Contents

Acknowledgments

Introduction

1.0   Planning and Scoping

Objective 1.1  Explain the importance of planning for an engagement

Understanding the Target Audience

Rules of Engagement

Communication

Resources and Requirements

Confidentiality of Findings

Known vs. Unknown

Budget

Impact Analysis and Remediation Timelines

Disclaimers

Technical Constraints

Support Resources

REVIEW

1.1 QUESTIONS

1.1 ANSWERS

Objective 1.2  Explain key legal concepts

Contracts

Environmental Differences

Written Authorization

REVIEW

1.2 QUESTIONS

1.2 ANSWERS

Objective 1.3  Explain the importance of scoping an engagement properly

Types of Penetration Testing

Goals-Based/Objectives-Based Penetration Testing

Compliance-Based Penetration Testing

Red Team Testing

Special Scoping Considerations

Target Selection

Targets

Testing Considerations

Strategy

Risk Acceptance

Tolerance to Impact

Scheduling

Scope Creep

Threat Actors

Threat Models

REVIEW

1.3 QUESTIONS

1.3 ANSWERS

Objective 1.4  Explain the key aspects of compliance-based assessments

Compliance-Based Assessments, Limitations, and Caveats

Rules to Complete Assessment

Password Policies and Key Management

Data Isolation

Limitations

Clearly Defined Objectives Based on Regulations

REVIEW

1.4 QUESTIONS

1.4 ANSWERS

2.0   Information Gathering and Vulnerability Identification

Objective 2.1  Given a scenario, conduct information gathering using appropriate techniques

Scanning

Enumeration

Hosts

Networks

Domains

Users and Groups

Network Shares

Web Pages

Services and Applications

Token Enumeration

Social Network Enumeration

Fingerprinting

Packet Crafting

Packet Inspection

Cryptography

Certificate Inspection

Eavesdropping

RF Communication Monitoring

Sniffing

Decompilation

Debugging

Open-Source Intelligence Gathering

REVIEW

2.1 QUESTIONS

2.1 ANSWERS

Objective 2.2  Given a scenario, perform a vulnerability scan

Credentialed vs. Noncredentialed

Credentialed Scans

Noncredentialed scans

Types of Scans

Container Security

Application Scanning

DAST

SAST

Considerations of Vulnerability Scanning

Time to Run Scans

Protocols Used

Network Topology and Bandwidth Limitations

Fragile Systems/Nontraditional Assets

REVIEW

2.2 QUESTIONS

2.2 ANSWERS

Objective 2.3  Given a scenario, analyze vulnerability scan results

Asset Categorization

Adjudication

Prioritization of Vulnerabilities

Common Themes

REVIEW

2.3 QUESTIONS

2.3 ANSWERS

Objective 2.4  Explain the process of leveraging information to prepare for exploitation

Map Vulnerabilities to Potential Exploits

Prioritize Activities in Preparation for a Penetration Test

Describe Common Techniques to Complete an Attack

Cross-Compiling Code

Exploit Modification

Exploit Chaining

Proof-of-Concept Development (Exploit Development)

Social Engineering

Deception

Credential Brute Forcing

Dictionary Attacks

Rainbow Tables

REVIEW

2.4 QUESTIONS

2.4 ANSWERS

Objective 2.5  Explain weaknesses related to specialized systems

ICS and SCADA

Mobile

IoT

Embedded Systems

Point-of-Sale Systems

Biometrics

RTOS

REVIEW

2.5 QUESTIONS

2.5 ANSWERS

3.0   Attacks and Exploits

Objective 3.1  Compare and contrast social engineering attacks

Phishing

Spear Phishing

SMS Phishing

Voice Phishing

Whaling

Elicitation

Goals of Elicitation

Example Tactics for Elicitation

Interrogation

Impersonation

Shoulder Surfing

Physical Drops

Motivation Techniques

REVIEW

3.1 QUESTIONS

3.1 ANSWERS

Objective 3.2  Given a scenario, exploit network-based vulnerabilities

Name Resolution Exploits

DNS Attacks

NetBIOS and LLMNR Name Services

SMB Exploits

SNMP Exploits

SMTP Exploits

FTP Exploits

Pass-the-Hash

Man-in-the-Middle Attack

ARP Spoofing

Replay Attacks

Relay Attacks

SSL Stripping

Downgrade Attacks

DoS/Stress Test

NAC Bypass

VLAN Hopping

REVIEW

3.2 QUESTIONS

3.2 ANSWERS

Objective 3.3  Given a scenario, exploit wireless and RF-based vulnerabilities

Wireless Network Types

Open

WEP

WPA

Wireless Network Attacks

Evil Twin

Downgrade Attack

Deauthentication Attacks

Fragmentation Attacks

Credential Harvesting

WPS Implementation Weakness

Other Wireless Attacks

Bluetooth

RFID Cloning

Jamming

REVIEW

3.3 QUESTIONS

3.3 ANSWERS

Objective 3.4  Given a scenario, exploit application-based vulnerabilities.

Injections

SQL Injection

HTML Injection and Cross-Site Scripting

Code Injection and Command Injection

Security Misconfiguration

Directory Traversal

File Inclusion

Cookie Manipulation

Authentication

Credential Brute Forcing

Session Hijacking

Redirect

Default and Weak Credentials

Authorization

Parameter Pollution

Insecure Direct Object Reference

Unsecure Code Practices

Comments in Source Code

Lack of Error Handling

Hard-Coded Credentials

Race Conditions

Unauthorized Use of Functions/Unprotected APIs

Hidden Elements

Lack of Code Signing

Other Attacks

Cross-Site Request Forgery

Clickjacking

REVIEW

3.4 QUESTIONS

3.4 ANSWERS

Objective 3.5  Given a scenario, exploit local host vulnerabilities

Windows Host-Based Vulnerabilities

Windows Privileges

Windows OS Vulnerabilities

Windows Configuration Weaknesses

Windows Service Abuse

Linux Host-Based Vulnerabilities

Linux Privileges

Linux OS Vulnerabilities

Linux Default Configurations

Linux Service Exploits

Android

Apple Device Host-Based Vulnerabilities

macOS

iOS

Sandbox Escape and Controls Evasion

Shell Upgrade

Virtual Machines

Containers

Application Sandboxes

AV and Antimalware Evasion

Other Exploitations

Exploitation of Memory Vulnerabilities

Keyloggers

Physical Device Security

REVIEW

3.5 QUESTIONS

3.5 ANSWERS

Objective 3.6  Summarize physical security attacks related to facilities

Piggybacking/Tailgating

Fence Jumping

Dumpster Diving

Locks

Lock Picking

Lock Bypass

Bypassing Other Surveillance

REVIEW

3.6 QUESTIONS

3.6 ANSWERS

Objective 3.7  Given a scenario, perform post-exploitation techniques

Lateral Movement

RPC/DCOM

PsExec

WMI

Scheduled Tasks

PS Remoting/WinRM

SMB

RDP

Apple Remote Desktop

VNC

X-Server Forwarding

Telnet

SSH

Persistence

Daemons

Backdoors

Trojans

New User Creation

Covering Your Tracks

REVIEW

3.7 QUESTIONS

3.7 ANSWERS

4.0   Penetration Testing Tools

Objective 4.1  Given a scenario, use Nmap to conduct information gathering exercises

Nmap Scanning Options

SYN Scan

Full Connect Scan

Service Identification

Script Scanning

OS Fingerprinting

Scanning with -A

Disable Ping

Input File

Timing

Output Parameters

Verbosity: -v

Normal Output: -oN

Grepable Output: -oG

XML Output: -oX

All Output: -oA

REVIEW

4.1 QUESTIONS

4.1 ANSWERS

Objective 4.2  Compare and contrast various use cases of tools

Objective 4.3  Given a scenario, analyze tool output or data related to a penetration test

Testing Tools

AFL

APK Studio

APKX

Aircrack-ng

Aireplay-ng

Airodump-ng

BeEF

Burp Suite

Cain and Abel

Censys

CeWL

DirBuster

Drozer

PowerShell Empire

FOCA

Findbugs/Findsecbugs/SpotBugs

GDB

Hashcat

Hostapd

Hping

Hydra

IDA

Immunity Debugger

Impacket

John the Ripper

Kismet

Maltego

Medusa

Metasploit Framework

Mimikatz

Ncat

Ncrack

Nessus

Netcat

Nikto

Nslookup

OWASP ZAP

OllyDbg

OpenVAS

Packetforge-ng

Patator

Peach

PTH-smbclient

PowerSploit

Proxychains

Recon-NG

Responder

SET

SQLMap

SSH

Scapy

Searchsploit

Shodan

SonarQube

The Harvester

W3AF

Whois

Wifite

WinDBG

Wireshark

Setting Up a Bind Shell

Bash

Python

PowerShell

Reverse Shells

Bash

Python

PowerShell

Uploading a Web Shell

Tomcat Compromise with Metasploit

REVIEW

4.2 AND 4.3 QUESTIONS

4.2 AND 4.3 ANSWERS

Objective 4.4  Given a scenario, analyze a basic script

Scripts

Variables

String Operations

Comparison Operators

Flow Control

Input and Output (I/O)

Terminal I/O

File I/O

Network I/O

Arrays

Error Handling

Encoding/Decoding

REVIEW

4.4 QUESTIONS

4.4 ANSWERS

5.0   Reporting and Communication

Objective 5.1  Given a scenario, use report writing and handling best practices

Normalization of Data

Written Report of Findings and Remediation

Executive Summary

Methodology

Metrics and Measures

Findings and Remediation

Conclusion

Risk Appetite

Secure Handling and Disposition of Reports

REVIEW

5.1 QUESTIONS

5.1 ANSWERS

Objective 5.2  Explain post-report delivery activities

Post-Engagement Cleanup

Client Acceptance and Attestation of Findings

Follow-up Actions/Retest

Lessons Learned

REVIEW

5.2 QUESTIONS

5.2 ANSWERS

Objective 5.3  Given a scenario, recommend mitigation strategies for discovered vulnerabilities

Solutions

Findings and Remediation

Shared Local Administrator Credentials

Weak Password Complexity

Plaintext Passwords

No Multifactor Authentication

SQL Injection

Unnecessary Open Services

REVIEW

5.3 QUESTIONS

5.3 ANSWERS

Objective 5.4  Explain the importance of communication during the penetration testing process

Communication Path

Communication Triggers

Critical Findings

Stages

Indicators of Prior Compromise

Reasons for Communication

Situational Awareness

De-escalation

Deconfliction

Goal Reprioritization

REVIEW

5.4 QUESTIONS

5.4 ANSWERS

A   About the Online Content

System Requirements

Your Total Seminars Training Hub Account

Privacy Notice

Single User License Terms and Conditions

TotalTester Online

Performance-Based Questions

Technical Support

Glossary

Index

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.128.190.102