CompTIA PenTest+ Certification All-in-One Exam Guide, Second Edition (Exam PT0-002), 2nd Edition

Cover
Title Page
Copyright Page
Dedication
Contents
Acknowledgments
Introduction
Chapter 1 Planning and Engagement
	Governance, Risk, and Compliance
		Regulatory and Compliance Considerations
	Testing Limitations
		Time-Based Limitations
		Asset Scope Limitations
		Tool Limitations
		Allowed and Disallowed Tests
	Contracts and Documentation
		Master Services Agreement
		Nondisclosure Agreement
		Statement of Work
		Rules of Engagement
		Permission to Test
	Scope and Requirements
		Standards
		Environmental Considerations for Scoping
		Target Selection
		Contract Review
		Communication Planning
	Professionalism and Integrity
		Communication
		Integrity
		Risks to the Tester
	Chapter Review
		Questions
		Answers
	References
Chapter 2 Information Gathering and Vulnerability Scanning
	Passive Reconnaissance
		DNS Recon
		OSINT
		Search Engines
	Active Reconnaissance
		Host Enumeration
		Service Identification and Fingerprinting
		Web Content Enumeration
		User Enumeration
		Defense Detection and Detection Avoidance
	Vulnerability Scanning and Analysis
		Credentialed vs. Noncredentialed Scanning
		Compliance and Configuration Auditing
		Vulnerability Research Sources
	Chapter Review
		Questions
		Answers
	References
Chapter 3 Network-Based Attacks
	Name Resolution Exploits
		DNS Spoofing and Cache Poisoning
		Attacking LLMNR and NetBIOS
	Password Attacks
		Brute-Force and Dictionary Attacks
		Password Spraying
		Hash Cracking
	Stress Testing Applications and Protocols
	Network Packet Manipulation
		Analyzing and Inspecting Packets
		Forge and Decode Packets
	Layer 2 Attacks
		Attacking the Spanning Tree Protocol
		VLAN Hopping
		Bypassing Network Access Controls
	Researching an Attack
		An Attack on FTP
		An Attack on Samba and NFS
	Chapter Review
		Questions
		Answers
Chapter 4 Wireless and RF Attacks
	802.11 Wireless
		Wireless Networking Overview
		Wireless Testing Equipment
		Attacking Wireless
	Attacking Bluetooth
		Bluetooth Specifications
		Device Discovery
		Bluetooth Attacks
	RFID and NFC
	Chapter Review
		Questions
		Answers
	References
Chapter 5 Web and Database Attacks
	OWASP Top Ten
	Injection Attacks
		Command Injection
		SQL Injection
		LDAP Injection
		Cross-Site Scripting
		Cross-Site Request Forgery
	Attacking Authentication and Session Management
		Brute-Force Login Pages
		Session Management Testing
	Data Exposure and Insecure Configuration
		Weak Access Controls
		Exposing Sensitive Data
		Directory and Path Traversals
		Sensitive Data Exposure
	Inclusion Attacks
	Race Conditions
	Chapter Review
		Questions
		Answers
Chapter 6 Attacking the Cloud
	Account and Privilege Attacks
		Credential Harvesting
		Privesc
		Account Takeover
		Password Spraying
	Misconfigured Cloud Assets
		Identity and Access Management
		Federation
		Object Storage
		Containerization Technologies
	Cloud-Centric Attacks
		Denial of Service
		Cloud Malware Injection
		Side-Channel Attacks
		Software Development Kits
	Chapter Review
		Questions
		Answers
Chapter 7 Specialized and Fragile Systems
	Mobile Devices
		Testing Concepts
		Mobile Hardware
		Mobile Operating Systems Overview
		Mobile Applications Overview
		Testing iOS
		Testing Android
	Virtual and Containerized Systems
	Other Nontraditional Systems
		SCADA and Industrial Control Systems
		Embedded Systems
	Chapter Review
		Questions
		Answers
Chapter 8 Social Engineering and Physical Attacks
	Physical Security and Social Engineering
		Pretexting and Impersonation
		Methods of Influence
	Social Engineering and Physical Attacks
		Phishing Attacks
		Other Web Attacks
		Social Engineering Tools
		Dumpster Diving
		USB Dropping
		Shoulder Surfing
		Tailgating
		Badges
		Basic Physpen Tools
	Countermeasures
	Chapter Review
		Questions
		Answers
	References
Chapter 9 Post-Exploitation
	Enumeration
		Discovery
		Credential Access
	Privilege Escalation
		Linux Privilege Escalation
		Windows Privilege Escalation
	Covert Channels and Data Exfiltration
		SSH Tunneling
		Shell Types
		Command and Control
		Data Exfiltration
	Lateral Movement
		Living Off the Land
		Passing the Hash
		RPC/DCOM
		Remote Desktop Protocol
		WinRM
	Maintaining Persistence
		Windows
		Linux
	Covering Your Tracks
		Clearing Command History
		Timestomping
		File Deletion
	Chapter Review
		Questions
		Answers
Chapter 10 Post-Engagement Activities
	The Anatomy of a Pentest Report
		Reporting Audience
		Report Contents
		Storage and Secure Distribution
		Attestations
	Findings, Recommendations, and Analysis
		Recommendations
		Common Themes and Root Causes
	Post-Engagement Activities
		Cleanup
		Client Acceptance
		Lessons Learned
		Retesting and Follow-up
	Chapter Review
		Questions
		Answers
	References
Chapter 11 Tools and Code Analysis
	Logic Constructs
		Conditionals
		Loops
		Boolean Operators
		Arithmetic and String Operators
	Data Structures
		Key Values and Keys
		Arrays, Dictionaries, and Lists
		Trees
		CSV, XML, and JSON
	Other Programming Concepts
		Procedures
		Functions
		Classes
		Libraries
	Practical Examples
		Bash
		Python
		Perl
		Ruby
		JavaScript
		PowerShell
	Specialized Examples
		Bash Shells
		Bash Automation
		PowerShell Shells
		PowerShell: Enumerating AD Users and Computers
		Python Port Scanner
		Python Encoding
		Using Python to Upgrade to a Fully Interactive Shell
		Using Perl to Modify IP Addresses in a File
		Perl Reverse Shell
		JavaScript Downloader
	Chapter Review
		Questions
		Answers
Chapter 12 Tools Inventory
Appendix A Objective Map
	Objective Map: Exam PT0-002
Appendix B About the Online Content
	System Requirements
	Your Total Seminars Training Hub Account
		Privacy Notice
	Single User License Terms and Conditions
	TotalTester Online
	Other Book Resources
		Performance-Based Questions
		Downloadable Content
Technical Support
Glossary
Index