Home Page Icon
Home Page
Table of Contents for
Cover
Close
Cover
by Heather Linn
CompTIA PenTest+ Certification Passport (Exam PT0-001)
Cover
Title Page
Copyright Page
Dedication
Contents at a Glance
Contents
Acknowledgments
Introduction
1.0 Planning and Scoping
Objective 1.1 Explain the importance of planning for an engagement
Understanding the Target Audience
Rules of Engagement
Communication
Resources and Requirements
Confidentiality of Findings
Known vs. Unknown
Budget
Impact Analysis and Remediation Timelines
Disclaimers
Technical Constraints
Support Resources
REVIEW
1.1 QUESTIONS
1.1 ANSWERS
Objective 1.2 Explain key legal concepts
Contracts
Environmental Differences
Written Authorization
REVIEW
1.2 QUESTIONS
1.2 ANSWERS
Objective 1.3 Explain the importance of scoping an engagement properly
Types of Penetration Testing
Goals-Based/Objectives-Based Penetration Testing
Compliance-Based Penetration Testing
Red Team Testing
Special Scoping Considerations
Target Selection
Targets
Testing Considerations
Strategy
Risk Acceptance
Tolerance to Impact
Scheduling
Scope Creep
Threat Actors
Threat Models
REVIEW
1.3 QUESTIONS
1.3 ANSWERS
Objective 1.4 Explain the key aspects of compliance-based assessments
Compliance-Based Assessments, Limitations, and Caveats
Rules to Complete Assessment
Password Policies and Key Management
Data Isolation
Limitations
Clearly Defined Objectives Based on Regulations
REVIEW
1.4 QUESTIONS
1.4 ANSWERS
2.0 Information Gathering and Vulnerability Identification
Objective 2.1 Given a scenario, conduct information gathering using appropriate techniques
Scanning
Enumeration
Hosts
Networks
Domains
Users and Groups
Network Shares
Web Pages
Services and Applications
Token Enumeration
Social Network Enumeration
Fingerprinting
Packet Crafting
Packet Inspection
Cryptography
Certificate Inspection
Eavesdropping
RF Communication Monitoring
Sniffing
Decompilation
Debugging
Open-Source Intelligence Gathering
REVIEW
2.1 QUESTIONS
2.1 ANSWERS
Objective 2.2 Given a scenario, perform a vulnerability scan
Credentialed vs. Noncredentialed
Credentialed Scans
Noncredentialed scans
Types of Scans
Container Security
Application Scanning
DAST
SAST
Considerations of Vulnerability Scanning
Time to Run Scans
Protocols Used
Network Topology and Bandwidth Limitations
Fragile Systems/Nontraditional Assets
REVIEW
2.2 QUESTIONS
2.2 ANSWERS
Objective 2.3 Given a scenario, analyze vulnerability scan results
Asset Categorization
Adjudication
Prioritization of Vulnerabilities
Common Themes
REVIEW
2.3 QUESTIONS
2.3 ANSWERS
Objective 2.4 Explain the process of leveraging information to prepare for exploitation
Map Vulnerabilities to Potential Exploits
Prioritize Activities in Preparation for a Penetration Test
Describe Common Techniques to Complete an Attack
Cross-Compiling Code
Exploit Modification
Exploit Chaining
Proof-of-Concept Development (Exploit Development)
Social Engineering
Deception
Credential Brute Forcing
Dictionary Attacks
Rainbow Tables
REVIEW
2.4 QUESTIONS
2.4 ANSWERS
Objective 2.5 Explain weaknesses related to specialized systems
ICS and SCADA
Mobile
IoT
Embedded Systems
Point-of-Sale Systems
Biometrics
RTOS
REVIEW
2.5 QUESTIONS
2.5 ANSWERS
3.0 Attacks and Exploits
Objective 3.1 Compare and contrast social engineering attacks
Phishing
Spear Phishing
SMS Phishing
Voice Phishing
Whaling
Elicitation
Goals of Elicitation
Example Tactics for Elicitation
Interrogation
Impersonation
Shoulder Surfing
Physical Drops
Motivation Techniques
REVIEW
3.1 QUESTIONS
3.1 ANSWERS
Objective 3.2 Given a scenario, exploit network-based vulnerabilities
Name Resolution Exploits
DNS Attacks
NetBIOS and LLMNR Name Services
SMB Exploits
SNMP Exploits
SMTP Exploits
FTP Exploits
Pass-the-Hash
Man-in-the-Middle Attack
ARP Spoofing
Replay Attacks
Relay Attacks
SSL Stripping
Downgrade Attacks
DoS/Stress Test
NAC Bypass
VLAN Hopping
REVIEW
3.2 QUESTIONS
3.2 ANSWERS
Objective 3.3 Given a scenario, exploit wireless and RF-based vulnerabilities
Wireless Network Types
Open
WEP
WPA
Wireless Network Attacks
Evil Twin
Downgrade Attack
Deauthentication Attacks
Fragmentation Attacks
Credential Harvesting
WPS Implementation Weakness
Other Wireless Attacks
Bluetooth
RFID Cloning
Jamming
REVIEW
3.3 QUESTIONS
3.3 ANSWERS
Objective 3.4 Given a scenario, exploit application-based vulnerabilities.
Injections
SQL Injection
HTML Injection and Cross-Site Scripting
Code Injection and Command Injection
Security Misconfiguration
Directory Traversal
File Inclusion
Cookie Manipulation
Authentication
Credential Brute Forcing
Session Hijacking
Redirect
Default and Weak Credentials
Authorization
Parameter Pollution
Insecure Direct Object Reference
Unsecure Code Practices
Comments in Source Code
Lack of Error Handling
Hard-Coded Credentials
Race Conditions
Unauthorized Use of Functions/Unprotected APIs
Hidden Elements
Lack of Code Signing
Other Attacks
Cross-Site Request Forgery
Clickjacking
REVIEW
3.4 QUESTIONS
3.4 ANSWERS
Objective 3.5 Given a scenario, exploit local host vulnerabilities
Windows Host-Based Vulnerabilities
Windows Privileges
Windows OS Vulnerabilities
Windows Configuration Weaknesses
Windows Service Abuse
Linux Host-Based Vulnerabilities
Linux Privileges
Linux OS Vulnerabilities
Linux Default Configurations
Linux Service Exploits
Android
Apple Device Host-Based Vulnerabilities
macOS
iOS
Sandbox Escape and Controls Evasion
Shell Upgrade
Virtual Machines
Containers
Application Sandboxes
AV and Antimalware Evasion
Other Exploitations
Exploitation of Memory Vulnerabilities
Keyloggers
Physical Device Security
REVIEW
3.5 QUESTIONS
3.5 ANSWERS
Objective 3.6 Summarize physical security attacks related to facilities
Piggybacking/Tailgating
Fence Jumping
Dumpster Diving
Locks
Lock Picking
Lock Bypass
Bypassing Other Surveillance
REVIEW
3.6 QUESTIONS
3.6 ANSWERS
Objective 3.7 Given a scenario, perform post-exploitation techniques
Lateral Movement
RPC/DCOM
PsExec
WMI
Scheduled Tasks
PS Remoting/WinRM
SMB
RDP
Apple Remote Desktop
VNC
X-Server Forwarding
Telnet
SSH
Persistence
Daemons
Backdoors
Trojans
New User Creation
Covering Your Tracks
REVIEW
3.7 QUESTIONS
3.7 ANSWERS
4.0 Penetration Testing Tools
Objective 4.1 Given a scenario, use Nmap to conduct information gathering exercises
Nmap Scanning Options
SYN Scan
Full Connect Scan
Service Identification
Script Scanning
OS Fingerprinting
Scanning with -A
Disable Ping
Input File
Timing
Output Parameters
Verbosity: -v
Normal Output: -oN
Grepable Output: -oG
XML Output: -oX
All Output: -oA
REVIEW
4.1 QUESTIONS
4.1 ANSWERS
Objective 4.2 Compare and contrast various use cases of tools
Objective 4.3 Given a scenario, analyze tool output or data related to a penetration test
Testing Tools
AFL
APK Studio
APKX
Aircrack-ng
Aireplay-ng
Airodump-ng
BeEF
Burp Suite
Cain and Abel
Censys
CeWL
DirBuster
Drozer
PowerShell Empire
FOCA
Findbugs/Findsecbugs/SpotBugs
GDB
Hashcat
Hostapd
Hping
Hydra
IDA
Immunity Debugger
Impacket
John the Ripper
Kismet
Maltego
Medusa
Metasploit Framework
Mimikatz
Ncat
Ncrack
Nessus
Netcat
Nikto
Nslookup
OWASP ZAP
OllyDbg
OpenVAS
Packetforge-ng
Patator
Peach
PTH-smbclient
PowerSploit
Proxychains
Recon-NG
Responder
SET
SQLMap
SSH
Scapy
Searchsploit
Shodan
SonarQube
The Harvester
W3AF
Whois
Wifite
WinDBG
Wireshark
Setting Up a Bind Shell
Bash
Python
PowerShell
Reverse Shells
Bash
Python
PowerShell
Uploading a Web Shell
Tomcat Compromise with Metasploit
REVIEW
4.2 AND 4.3 QUESTIONS
4.2 AND 4.3 ANSWERS
Objective 4.4 Given a scenario, analyze a basic script
Scripts
Variables
String Operations
Comparison Operators
Flow Control
Input and Output (I/O)
Terminal I/O
File I/O
Network I/O
Arrays
Error Handling
Encoding/Decoding
REVIEW
4.4 QUESTIONS
4.4 ANSWERS
5.0 Reporting and Communication
Objective 5.1 Given a scenario, use report writing and handling best practices
Normalization of Data
Written Report of Findings and Remediation
Executive Summary
Methodology
Metrics and Measures
Findings and Remediation
Conclusion
Risk Appetite
Secure Handling and Disposition of Reports
REVIEW
5.1 QUESTIONS
5.1 ANSWERS
Objective 5.2 Explain post-report delivery activities
Post-Engagement Cleanup
Client Acceptance and Attestation of Findings
Follow-up Actions/Retest
Lessons Learned
REVIEW
5.2 QUESTIONS
5.2 ANSWERS
Objective 5.3 Given a scenario, recommend mitigation strategies for discovered vulnerabilities
Solutions
Findings and Remediation
Shared Local Administrator Credentials
Weak Password Complexity
Plaintext Passwords
No Multifactor Authentication
SQL Injection
Unnecessary Open Services
REVIEW
5.3 QUESTIONS
5.3 ANSWERS
Objective 5.4 Explain the importance of communication during the penetration testing process
Communication Path
Communication Triggers
Critical Findings
Stages
Indicators of Prior Compromise
Reasons for Communication
Situational Awareness
De-escalation
Deconfliction
Goal Reprioritization
REVIEW
5.4 QUESTIONS
5.4 ANSWERS
A About the Online Content
System Requirements
Your Total Seminars Training Hub Account
Privacy Notice
Single User License Terms and Conditions
TotalTester Online
Performance-Based Questions
Technical Support
Glossary
Index
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Next
Next Chapter
Title Page
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset