GPEN GIAC Certified Penetration Tester All-in-One Exam Guide

Book description

This effective study guide provides 100% coverage of every topic on the GPEN GIAC Penetration Tester exam

This effective self-study guide fully prepares you for the Global Information Assurance Certification’s challenging Penetration Tester exam, which validates advanced IT security skills. The book features exam-focused coverage of penetration testing methodologies, legal issues, and best practices. GPEN GIAC Certified Penetration Tester All-in-One Exam Guide contains useful tips and tricks, real-world examples, and case studies drawn from authors’ extensive experience. Beyond exam preparation, the book also serves as a valuable on-the-job reference.

Covers every topic on the exam, including:

  • Pre-engagement and planning activities
  • Reconnaissance and open source intelligence gathering
  • Scanning, enumerating targets, and identifying vulnerabilities
  • Exploiting targets and privilege escalation
  • Password attacks
  • Post-exploitation activities, including data exfiltration and pivoting
  • PowerShell for penetration testing
  • Web application injection attacks
  • Tools of the trade: Metasploit, proxies, and more
Online content includes:

  • 230 accurate practice exam questions
  • Test engine containing full-length practice exams and customizable quizzes


Table of contents

  1. Cover
  2. Title Page
  3. Copyright Page
  4. Dedication
  5. Contents
  6. Acknowledgments
  7. Introduction
    1. Objectives Map: GPEN Exam
  8. Chapter 1 Planning and Preparation
    1. Penetration Testing Methodologies
      1. Penetration Testing Execution Standard
      2. NIST Technical Guide to Information Security Testing and Assessment
      3. Penetration Testing Framework
      4. Open Source Security Testing Methodology Manual
      5. OWASP Web Security Testing Guide
      6. MITRE ATT&CK
      7. CAPEC
    2. Pre-engagement Activities
      1. Testing Phases
      2. Rules of Engagement
      3. Scope
      4. Other Pre-engagement Documentation
      5. Third-Party Providers
    3. Chapter Review
      1. Questions
      2. Answers
  9. Chapter 2 Reconnaissance
    1. Open Source Intelligence
      1. Organizational Culture
      2. Social Media Behavior
      3. Information Technology
    2. Discovery Methods
      1. Regional Internet Registries
      2. Querying DNS Records
      3. Search Engines
      4. OSINT Collection Tools
      5. Metadata Analysis
    3. Chapter Review
      1. Questions
      2. Answers
  10. Chapter 3 Initial Access
    1. Exploitation Categories
      1. Server-Side Exploitation
      2. Client-Side Exploitation
      3. Privilege Escalation
    2. Network Basics and Not-So-Basics
      1. TCP Three-Way Handshake
      2. TCP and IP Headers
    3. Scanning and Host Discovery
      1. Monitoring Network Scans
      2. Lab 3-1: Using Wireshark
      3. Nmap Introduction
      4. Ping Sweeping
      5. Network Mapping
      6. Port Scanning
      7. Vulnerability Scanning
      8. Lab 3-2: Scanning with Nmap
      9. Lab 3-3: Vulnerability Scanning with Nessus
    4. Packet Crafting with Scapy
      1. Lab 3-4: Scapy Introductory
      2. Lab 3-5: Evil Scapy Scripting
    5. Web Application Penetration Testing
      1. Web Application Vulnerabilities
      2. Lab 3-6: BeEF Basics
      3. Lab 3-7: OWASP ZAP
      4. SQL Injection Attacks
      5. Lab 3-8: SQLi
      6. Lab 3-9: Blind SQLi and Sqlmap
      7. Command Injection
      8. Lab 3-10: Command Injection
      9. Client-Side Attacks
      10. Lab 3-11: Stored XSS
    6. Time-Saving Tips
    7. Chapter Review
      1. Questions
      2. Answers
  11. Chapter 4 Execution
    1. Command-Line Interface
      1. Linux CLI
      2. Windows CLI
    2. Scripting
      1. Declaring Methods and Variables
      2. Looping and Flow Control
      3. Error and Exception Handling
    3. Metasploit Framework (MSF)
      1. MSF Components
      2. Lab 4-1: Navigating the MSFconsole
      3. Service-Based Exploitation
      4. Lab 4-2: Exploiting SMB with Metasploit
      5. Lab 4-3: Exploiting ProFTPD with Metasploit
      6. Metasploit Meterpreter
      7. Lab 4-4: Upgrading to a Meterpreter Shell
    4. Chapter Review
      1. Questions
      2. Answers
  12. Chapter 5 Persistence, Privilege Escalation, and Evasion
    1. Persistence
      1. Windows Persistence
      2. Lab 5-1: Scheduled Tasks
      3. Lab 5-2: Configuring a Callback via Windows Services
      4. Lab 5-3: Persistence with PowerShell Empire
      5. Linux Persistence
      6. Privilege Escalation
      7. Lab 5-4: Linux Privilege Escalation
      8. Lab 5-5: Windows Information Gathering and Privilege Escalation
    2. Evasion
      1. In Memory vs. On Disk
      2. Disk Location
      3. Code Obfuscation
      4. Lab 5-6: Windows Defender Evasion
    3. Chapter Review
      1. Questions
      2. Answers
  13. Chapter 6 Credential Access
    1. Windows Password Types
      1. NTLM Challenge-Response Protocol
      2. NTLMv1 and LM
      3. NTLMv2
      4. Kerberos
    2. Unix/Linux Password Types
      1. Message-Digest Algorithms
      2. Secure Hash Algorithms
    3. Types of Password Attacks
    4. Password Cracking
      1. John the Ripper
      2. Hashcat
    5. Harvesting Credentials
      1. Exfiltration from the Local Host
      2. Lab 6-1: Extract SAM from the Windows Registry
      3. Lab 6-2: Hashdump
      4. Lab 6-3: Dump Credentials from Memory
      5. Exfil from the Local Network
      6. Lab 6-4: Responder
    6. Chapter Review
      1. Questions
      2. Answers
  14. Chapter 7 Discovery and Lateral Movement
    1. Discovery
      1. Windows Situational Awareness
      2. Lab 7-1: Recon with PowerView
      3. Lab 7-2: Recon with Empire
      4. Lab 7-3: Information Gathering with SharpHound
      5. Linux Situational Awareness
    2. Lateral Movement
      1. Linux Pivoting
      2. Lab 7-4: Port Forwarding
      3. Windows Pivoting
      4. Lab 7-5: Pass-the-Hash
      5. Lab 7-6: Built-in Tools
      6. Lab 7-7: Lateral Movement, Owning the Domain
    3. Chapter Review
      1. Questions
      2. Answers
  15. Chapter 8 Data Collection and Exfiltration
    1. Data Collection
      1. Data from Local System
      2. Data from Information Repositories
    2. Data Exfiltration with Frameworks
      1. Lab 8-1: Exfilling Data with Metasploit
      2. Input and Screen Capture
      3. Clipboard Data
      4. Lab 8-2: Exfilling Data with Empire
      5. Exfilling Sensitive Files
      6. Timestomping
    3. Data Exfiltration with Operating System Tools
      1. Scheduled Transfer
      2. Lab 8-3: Exfilling Data Using Linux Cron Jobs
      3. Lab 8-4: Exfilling Data Using Windows Scheduled Tasks
    4. Chapter Review
      1. Questions
      2. Answers
  16. Chapter 9 Writing and Communicating the Pentest Report
    1. The Pentest Report
      1. Report Writing Best Practices
      2. Preparing to Write the Report
      3. Writing the Report
    2. Report Handling
    3. Chapter Review
      1. Questions
      2. Answers
  17. Appendix A Penetration Testing Tools and References
    1. Credential Testing Tools
    2. Debuggers
    3. Evasion and Code Obfuscation
    4. Networking Tools
    5. Penetration Testing Frameworks
    6. Reconnaissance (OSINT)
    7. Remote Access Tools
    8. Social Engineering Tools
    9. Virtual Machine Software
    10. Vulnerability and Exploitation Research
    11. Vulnerability Scanners
    12. Web and Database Tools
    13. Wireless Testing Tools
  18. Appendix B Setting Up a Basic GPEN Lab
    1. What You Need
    2. Home Base (Host Machine) and Domain Controller
    3. Windows Clients
    4. CentOS VM with Web Apps
    5. Kali Linux Attack VM
    6. Backing Up with VM Snapshots
    7. Metasploitable VMs
    8. Complete Lab Setup
  19. Appendix C Capstone Project
    1. Capstone Tasks
    2. Exercise One: Reconnaissance
    3. Exercise Two: Initial Access
    4. Exercise Three: Exploit Chaining
    5. Exercise Four: Exploit Chaining Redux
    6. Capstone Hints
    7. Exercise One: Reconnaissance
    8. Exercise Two: Initial Access
    9. Exercise Three: Exploit Chaining
    10. Exercise Four: Exploit Chaining Redux
    11. Capstone Walkthrough
    12. Exercise One: Reconnaissance
    13. Exercise Two: Initial Access
    14. Exercise Three: Exploit Chaining
    15. Exercise Four: Exploit Chaining Redux
  20. Appendix D About the Online Content
    1. System Requirements
    2. Your Total Seminars Training Hub Account
    3. Privacy Notice
    4. Single User License Terms and Conditions
    5. TotalTester Online
    6. Other Book Resources
    7. Technical Support
  21. Glossary
  22. Index

Product information

  • Title: GPEN GIAC Certified Penetration Tester All-in-One Exam Guide
  • Author(s): Raymond Nutting, Mirza Ahmed, William MacCormack
  • Release date: November 2020
  • Publisher(s): McGraw-Hill
  • ISBN: 9781260456752