چه کسانی این کتاب را می‌خوانند

دانشجوعلاقه‌مند یادگیری
کتابخوان حرفه‌ایلذت مطالعه
نویسندهالهام‌گیری

CompTIA PenTest+ Study Guide: Exam PT0-002 (Sybex Study Guide)

Mike Chapple; David Seidl, CISSP

قیمت نهایی

۴۴٬۰۰۰ تومان۴۹٬۰۰۰ تومان۱۰٪ تخفیف
  • تخفیف زمان‌دار−۵٬۰۰۰ تومان

۵٬۰۰۰ تومان صرفه‌جویی نسبت به قیمت اصلی

نسخه اصلی و اورجینال

بلافاصله پس از خرید، فایل کتاب روی دستگاه شما آمادهٔ دانلود است.

تحویل فوری
پرداخت امن
ضمانت فایل
پشتیبانی

مشخصات کتاب

سال انتشار
۲۰۲۱
فرمت
PDF
زبان
انگلیسی
حجم فایل
۲۴٫۶ مگابایت
شابک
9781119823810، 9781119823827، 9781119823834، 9781394177653، 1119823811، 111982382X، 1119823838، 1394177658

دربارهٔ کتاب

Prepare for success on the new PenTest+ certification exam and an exciting career in penetration testing In the revamped Second Edition of CompTIA PenTest+ Study Guide: Exam PT0-002 , veteran information security experts Dr. Mike Chapple and David Seidl deliver a comprehensive roadmap to the foundational and advanced skills every pentester (penetration tester) needs to secure their CompTIA PenTest+ certification, ace their next interview, and succeed in an exciting new career in a growing field. You’ll learn to perform security assessments of traditional servers, desktop and mobile operating systems, cloud installations, Internet-of-Things devices, and industrial or embedded systems. You’ll plan and scope a penetration testing engagement including vulnerability scanning, understand legal and regulatory compliance requirements, analyze test results, and produce a written report with remediation techniques. This book will: Prepare you for success on the newly introduced CompTIA PenTest+ PT0-002 Exam Multiply your career opportunities with a certification that complies with ISO 17024 standards and meets Department of Defense Directive 8140/8570.01-M requirements Allow access to the Sybex online learning center, with chapter review questions, full-length practice exams, hundreds of electronic flashcards, and a glossary of key terms Perfect for anyone preparing for the updated CompTIA PenTest+ certification exam, CompTIA PenTest+ Study Guide: Exam PT0-002 is also a must-read resource for aspiring penetration testers and IT security professionals seeking to expand and improve their skillset. Cover Title Page Copyright Page Acknowledgments About the Authors About the Technical Editor Contents at a Glance Contents Introduction CompTIA The PenTest+ Exam Study and Exam Preparation Tips Taking the Exam After the PenTest+ Exam What Does This Book Cover? Objective Mapping Study Guide Elements Interactive Online Learning Environment CompTIA PenTest+ Certification Exam Objectives 1.0 Planning and Scoping 2.0 Information Gathering and Vulnerability Scanning 3.0 Attacks and Exploits 4.0 Reporting and Communication 5.0 Tools and Code Analysis Assessment Test Answers to Assessment Test Chapter 1 Penetration Testing What Is Penetration Testing? Cybersecurity Goals Adopting the Hacker Mindset Ethical Hacking Reasons for Penetration Testing Benefits of Penetration Testing Regulatory Requirements for Penetration Testing Who Performs Penetration Tests? Internal Penetration Testing Teams External Penetration Testing Teams Selecting Penetration Testing Teams The CompTIA Penetration Testing Process Planning and Scoping Information Gathering and Vulnerability Scanning Attacks and Exploits Reporting and Communication Tools and Code Analysis The Cyber Kill Chain Reconnaissance Weaponization Delivery Exploitation Installation Command and Control Actions on Objectives Tools of the Trade Reconnaissance Vulnerability Scanners Social Engineering Credential Testing Tools Debuggers and Software Testing Tools Network Testing Remote Access Exploitation Steganography Cloud Tools Summary Exam Essentials Lab Exercises Activity 1.1: Adopting the Hacker Mindset Activity 1.2: Using the Cyber Kill Chain Review Questions Chapter 2 Planning and Scoping Penetration Tests Scoping and Planning Engagements Assessment Types Known Environments and Unknown Environments The Rules of Engagement Scoping Considerations—A Deeper Dive Support Resources for Penetration Tests Penetration Testing Standards and Methodologies Key Legal Concepts for Penetration Tests Contracts Data Ownership and Retention Permission to Attack (Authorization) Environmental Differences and Location Restrictions Regulatory Compliance Considerations Summary Exam Essentials Lab Exercises Review Questions Chapter 3 Information Gathering Footprinting and Enumeration OSINT Location and Organizational Data Infrastructure and Networks Security Search Engines Google Dorks and Search Engine Techniques Password Dumps and Other Breach Data Source Code Repositories Passive Enumeration and Cloud Services Active Reconnaissance and Enumeration Hosts Services Networks, Topologies, and Network Traffic Packet Crafting and Inspection Enumeration Information Gathering and Code Avoiding Detection Information Gathering and Defenses Defenses Against Active Reconnaissance Preventing Passive Information Gathering Summary Exam Essentials Lab Exercises Activity 3.1: Manual OSINT Gathering Activity 3.2: Exploring Shodan Activity 3.3: Running an Nmap Scan Review Questions Chapter 4 Vulnerability Scanning Identifying Vulnerability Management Requirements Regulatory Environment Corporate Policy Support for Penetration Testing Identifying Scan Targets Determining Scan Frequency Active vs. Passive Scanning Configuring and Executing Vulnerability Scans Scoping Vulnerability Scans Configuring Vulnerability Scans Scanner Maintenance Software Security Testing Analyzing and Testing Code Web Application Vulnerability Scanning Developing a Remediation Workflow Prioritizing Remediation Testing and Implementing Fixes Overcoming Barriers to Vulnerability Scanning Summary Exam Essentials Lab Exercises Activity 4.1: Installing a Vulnerability Scanner Activity 4.2: Running a Vulnerability Scan Activity 4.3: Developing a Penetration Test Vulnerability Scanning Plan Review Questions Chapter 5 Analyzing Vulnerability Scans Reviewing and Interpreting Scan Reports Understanding CVSS Validating Scan Results False Positives Documented Exceptions Understanding Informational Results Reconciling Scan Results with Other Data Sources Trend Analysis Common Vulnerabilities Server and Endpoint Vulnerabilities Network Vulnerabilities Virtualization Vulnerabilities Internet of Things (IoT) Web Application Vulnerabilities Summary Exam Essentials Lab Exercises Activity 5.1: Interpreting a Vulnerability Scan Activity 5.2: Analyzing a CVSS Vector Activity 5.3: Developing a Penetration Testing Plan Review Questions Chapter 6 Exploiting and Pivoting Exploits and Attacks Choosing Targets Enumeration Identifying the Right Exploit Exploit Resources Exploitation Toolkits Metasploit PowerSploit BloodHound Exploit Specifics RPC/DCOM PsExec PS Remoting/WinRM WMI Fileless Malware and Living Off the Land Scheduled Tasks and cron Jobs SMB DNS RDP Apple Remote Desktop VNC SSH Network Segmentation Testing and Exploits Leaked Keys Leveraging Exploits Common Post-Exploit Attacks Cross Compiling Privilege Escalation Social Engineering Escaping and Upgrading Limited Shells Persistence and Evasion Scheduled Jobs and Scheduled Tasks Inetd Modification Daemons and Services Backdoors and Trojans Data Exfiltration and Covert Channels New Users Pivoting Covering Your Tracks Summary Exam Essentials Lab Exercises Activity 6.1: Exploit Activity 6.2: Discovery Activity 6.3: Pivot Review Questions Chapter 7 Exploiting Network Vulnerabilities Identifying Exploits Conducting Network Exploits VLAN Hopping DNS Cache Poisoning On-Path Attacks NAC Bypass DoS Attacks and Stress Testing Exploit Chaining Exploiting Windows Services NetBIOS Name Resolution Exploits SMB Exploits Identifying and Exploiting Common Services Identifying and Attacking Service Targets SNMP Exploits SMTP Exploits FTP Exploits Kerberoasting Samba Exploits Password Attacks Stress Testing for Availability Wireless Exploits Attack Methods Finding Targets Attacking Captive Portals Eavesdropping, Evil Twins, and Wireless On-Path Attacks Other Wireless Protocols and Systems RFID Cloning Jamming Repeating Summary Exam Essentials Lab Exercises Activity 7.1: Capturing Hashes Activity 7.2: Brute-Forcing Services Activity 7.3: Wireless Testing Review Questions Chapter 8 Exploiting Physical and Social Vulnerabilities Physical Facility Penetration Testing Entering Facilities Information Gathering Social Engineering In-Person Social Engineering Phishing Attacks Website-Based Attacks Using Social Engineering Tools Summary Exam Essentials Lab Exercises Activity 8.1: Designing a Physical Penetration Test Activity 8.2: Brute-Forcing Services Activity 8.3: Using BeEF Review Questions Chapter 9 Exploiting Application Vulnerabilities Exploiting Injection Vulnerabilities Input Validation Web Application Firewalls SQL Injection Attacks Code Injection Attacks Command Injection Attacks LDAP Injection Attacks Exploiting Authentication Vulnerabilities Password Authentication Session Attacks Kerberos Exploits Exploiting Authorization Vulnerabilities Insecure Direct Object References Directory Traversal File Inclusion Privilege Escalation Exploiting Web Application Vulnerabilities Cross-Site Scripting (XSS) Request Forgery Clickjacking Unsecure Coding Practices Source Code Comments Error Handling Hard-Coded Credentials Race Conditions Unprotected APIs Unsigned Code Steganography Application Testing Tools Static Application Security Testing (SAST) Dynamic Application Security Testing (DAST) Mobile Tools Summary Exam Essentials Lab Exercises Activity 9.1: Application Security Testing Techniques Activity 9.2: Using the ZAP Proxy Activity 9.3: Creating a Cross-Site Scripting Vulnerability Review Questions Chapter 10 Attacking Hosts, Cloud Technologies, and Specialized Systems Attacking Hosts Linux Windows Cross-Platform Exploits Credential Attacks and Testing Tools Credential Acquisition Offline Password Cracking Credential Testing and Brute-Forcing Tools Wordlists and Dictionaries Remote Access SSH NETCAT and Ncat Metasploit and Remote Access Proxies and Proxychains Attacking Virtual Machines and Containers Virtual Machine Attacks Containerization Attacks Attacking Cloud Technologies Attacking Cloud Accounts Attacking and Using Misconfigured Cloud Assets Other Cloud Attacks Tools for Cloud Technology Attacks Attacking Mobile Devices Attacking IoT, ICS, Embedded Systems, and SCADA Devices Attacking Data Storage Summary Exam Essentials Lab Exercises Activity 10.1: Dumping and Cracking the Windows SAM and Other Credentials Activity 10.2: Cracking Passwords Using Hashcat Activity 10.3: Setting Up a Reverse Shell and a Bind Shell Review Questions Chapter 11 Reporting and Communication The Importance of Communication Defining a Communication Path Communication Triggers Goal Reprioritization Recommending Mitigation Strategies Finding: Shared Local Administrator Credentials Finding: Weak Password Complexity Finding: Plaintext Passwords Finding: No Multifactor Authentication Finding: SQL Injection Finding: Unnecessary Open Services Writing a Penetration Testing Report Structuring the Written Report Secure Handling and Disposition of Reports Wrapping Up the Engagement Post-Engagement Cleanup Client Acceptance Lessons Learned Follow-Up Actions/Retesting Attestation of Findings Retention and Destruction of Data Summary Exam Essentials Lab Exercises Activity 11.1: Remediation Strategies Activity 11.2: Report Writing Review Questions Chapter 12 Scripting for Penetration Testing Scripting and Penetration Testing Bash PowerShell Ruby Python Perl JavaScript Variables, Arrays, and Substitutions Bash PowerShell Ruby Python Perl JavaScript Comparison Operations String Operations Bash PowerShell Ruby Python Perl JavaScript Flow Control Conditional Execution for Loops while Loops Input and Output (I/O) Redirecting Standard Input and Output Comma-Separated Values (CSV) Error Handling Bash PowerShell Ruby Python Advanced Data Structures JavaScript Object Notation (JSON) Trees Reusing Code The Role of Coding in Penetration Testing Analyzing Exploit Code Automating Penetration Tests Summary Exam Essentials Lab Exercises Activity 12.1: Reverse DNS Lookups Activity 12.2: Nmap Scan Review Questions Appendix A: Answers to Review Questions Chapter 1: Penetration Testing Chapter 2: Planning and Scoping Penetration Tests Chapter 3: Information Gathering Chapter 4: Vulnerability Scanning Chapter 5: Analyzing Vulnerability Scans Chapter 6: Exploiting and Pivoting Chapter 7: Exploiting Network Vulnerabilities Chapter 8: Exploiting Physical and Social Vulnerabilities Chapter 9: Exploiting Application Vulnerabilities Chapter 10: Attacking Hosts, Cloud Technologies, and Specialized Systems Chapter 11: Reporting and Communication Chapter 12: Scripting for Penetration Testing Appendix B: Solution to Lab Exercise Solution to Activity 5.2: Analyzing a CVSS Vector Index EULA

قیمت نهایی

۴۴٬۰۰۰ تومان