CONTENTS   

   Acknowledgments

   Introduction

   Objectives Map: GPEN Exam

Chapter 1      Planning and Preparation

   Penetration Testing Methodologies

Penetration Testing Execution Standard

NIST Technical Guide to Information Security Testing and Assessment

Penetration Testing Framework

Open Source Security Testing Methodology Manual

OWASP Web Security Testing Guide

MITRE ATT&CK

CAPEC

   Pre-engagement Activities

Testing Phases

Rules of Engagement

Scope

Other Pre-engagement Documentation

Third-Party Providers

   Chapter Review

Questions

Answers

Chapter 2      Reconnaissance

   Open Source Intelligence

Organizational Culture

Social Media Behavior

Information Technology

   Discovery Methods

Regional Internet Registries

Querying DNS Records

Search Engines

OSINT Collection Tools

Metadata Analysis

   Chapter Review

Questions

Answers

Chapter 3      Initial Access

   Exploitation Categories

Server-Side Exploitation

Client-Side Exploitation

Privilege Escalation

   Network Basics and Not-So-Basics

TCP Three-Way Handshake

TCP and IP Headers

   Scanning and Host Discovery

Monitoring Network Scans

Lab 3-1: Using Wireshark

Nmap Introduction

Ping Sweeping

Network Mapping

Port Scanning

Vulnerability Scanning

Lab 3-2: Scanning with Nmap

Lab 3-3: Vulnerability Scanning with Nessus

   Packet Crafting with Scapy

Lab 3-4: Scapy Introductory

Lab 3-5: Evil Scapy Scripting

   Web Application Penetration Testing

Web Application Vulnerabilities

Lab 3-6: BeEF Basics

Lab 3-7: OWASP ZAP

SQL Injection Attacks

Lab 3-8: SQLi

Lab 3-9: Blind SQLi and Sqlmap

Command Injection

Lab 3-10: Command Injection

Client-Side Attacks

Lab 3-11: Stored XSS

   Time-Saving Tips

   Chapter Review

Questions

Answers

Chapter 4      Execution

   Command-Line Interface

Linux CLI

Windows CLI

   Scripting

Declaring Methods and Variables

Looping and Flow Control

Error and Exception Handling

   Metasploit Framework (MSF)

MSF Components

Lab 4-1: Navigating the MSFconsole

Service-Based Exploitation

Lab 4-2: Exploiting SMB with Metasploit

Lab 4-3: Exploiting ProFTPD with Metasploit

Metasploit Meterpreter

Lab 4-4: Upgrading to a Meterpreter Shell

   Chapter Review

Questions

Answers

Chapter 5      Persistence, Privilege Escalation, and Evasion

   Persistence

Windows Persistence

Lab 5-1: Scheduled Tasks

Lab 5-2: Configuring a Callback via Windows Services

Lab 5-3: Persistence with PowerShell Empire

Linux Persistence

Privilege Escalation

Lab 5-4: Linux Privilege Escalation

Lab 5-5: Windows Information Gathering and Privilege Escalation

   Evasion

In Memory vs. On Disk

Disk Location

Code Obfuscation

Lab 5-6: Windows Defender Evasion

   Chapter Review

Questions

Answers

Chapter 6      Credential Access

   Windows Password Types

NTLM Challenge-Response Protocol

NTLMv1 and LM

NTLMv2

Kerberos

   Unix/Linux Password Types

Message-Digest Algorithms

Secure Hash Algorithms

   Types of Password Attacks

   Password Cracking

John the Ripper

Hashcat

   Harvesting Credentials

Exfiltration from the Local Host

Lab 6-1: Extract SAM from the Windows Registry

Lab 6-2: Hashdump

Lab 6-3: Dump Credentials from Memory

Exfil from the Local Network

Lab 6-4: Responder

   Chapter Review

Questions

Answers

Chapter 7      Discovery and Lateral Movement

   Discovery

Windows Situational Awareness

Lab 7-1: Recon with PowerView

Lab 7-2: Recon with Empire

Lab 7-3: Information Gathering with SharpHound

Linux Situational Awareness

   Lateral Movement

Linux Pivoting

Lab 7-4: Port Forwarding

Windows Pivoting

Lab 7-5: Pass-the-Hash

Lab 7-6: Built-in Tools

Lab 7-7: Lateral Movement, Owning the Domain

   Chapter Review

Questions

Answers

Chapter 8      Data Collection and Exfiltration

   Data Collection

Data from Local System

Data from Information Repositories

   Data Exfiltration with Frameworks

Lab 8-1: Exfilling Data with Metasploit

Input and Screen Capture

Clipboard Data

Lab 8-2: Exfilling Data with Empire

Exfilling Sensitive Files

Timestomping

   Data Exfiltration with Operating System Tools

Scheduled Transfer

Lab 8-3: Exfilling Data Using Linux Cron Jobs

Lab 8-4: Exfilling Data Using Windows Scheduled Tasks

   Chapter Review

Questions

Answers

Chapter 9      Writing and Communicating the Pentest Report

   The Pentest Report

Report Writing Best Practices

Preparing to Write the Report

Writing the Report

   Report Handling

   Chapter Review

Questions

Answers

Appendix A   Penetration Testing Tools and References

   Credential Testing Tools

   Debuggers

   Evasion and Code Obfuscation

   Networking Tools

   Penetration Testing Frameworks

   Reconnaissance (OSINT)

   Remote Access Tools

   Social Engineering Tools

   Virtual Machine Software

   Vulnerability and Exploitation Research

   Vulnerability Scanners

   Web and Database Tools

   Wireless Testing Tools

Appendix B   Setting Up a Basic GPEN Lab

   What You Need

   Home Base (Host Machine) and Domain Controller

   Windows Clients

   CentOS VM with Web Apps

   Kali Linux Attack VM

   Backing Up with VM Snapshots

   Metasploitable VMs

   Complete Lab Setup

Appendix C   Capstone Project

   Capstone Tasks

Exercise One: Reconnaissance

Exercise Two: Initial Access

Exercise Three: Exploit Chaining

Exercise Four: Exploit Chaining Redux

   Capstone Hints

Exercise One: Reconnaissance

Exercise Two: Initial Access

Exercise Three: Exploit Chaining

Exercise Four: Exploit Chaining Redux

   Capstone Walkthrough

Exercise One: Reconnaissance

Exercise Two: Initial Access

Exercise Three: Exploit Chaining

Exercise Four: Exploit Chaining Redux

Appendix D   About the Online Content

   System Requirements

   Your Total Seminars Training Hub Account

Privacy Notice

   Single User License Terms and Conditions

   TotalTester Online

   Other Book Resources

   Technical Support

   Glossary

   Index

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.139.238.76