CompTIA Pentest+ Certification For Dummies (For Dummies (Computer/Tech))

Title Page
Copyright Page
Table of Contents
Introduction
	About This Book
	Conventions Used in This Book
	Foolish Assumptions
	How This Book Is Organized
		Pre-assessment
		Part 1: Planning and Information Gathering
		Part 2: Attacks and Exploits
		Part 3: Post-Exploitation and Reporting
		Appendixes
		Practice exam
	Icons Used in This Book
	Beyond the Book
	Where to Go from Here
Pre-Assessment
Part 1 Planning and Information Gathering
	Chapter 1 Introduction to Penetration Testing
		Penetration Testing Overview
			Reasons for a pentest
			Who should perform a pentest
			How often a pentest should be performed
		Defining Penetration Testing Terminology
			Types of assessments
			Pentest strategy
			Threat actors and threat models
		Looking at CompTIA’s Penetration Testing Phases
			Planning and scoping
			Information gathering and vulnerability identification
			Attacks and exploits
			Reporting and communication
		Identifying Testing Standards and Methodologies
			MITRE ATT&CK
			Open Web Application Security Project (OWASP)
			National Institute of Standards and Technology (NIST)
			OSSTMM, PTES, and ISSAF
		Reviewing Key Concepts
		Prep Test
		Answers
	Chapter 2 Planning and Scoping
		Understanding Key Legal Concepts
			Written authorization
			Contracts and agreements
			Disclaimers
		Scoping the Project
			Target list/in-scope assets
			General questions
			Web application testing questions
			Wireless network testing questions
			Physical security testing questions
			Social engineering testing questions
			Testing questions for IT staff
		Identifying the Rules of Engagement (RoE)
			Environmental considerations
			Target audience and reason for the pentest
			Communication escalation path
			Resources and requirements
			Budget
			Impact analysis and remediation timelines
		Defining Targets for the Pentest
			Internal and external targets
			First-party versus third-party hosted
			Other targets
			Target considerations
		Verifying Acceptance to Risk
		Scheduling the Pentest and Managing Scope Creep
			Scheduling
			Scope creep
		Conducting Compliance-based Assessments
			Considerations with compliance-based assessments
			Restrictions with compliance-based assessments
			Validate scope of engagement
			Maintaining professionalism and integrity
			Risks to the professional
		Reviewing Key Concepts
		Prep Test
		Answers
	Chapter 3 Information Gathering
		Looking at Information-Gathering Tools and Techniques
			Passive information gathering/passive reconnaissance
			Active information gathering/active reconnaissance
		Understanding Scanning and Enumeration
			Passive scanning
			Active scanning
			Enumeration
			Analyze the results of a reconnaissance exercise
		Detection Methods and Tokens
			Defense detection
			Security tokens
		Lab Exercises
			Exercise 3-1: Conduct a Whois Search
			Exercise 3-2: Use theHarvester to collect email addresses
			Exercise 3-3: Use Shodan to discover systems on the Internet
			Exercise 3-4: Use recon-ng for OSINT information gathering
			Exercise 3-5: Use dig for DNS profiling
			Exercise 3-6: Use Nmap to port scan
		Reviewing Key Concepts
		Prep Test
		Answers
	Chapter 4 Vulnerability Identification
		Understanding Vulnerabilities
			Types of vulnerability scans
			Vulnerability scan considerations
		Performing a Vulnerability Scan
			Installing Nessus
			Running Nessus
			Using other vulnerability scanners
		Analyzing Vulnerability Results
			Mapping vulnerabilities to exploits
			Understanding the CVSS base score
			Prioritizing activities
			Considerations for analyzing scan results
		Attacks and Weaknesses in Specialized Systems
			Mobile devices
			Cloud technologies
			Internet of things (IoT) devices
			Data storage system vulnerabilities
			Underlying software vulnerabilities
			Management interface vulnerabilities
			Vulnerabilities related to SCADA, IIoT, and ICS
			Vulnerabilities related to virtual environments and containers
		Lab Exercises
			Exercise 4-1: Download and install Nessus
			Exercise 4-2: Perform a vulnerability scan
			Exercise 4-3: Perform a web application vulnerability scan with Nessus
		Reviewing Key Concepts
		Prep Test
		Answers
Part 2 Attacks and Exploits
	Chapter 5 Exploiting Systems
		Exploiting Systems with Metasploit
			Starting Metasploit
			Searching for an exploit
			Using an exploit
			Running the exploit
			Setting the payload
			Using msfvenom
			Using exploit resources
		Understanding Social Engineering
			Email phishing
			USB key drop
			Other forms of social engineering
			Methods of influence
			Using SET to perform an attack
			Using BeEF to perform an attack
			Call spoofing tools
			Pretexting
		Looking at Attacks on Physical Security
			Types of physical security controls
			Exploiting physical security
		Common Attack Techniques
			Password cracking
			Using exploits
			Deception
		Exploiting Network-Based Vulnerabilities
			Common tools used for network-based attacks
			Common network-based exploits
			Man-in-the-middle (MiTM) attacks
			Other common attacks
		Exploiting Local-Host Vulnerabilities
			Operating system vulnerabilities
			Unsecure service and protocol configurations
			Privilege escalation
			Default account settings
			Sandbox escape
			Physical device security
		Lab Exercises
			Exercise 5-1: Exploit an SMB service with Metasploit
			Exercise 5-2: Use the meterpreter exploit payload
			Exercise 5-3: Conduct a MiTM attack with SETH
			Exercise 5-4: Use SET for credential harvesting
			Exercise 5-5: Use BeEF to exploit a web browser
		Reviewing Key Concepts
		Prep Test
		Answers
	Chapter 6 Exploiting Wireless Vulnerabilities
		Understanding Wireless Terminology
			Wireless concepts
			Wireless equipment and configuration
			Types of wireless networks
		Introducing Wireless Standards
			802.11a
			802.11b
			802.11g
			802.11n
			802.11ac
		Looking at Wireless Configuration and Troubleshooting
			Reviewing the Basic Service Set
			Designing a multi-access point WLAN
			Troubleshooting wireless networks
		Implementing Wireless Security Practices
			General security practices
			Encryption protocols
		Exploiting Wireless Vulnerabilities
			Understanding attack methods and tools
			Looking at 802.11 wireless vulnerabilities
			Looking at RF-based vulnerabilities
			Cracking WEP encryption
			WPS pin attack
			Cracking WPA/WPA2 encryption keys
			Using Wifite to hack wireless networks
			Exploiting Bluetooth devices
		Lab Exercises
			Exercise 6-1: Crack WEP encryption
			Exercise 6-2: Crack the WPS pin
			Exercise 6-3: Crack the WPA/WPA2 encryption key
			Exercise 6-4: Test Bluetooth devices
		Reviewing Key Concepts
		Prep Test
		Answers
	Chapter 7 Exploiting Application-Based Vulnerabilities
		Looking at Common Application-Based Attacks
			Injection attacks
			Authentication attacks
			Authorization attacks
			XSS and CSRF/XSRF attacks
		Understanding Application Security Vulnerabilities
			Clickjacking
			Security misconfiguration
			File inclusion
			Privilege escalation
			Session replay and session fixation
		Common Coding Mistakes
			Business logic flaws
			Unauthorized use of functions/ unprotected APIs
			Hidden elements/sensitive information in the DOM
			Insecure data transmission
			Lack of code signing
		Secure Coding Best Practices
			Validation
			Sanitization
			Escaping
			Parameterized queries
		Common Tools and Resources
			Common tools
			Common resources
		Lab Exercises
			Exercise 7-1: Perform a CSRF attack
			Exercise 7-2: Perform a SQL injection
			Exercise 7-3: Perform a command injection attack
			Exercise 7-4: Perform a reflected XSS attack
			Exercise 7-5: Perform a persistent XSS attack
			Exercise 7-6: Reset the DVWA
		Reviewing Key Concepts
		Prep Test
		Answers
Part 3 Post-Exploitation and Reporting
	Chapter 8 Understanding Post-Exploitation Actions
		Common Post-Exploitation Tasks
			Understanding the context
			Collecting information
			Obtaining a shell
			Retrieving password hashes
			Disabling the antivirus software
			Migrating to a different process
			Privilege escalation and restrictive shells
			Taking screenshots
			Taking remote control
			Capturing keystrokes
			Enabling the webcam
			Network segmentation testing
		Performing Lateral Movement
			PS remoting/WinRM
			Using PsExec
			Using PsExec with pass the hash
			Using RDP
			Using RPC/DCOM
			Using remote services
			Other techniques for lateral movement
		Maintaining Access (Persistence)
			New user creation
			Planting backdoors and trojans
			Other techniques for maintaining access
			Detection avoidance
		Covering Your Tracks
		Lab Exercises
			Exercise 8-1: Exploit a system and collect information
			Exercise 8-2: Record keystrokes
			Exercise 8-3: Obtain password hashes
			Exercise 8-4: Move laterally
			Exercise 8-5: Create a backdoor account
			Exercise 8-6: Cover your tracks
		Reviewing Key Concepts
		Prep Test
		Answers
	Chapter 9 Common Penetration Testing Tools
		Understanding Use Cases for Common Pentest Tools
			Reconnaissance
			Enumeration
			Vulnerability scanning
			Credential attacks
			Persistence
			Configuration compliance
			Evasion
			Decompilation and debugging
			Forensics
			Software assurance
		Looking at Common Pentest Tools
			Scanners
			Credential testing tools
			Debuggers
			Software-assurance tools
			Open-source intelligence (OSINT) tools
			Wireless tools
			Web application tools/web proxies
			Social engineering tools
			Remote access tools
			Networking tools
			Mobile tools
			Steganography tools
				Steghide
				Other steganography tools
			Cloud tools
			Miscellaneous tools
		Analyzing Tool Output
			Password cracking
			Pass the hash
			Setting up a bind shell
			Getting a reverse shell
			Proxying a connection
			Uploading a web shell
			Injections
		Lab Exercises
			Exercise 9-1: Crack passwords with John the Ripper
			Exercise 9-2: Locate web servers
			Exercise 9-3: Scan web applications for vulnerabilities
			Exercise 9-4: Use Hydra for password cracking over RDP
			Exercise 9-5: Use Hydra to crack website credentials
			Exercise 9-6: Use CeWL to create a wordlist
			Exercise 9-7: Use Netcat/Ncat to create a bind shell
			Exercise 9-8: Using Responder and John the Ripper to capture and crack password hashes
		Reviewing Key Concepts
		Prep Test
		Answers
	Chapter 10 Analyzing Script Functionality
		Reviewing Scripting Concepts
			Variables and arrays
			Looping and flow control
			Understanding operators
			Data structures
			Parts of software and scripts
			Common operations
			Error handling
		Using Bash Scripting
			Variables and arrays
			Looping and flow control
			Executing the script
			Error handling
			Input and output
		Understanding Python Scripting
			Variables and arrays
			Looping and flow control
			Executing the script
			Error handling
			Input and output
		Working with Ruby Scripting
			Variables and arrays
			Looping and flow control
			Executing the script
			Error handling
			Input and output
		Coding in PowerShell Scripting
			Variables and arrays
			Looping and flow control
			Executing the script
			Error handling
			Input and output
		Code Examples and Automation
			Analyze exploit code
			Opportunities for automation
		Lab Exercises
			Exercise 10-1: Review Bash script
			Exercise 10-2: Review Python script
			Exercise 10-3: Review PowerShell script
		Reviewing Key Concepts
		Prep Test
		Answers
	Chapter 11 Reporting and Communication
		Communicating During a PenTest
			Understanding communication paths
			Communication triggers
			Reasons for communication
			Goal reprioritization and presentation of findings
		Findings and Remediations
			Shared local administrator credentials
			Weak password complexity
			Plain text passwords
			No multifactor authentication
			SQL injection
			Unnecessary open services
		Focusing Your Remediation Strategies
		Recommending the Appropriate Remediation Strategy
			Common technical controls
			Common administrative controls
			Common operational controls
			Common physical controls
		Writing and Handling the Pentest Report
			Common themes/root causes
			Notetaking and normalization of data
			Risk appetite
			Report audience
			Report structure
			Secure handling and distribution of reports
		Delivering the Report and Post-Report Activities
			Post-engagement cleanup
			Client acceptance
			Administrative tasks
		Lab Exercises
			Exercise 11-1: Create a pentest report
			Exercise 11-2: Encrypt the pentest report
		Reviewing Key Concepts
		Prep Test
		Answers
Part 4 Appendixes
	Appendix A PenTest+ Exam Details
		CompTIA PenTest+ Certification and Why You Need It
		Checking Out the Exam and Its Objectives
		Using This Book to Prepare for the Exam
		Steps to Prepare for the Exam
		Making Arrangements to Take the Exam
		The Day the Earth Stood Still: Exam Day
			Arriving at the exam location
			Testing online (from home or work)
			Taking the exam
			How does CompTIA set the pass level?
	CompTIA PenTest+ Exam Reference Matrix
		2021 PenTest+ Exam Objectives — PTO-002
	Appendix C Lab Setup
		Setting Up the Virtual Machines
		Obtaining the Software Needed
			VMware Workstation
			Windows Server 2012/2016/2019
			Windows 7
			Kali Linux
			Metasploitable2
Index
EULA