets and privilege escalation
- Password attacks
- Post-exploitation activities, including data exfiltration and pivoting
- PowerShell for penetration testing
- Web application injection attacks
- Tools of the trade: Metasploit, proxies, and more
Online content includes:
- 230 accurate practice exam questions
- Test engine containing full-length practice exams and customizable quizzes
Table of Contents
- Cover
- Title Page
- Copyright Page
- Dedication
- Contents
- Acknowledgments
- Introduction
- Objectives Map: GPEN Exam
- Chapter 1 Planning and Preparation
- Penetration Testing Methodologies
- Penetration Testing Execution Standard
- NIST Technical Guide to Information Security Testing and Assessment
- Penetration Testing Framework
- Open Source Security Testing Methodology Manual
- OWASP Web Security Testing Guide
- MITRE ATT&CK
- CAPEC
- Pre-engagement Activities
- Testing Phases
- Rules of Engagement
- Scope
- Other Pre-engagement Documentation
- Third-Party Providers
- Chapter Review
- Questions
- Answers
- Chapter 2 Reconnaissance
- Open Source Intelligence
- Organizational Culture
- Social Media Behavior
- Information Technology
- Discovery Methods
- Regional Internet Registries
- Querying DNS Records
- Search Engines
- OSINT Collection Tools
- Metadata Analysis
- Chapter Review
- Questions
- Answers
- Chapter 3 Initial Access
- Exploitation Categories
- Server-Side Exploitation
- Client-Side Exploitation
- Privilege Escalation
- Network Basics and Not-So-Basics
- TCP Three-Way Handshake
- TCP and IP Headers
- Scanning and Host Discovery
- Monitoring Network Scans
- Lab 3-1: Using Wireshark
- Nmap Introduction
- Ping Sweeping
- Network Mapping
- Port Scanning
- Vulnerability Scanning
- Lab 3-2: Scanning with Nmap
- Lab 3-3: Vulnerability Scanning with Nessus
- Packet Crafting with Scapy
- Lab 3-4: Scapy Introductory
- Lab 3-5: Evil Scapy Scripting
- Web Application Penetration Testing
- Web Application Vulnerabilities
- Lab 3-6: BeEF Basics
- Lab 3-7: OWASP ZAP
- SQL Injection Attacks
- Lab 3-8: SQLi
- Lab 3-9: Blind SQLi and Sqlmap
- Command Injection
- Lab 3-10: Command Injection
- Client-Side Attacks
- Lab 3-11: Stored XSS
- Time-Saving Tips
- Chapter Review
- Questions
- Answers
- Chapter 4 Execution
- Command-Line Interface
- Linux CLI
- Windows CLI
- Scripting
- Declaring Methods and Variables
- Looping and Flow Control
- Error and Exception Handling
- Metasploit Framework (MSF)
- MSF Components
- Lab 4-1: Navigating the MSFconsole
- Service-Based Exploitation
- Lab 4-2: Exploiting SMB with Metasploit
- Lab 4-3: Exploiting ProFTPD with Metasploit
- Metasploit Meterpreter
- Lab 4-4: Upgrading to a Meterpreter Shell
- Chapter Review
- Questions
- Answers
- Chapter 5 Persistence, Privilege Escalation, and Evasion
- Persistence
- Windows Persistence
- Lab 5-1: Scheduled Tasks
- Lab 5-2: Configuring a Callback via Windows Services
- Lab 5-3: Persistence with PowerShell Empire
- Linux Persistence
- Privilege Escalation
- Lab 5-4: Linux Privilege Escalation
- Lab 5-5: Windows Information Gathering and Privilege Escalation
- Evasion
- In Memory vs. On Disk
- Disk Location
- Code Obfuscation
- Lab 5-6: Windows Defender Evasion
- Chapter Review
- Questions
- Answers
- Chapter 6 Credential Access
- Windows Password Types
- NTLM Challenge-Response Protocol
- NTLMv1 and LM
- NTLMv2
- Kerberos
- Unix/Linux Password Types
- Message-Digest Algorithms
- Secure Hash Algorithms
- Types of Password Attacks
- Password Cracking
- John the Ripper
- Hashcat
- Harvesting Credentials
- Exfiltration from the Local Host
- Lab 6-1: Extract SAM from the Windows Registry
- Lab 6-2: Hashdump
- Lab 6-3: Dump Credentials from Memory
- Exfil from the Local Network
- Lab 6-4: Responder
- Chapter Review
- Questions
- Answers
- Chapter 7 Discovery and Lateral Movement
- Discovery
- Windows Situational Awareness
- Lab 7-1: Recon with PowerView
- Lab 7-2: Recon with Empire
- Lab 7-3: Information Gathering with SharpHound
- Linux Situational Awareness
- Lateral Movement
- Linux Pivoting
- Lab 7-4: Port Forwarding
- Windows Pivoting
- Lab 7-5: Pass-the-Hash
- Lab 7-6: Built-in Tools
- Lab 7-7: Lateral Movement, Owning the Domain
- Chapter Review
- Questions
- Answers
- Chapter 8 Data Collection and Exfiltration
- Data Collection
- Data from Local System
- Data from Information Repositories
- Data Exfiltration with Frameworks
- Lab 8-1: Exfilling Data with Metasploit
- Input and Screen Capture
- Clipboard Data
- Lab 8-2: Exfilling Data with Empire
- Exfilling Sensitive Files
- Timestomping
- Data Exfiltration with Operating System Tools
- Scheduled Transfer
- Lab 8-3: Exfilling Data Using Linux Cron Jobs
- Lab 8-4: Exfilling Data Using Windows Scheduled Tasks
- Chapter Review
- Questions
- Answers
- Chapter 9 Writing and Communicating the Pentest Report
- The Pentest Report
- Report Writing Best Practices
- Preparing to Write the Report
- Writing the Report
- Report Handling
- Chapter Review
- Questions
- Answers
- Appendix A Penetration Testing Tools and References
- Credential Testing Tools
- Debuggers
- Evasion and Code Obfuscation
- Networking Tools
- Penetration Testing Frameworks
- Reconnaissance (OSINT)
- Remote Access Tools
- Social Engineering Tools
- Virtual Machine Software
- Vulnerability and Exploitation Research
- Vulnerability Scanners
- Web and Database Tools
- Wireless Testing Tools
- Appendix B Setting Up a Basic GPEN Lab
- What You Need
- Home Base (Host Machine) and Domain Controller
- Windows Clients
- CentOS VM with Web Apps
- Kali Linux Attack VM
- Backing Up with VM Snapshots
- Metasploitable VMs
- Complete Lab Setup
- Appendix C Capstone Project
- Capstone Tasks
- Exercise One: Reconnaissance
- Exercise Two: Initial Access
- Exercise Three: Exploit Chaining
- Exercise Four: Exploit Chaining Redux
- Capstone Hints
- Exercise One: Reconnaissance
- Exercise Two: Initial Access
- Exercise Three: Exploit Chaining
- Exercise Four: Exploit Chaining Redux
- Capstone Walkthrough
- Exercise One: Reconnaissance
- Exercise Two: Initial Access
- Exercise Three: Exploit Chaining
- Exercise Four: Exploit Chaining Redux
- Appendix D About the Online Content
- System Requirements
- Your Total Seminars Training Hub Account
- Privacy Notice
- Single User License Terms and Conditions
- TotalTester Online
- Other Book Resources
- Technical Support
- Glossary
- Index