CompTIA PenTest+ Certification All-in-One Exam Guide (Exam PT0-001)

Book Description

This comprehensive exam guide offers 100% coverage of every topic on the CompTIA PenTest+ exam

Get complete coverage of all the objectives included on the CompTIA PenTest+ certification exam PT0-001 from this comprehensive resource. Written by an expert penetration tester, the book provides learning objectives at the beginning of each chapter, hands-on exercises, exam tips, and practice questions with in-depth answer explanations. Designed to help you pass the exam with ease, this definitive volume also serves as an essential on-the-job reference.

Covers all exam topics, including:

•Pre-engagement activities

•Getting to know your targets

•Network scanning and enumeration

•Vulnerability scanning and analysis

•Mobile device and application testing

•Social engineering

•Network-based attacks

•Wireless and RF attacks

•Web and database attacks

•Attacking local operating systems

•Physical penetration testing

•Writing the pen test report

•And more

Online content includes:

•Interactive performance-based questions

•Test engine that provides full-length practice exams or customized quizzes by chapter or by exam domain


Table of Contents

  1. Cover
  2. Title Page
  3. Copyright Page
  4. Dedication
  5. Contents
  6. Acknowledgments
  7. Introduction
  8. Objective Map: Exam PT0-001
  9. Chapter 1 Pre-engagement Activities
    1. Target Audience
    2. Impact Analysis
    3. Scope and Methodology
      1. Types of Assessment
      2. Threat Modeling
      3. Target Selection
    4. Contractual Agreements
      1. Nondisclosure Agreement
      2. Master Service Agreement
      3. Statement of Work
    5. Chapter Review
      1. Questions
      2. Questions and Answers
  10. Chapter 2 Getting to Know Your Targets
    1. Footprinting and Reconnaissance
      1. Information Gathering
    2. Tools, Methods, and Frameworks
      1. Data Mining
      2. Specialized Search Engines
      3. DNS, Website, and Email Footprinting
      4. Metadata Analysis
    3. Chapter Review
      1. Questions
      2. Questions and Answers
  11. Chapter 3 Network Scanning and Enumeration
    1. 802.11 Wireless Standards
      1. Wireless Spectrum Bands
      2. Wireless Modes and Terminology
    2. Wireless Testing Equipment
      1. Popular Antennas
    3. 802.11 Network Discovery
      1. 802.11 Frames
      2. Wireless Scanning
    4. Host Discovery
      1. Ping Scan
    5. Port Scanning
      1. Port Scanning Methods
      2. Common Ports and Protocols
      3. TCP Scan
      4. Half-Open Scan
      5. UDP Scan
    6. Enumeration
    7. Chapter Review
      1. Questions
      2. Questions and Answers
  12. Chapter 4 Vulnerability Scanning and Analysis
    1. Researching Vulnerabilities
      1. CVE
      2. CWE
      3. CAPEC
      4. ATT&CK
    2. Remote Security Scanning
      1. Credentialed vs. Noncredentialed Scanning
      2. Compliance and Configuration Auditing
      3. Nontraditional Assets
    3. Web and Database Scanning
      1. Open Web Application Security Project (OWASP)
      2. Fingerprinting Web and Database Servers
      3. Enumerating Information
      4. Authentication and Authorization Testing
      5. Data Validation Testing
      6. Vulnerability Mapping
    4. Chapter Review
      1. Questions
      2. Questions and Answers
  13. Chapter 5 Mobile Device and Application Testing
    1. Mobile Device Architecture
      1. iPhone Operating System
      2. Android Operating System
    2. Mobile Pentesting Fundamentals
      1. Static Analysis
      2. Dynamic and Runtime Analysis
      3. Network Analysis
      4. Server-Side Testing
    3. iOS Application Security Testing
      1. Setting Up an iOS Testing Environment
      2. Jailbreaking an iOS Device
      3. Connecting to the iOS Device
      4. iOS Functional Testing and Application Mapping
    4. Android Application Security Testing
      1. Setting Up an Android Testing Environment
      2. Rooting an Android Device
      3. Connecting to the Android Device
      4. Android Functional Testing and Application Mapping
    5. Software Assurance Testing
      1. Understanding Programming Logic
    6. Chapter Review
      1. Questions
      2. Questions and Answers
  14. Chapter 6 Social Engineering
    1. Motivation Techniques
    2. Social Engineering Attacks
    3. Phishing
      1. Email-Based
      2. Phone-Based
    4. Countermeasures
    5. Chapter Review
      1. Questions
      2. Questions and Answers
  15. Chapter 7 Network-Based Attacks
    1. Name Resolution Exploits
      1. DNS Spoofing and Cache Poisoning
      2. Attacking LLMNR and NetBIOS
    2. Stress Testing Applications and Protocols
      1. Denial of Service Attacks
      2. Executing DDoS Attacks
    3. Network Packet Manipulation
      1. Analyzing and Inspecting Packets
      2. Forge and Decode Packets
    4. Layer-2 Attacks
      1. Attacking the Spanning Tree Protocol
      2. VLAN Hopping
      3. Bypassing Network Access Controls
    5. Attacking Common Protocols
      1. Exploiting SNMPv1
      2. Poorly Configured File Sharing
      3. Abusing SMTP
    6. Chapter Review
      1. Questions
      2. Questions and Answers
  16. Chapter 8 Wireless and RF Attacks
    1. Wireless Encryption Standards
      1. Setting Up a Wireless Testing Lab
      2. Cracking WEP
      3. Wi-Fi Protected Access (WPA)
      4. Cracking WPS
    2. Wireless Attacks and Exploitation
      1. Man-in-the-Middle Attacks
      2. Attacking Bluetooth
    3. Chapter Review
      1. Questions
      2. Questions and Answers
  17. Chapter 9 Web and Database Attacks
    1. Server-Side Attacks
      1. Injection Attacks
      2. Attacking Authentication and Session Management
      3. Inclusion Attacks
      4. Exploiting Security Misconfigurations
    2. Client-Side Attacks
      1. HTML Injection
      2. Cross-Site Scripting
      3. Cross-Site Request Forgery
      4. Clickjacking
    3. Chapter Review
      1. Questions
      2. Questions and Answers
  18. Chapter 10 Attacking Local Host Vulnerabilities
    1. OS Vulnerabilities
    2. Postexploitation
      1. Gain Situational Awareness
      2. Collecting Information
      3. Exfiltration
    3. Privilege Escalation
      1. Linux Privilege Escalation
      2. Windows Privilege Escalation
    4. Exploitable Services
      1. Buffer Overflows
      2. Unquoted Service Paths
    5. Lateral Movement
      1. Lateral Movement in Linux
      2. Lateral Movement in Windows
    6. Maintaining Persistence
    7. Covering Your Tracks
      1. Clearing Command History
      2. Timestomping
      3. File Deletion
    8. Chapter Review
      1. Questions
      2. Questions and Answers
  19. Chapter 11 Physical Penetration Testing
    1. Keeping the Honest People Honest
      1. Environmental Threats
      2. Physical and Environmental Protection
      3. Physical Locks and Security
      4. Mechanical Locks
      5. Basic Tools and Opening Techniques
      6. Alarms and Early Warning Systems
    2. Physical Device Security
      1. Cold Boot Attack
      2. BIOS Attacks
      3. USB Keylogger
    3. Chapter Review
      1. Questions
      2. Questions and Answers
  20. Chapter 12 Reporting and Communication
    1. Writing the Pentest Report
      1. Drafting the Report
      2. Postengagement Cleanup
      3. Report Handling
    2. Post-Report Delivery Activities
      1. Customer Debriefing
      2. Follow-Up Actions
    3. Communication Is Key
    4. Chapter Review
      1. Questions
      2. Questions and Answers
  21. Appendix About the Online Content
  22. Glossary
  23. Index

Product Information

  • Title: CompTIA PenTest+ Certification All-in-One Exam Guide (Exam PT0-001)
  • Author(s): Raymond Nutting
  • Release date: December 2018
  • Publisher(s): McGraw-Hill
  • ISBN: 9781260135954