WIN $150 GIFT VOUCHERS: ALADDIN'S GOLD

Close Notification

Your cart does not contain any items

$107.95

Paperback

Not in-store but you can order this
How long will it take?

QTY:

English
Sybex Inc.,U.S.
19 October 2021
Prepare for success on the new PenTest+ certification exam and an exciting career in penetration testing 

In the revamped Second Edition of CompTIA PenTest+ Study Guide: Exam PT0-002, veteran information security experts Dr. Mike Chapple and David Seidl deliver a comprehensive roadmap to the foundational and advanced skills every pentester (penetration tester) needs to secure their CompTIA PenTest+ certification, ace their next interview, and succeed in an exciting new career in a growing field. 

You’ll learn to perform security assessments of traditional servers, desktop and mobile operating systems, cloud installations, Internet-of-Things devices, and industrial or embedded systems. You’ll plan and scope a penetration testing engagement including vulnerability scanning, understand legal and regulatory compliance requirements, analyze test results, and produce a written report with remediation techniques. 

This book will: 

Prepare you for success on the newly introduced CompTIA PenTest+ PT0-002 Exam  Multiply your career opportunities with a certification that complies with ISO 17024 standards and meets Department of Defense Directive 8140/8570.01-M requirements  Allow access to the Sybex online learning center, with chapter review questions, full-length practice exams, hundreds of electronic flashcards, and a glossary of key terms 

Perfect for anyone preparing for the updated CompTIA PenTest+ certification exam, CompTIA PenTest+ Study Guide: Exam PT0-002 is also a must-read resource for aspiring penetration testers and IT security professionals seeking to expand and improve their skillset. 
By:   ,
Imprint:   Sybex Inc.,U.S.
Country of Publication:   United States
Edition:   2nd edition
Dimensions:   Height: 234mm,  Width: 185mm,  Spine: 31mm
Weight:   794g
ISBN:   9781119823810
ISBN 10:   1119823811
Series:   Sybex Study Guide
Pages:   576
Publication Date:  
Audience:   Professional and scholarly ,  Undergraduate
Replaced By:   9781394285006
Format:   Paperback
Publisher's Status:   Active
Introduction xxxix Assessment Test xxv Chapter 1 Penetration Testing 1 What Is Penetration Testing? 2 Cybersecurity Goals 2 Adopting the Hacker Mindset 4 Ethical Hacking 5 Reasons for Penetration Testing 5 Benefits of Penetration Testing 6 Regulatory Requirements for Penetration Testing 7 Who Performs Penetration Tests? 8 Internal Penetration Testing Teams 8 External Penetration Testing Teams 9 Selecting Penetration Testing Teams 10 The CompTIA Penetration Testing Process 10 Planning and Scoping 11 Information Gathering and Vulnerability Scanning 11 Attacks and Exploits 12 Reporting and Communication 13 Tools and Code Analysis 13 The Cyber Kill Chain 14 Reconnaissance 15 Weaponization 16 Delivery 16 Exploitation 16 Installation 16 Command and Control 16 Actions on Objectives 17 Tools of the Trade 17 Reconnaissance 20 Vulnerability Scanners 21 Social Engineering 21 Credential Testing Tools 22 Debuggers and Software Testing Tools 22 Network Testing 23 Remote Access 23 Exploitation 24 Steganography 24 Cloud Tools 25 Summary 25 Exam Essentials 25 Lab Exercises 26 Activity 1.1: Adopting the Hacker Mindset 26 Activity 1.2: Using the Cyber Kill Chain 26 Review Questions 27 Chapter 2 Planning and Scoping Penetration Tests 31 Scoping and Planning Engagements 34 Assessment Types 35 Known Environments and Unknown Environments 35 The Rules of Engagement 37 Scoping Considerations— A Deeper Dive 39 Support Resources for Penetration Tests 42 Penetration Testing Standards and Methodologies 44 Key Legal Concepts for Penetration Tests 46 Contracts 46 Data Ownership and Retention 47 Permission to Attack (Authorization) 47 Environmental Differences and Location Restrictions 48 Regulatory Compliance Considerations 49 Summary 51 Exam Essentials 52 Lab Exercises 53 Review Questions 54 Chapter 3 Information Gathering 59 Footprinting and Enumeration 63 Osint 64 Location and Organizational Data 65 Infrastructure and Networks 68 Security Search Engines 74 Google Dorks and Search Engine Techniques 77 Password Dumps and Other Breach Data 77 Source Code Repositories 78 Passive Enumeration and Cloud Services 78 Active Reconnaissance and Enumeration 78 Hosts 79 Services 79 Networks, Topologies, and Network Traffic 85 Packet Crafting and Inspection 88 Enumeration 90 Information Gathering and Code 97 Avoiding Detection 99 Information Gathering and Defenses 99 Defenses Against Active Reconnaissance 100 Preventing Passive Information Gathering 100 Summary 100 Exam Essentials 101 Lab Exercises 102 Activity 3.1: Manual OSINT Gathering 102 Activity 3.2: Exploring Shodan 102 Activity 3.3: Running an Nmap Scan 103 Review Questions 104 Chapter 4 Vulnerability Scanning 109 Identifying Vulnerability Management Requirements 112 Regulatory Environment 112 Corporate Policy 116 Support for Penetration Testing 116 Identifying Scan Targets 117 Determining Scan Frequency 118 Active vs. Passive Scanning 120 Configuring and Executing Vulnerability Scans 121 Scoping Vulnerability Scans 121 Configuring Vulnerability Scans 122 Scanner Maintenance 129 Software Security Testing 131 Analyzing and Testing Code 131 Web Application Vulnerability Scanning 133 Developing a Remediation Workflow 138 Prioritizing Remediation 140 Testing and Implementing Fixes 141 Overcoming Barriers to Vulnerability Scanning 141 Summary 143 Exam Essentials 143 Lab Exercises 144 Activity 4.1: Installing a Vulnerability Scanner 144 Activity 4.2: Running a Vulnerability Scan 145 Activity 4.3: Developing a Penetration Test Vulnerability Scanning Plan 145 Review Questions 146 Chapter 5 Analyzing Vulnerability Scans 151 Reviewing and Interpreting Scan Reports 152 Understanding CVSS 156 Validating Scan Results 162 False Positives 162 Documented Exceptions 162 Understanding Informational Results 163 Reconciling Scan Results with Other Data Sources 164 Trend Analysis 164 Common Vulnerabilities 165 Server and Endpoint Vulnerabilities 166 Network Vulnerabilities 175 Virtualization Vulnerabilities 181 Internet of Things (IoT) 183 Web Application Vulnerabilities 184 Summary 186 Exam Essentials 187 Lab Exercises 188 Activity 5.1: Interpreting a Vulnerability Scan 188 Activity 5.2: Analyzing a CVSS Vector 188 Activity 5.3: Developing a Penetration Testing Plan 189 Review Questions 190 Chapter 6 Exploiting and Pivoting 195 Exploits and Attacks 198 Choosing Targets 198 Enumeration 199 Identifying the Right Exploit 201 Exploit Resources 204 Exploitation Toolkits 206 Metasploit 206 PowerSploit 212 BloodHound 213 Exploit Specifics 213 Rpc/dcom 213 PsExec 214 PS Remoting/WinRM 214 Wmi 214 Fileless Malware and Living Off the Land 215 Scheduled Tasks and cron Jobs 216 Smb 217 Dns 219 Rdp 220 Apple Remote Desktop 220 Vnc 220 Ssh 220 Network Segmentation Testing and Exploits 221 Leaked Keys 222 Leveraging Exploits 222 Common Post- Exploit Attacks 222 Cross Compiling 225 Privilege Escalation 226 Social Engineering 226 Escaping and Upgrading Limited Shells 227 Persistence and Evasion 228 Scheduled Jobs and Scheduled Tasks 228 Inetd Modification 228 Daemons and Services 229 Backdoors and Trojans 229 Data Exfiltration and Covert Channels 230 New Users 230 Pivoting 231 Covering Your Tracks 232 Summary 233 Exam Essentials 234 Lab Exercises 235 Activity 6.1: Exploit 235 Activity 6.2: Discovery 235 Activity 6.3: Pivot 236 Review Questions 237 Chapter 7 Exploiting Network Vulnerabilities 243 Identifying Exploits 247 Conducting Network Exploits 247 VLAN Hopping 247 DNS Cache Poisoning 249 On- Path Attacks 251 NAC Bypass 254 DoS Attacks and Stress Testing 255 Exploit Chaining 257 Exploiting Windows Services 257 NetBIOS Name Resolution Exploits 257 SMB Exploits 261 Identifying and Exploiting Common Services 261 Identifying and Attacking Service Targets 262 SNMP Exploits 263 SMTP Exploits 264 FTP Exploits 265 Kerberoasting 266 Samba Exploits 267 Password Attacks 268 Stress Testing for Availability 269 Wireless Exploits 269 Attack Methods 269 Finding Targets 270 Attacking Captive Portals 270 Eavesdropping, Evil Twins, and Wireless On- Path Attacks 271 Other Wireless Protocols and Systems 275 RFID Cloning 276 Jamming 277 Repeating 277 Summary 278 Exam Essentials 279 Lab Exercises 279 Activity 7.1: Capturing Hashes 279 Activity 7.2: Brute- Forcing Services 280 Activity 7.3: Wireless Testing 281 Review Questions 282 Chapter 8 Exploiting Physical and Social Vulnerabilities 287 Physical Facility Penetration Testing 290 Entering Facilities 290 Information Gathering 294 Social Engineering 294 In- Person Social Engineering 295 Phishing Attacks 297 Website- Based Attacks 298 Using Social Engineering Tools 298 Summary 302 Exam Essentials 303 Lab Exercises 303 Activity 8.1: Designing a Physical Penetration Test 303 Activity 8.2: Brute- Forcing Services 304 Activity 8.3: Using BeEF 305 Review Questions 306 Chapter 9 Exploiting Application Vulnerabilities 311 Exploiting Injection Vulnerabilities 314 Input Validation 314 Web Application Firewalls 315 SQL Injection Attacks 316 Code Injection Attacks 319 Command Injection Attacks 319 LDAP Injection Attacks 320 Exploiting Authentication Vulnerabilities 320 Password Authentication 321 Session Attacks 322 Kerberos Exploits 326 Exploiting Authorization Vulnerabilities 327 Insecure Direct Object References 327 Directory Traversal 328 File Inclusion 330 Privilege Escalation 331 Chapter 10 Exploiting Web Application Vulnerabilities 331 Cross- Site Scripting (XSS) 331 Request Forgery 334 Clickjacking 335 Unsecure Coding Practices 335 Source Code Comments 335 Error Handling 336 Hard- Coded Credentials 336 Race Conditions 337 Unprotected APIs 337 Unsigned Code 338 Steganography 340 Application Testing Tools 341 Static Application Security Testing (SAST) 341 Dynamic Application Security Testing (DAST) 342 Mobile Tools 346 Summary 346 Exam Essentials 347 Lab Exercises 347 Activity 9.1: Application Security Testing Techniques 347 Activity 9.2: Using the ZAP Proxy 348 Activity 9.3: Creating a Cross- Site Scripting Vulnerability 348 Review Questions 349 Attacking Hosts, Cloud Technologies, and Specialized Systems 355 Attacking Hosts 360 Linux 361 Windows 365 Cross- Platform Exploits 367 Credential Attacks and Testing Tools 368 Credential Acquisition 368 Offline Password Cracking 369 Credential Testing and Brute- Forcing Tools 371 Wordlists and Dictionaries 371 Remote Access 372 Ssh 372 NETCAT and Ncat 373 Metasploit and Remote Access 373 Proxies and Proxychains 374 Attacking Virtual Machines and Containers 374 Virtual Machine Attacks 375 Containerization Attacks 377 Attacking Cloud Technologies 379 Attacking Cloud Accounts 379 Attacking and Using Misconfigured Cloud Assets 380 Other Cloud Attacks 382 Tools for Cloud Technology Attacks 383 Attacking Mobile Devices 384 Attacking IoT, ICS, Embedded Systems, and SCADA Devices 389 Attacking Data Storage 392 Summary 393 Exam Essentials 395 Lab Exercises 396 Activity 10.1: Dumping and Cracking the Windows SAM and Other Credentials 396 Activity 10.2: Cracking Passwords Using Hashcat 397 Activity 10.3: Setting Up a Reverse Shell and a Bind Shell 398 Review Questions 400 Chapter 11 Reporting and Communication 405 The Importance of Communication 409 Defining a Communication Path 409 Communication Triggers 410 Goal Reprioritization 410 Recommending Mitigation Strategies 411 Finding: Shared Local Administrator Credentials 412 Finding: Weak Password Complexity 413 Finding: Plaintext Passwords 414 Finding: No Multifactor Authentication 414 Finding: SQL Injection 416 Finding: Unnecessary Open Services 416 Writing a Penetration Testing Report 416 Structuring the Written Report 417 Secure Handling and Disposition of Reports 420 Wrapping Up the Engagement 421 Post- Engagement Cleanup 421 Client Acceptance 421 Lessons Learned 421 Follow- Up Actions/Retesting 422 Attestation of Findings 422 Retention and Destruction of Data 422 Summary 423 Exam Essentials 423 Lab Exercises 424 Activity 11.1: Remediation Strategies 424 Activity 11.2: Report Writing 424 Review Questions 425 Chapter 12 Scripting for Penetration Testing 429 Scripting and Penetration Testing 431 Bash 432 PowerShell 433 Ruby 434 Python 435 Perl 435 JavaScript 436 Variables, Arrays, and Substitutions 438 Bash 439 PowerShell 440 Ruby 441 Python 441 Perl 442 JavaScript 442 Comparison Operations 444 String Operations 445 Bash 446 PowerShell 447 Ruby 448 Python 449 Perl 450 JavaScript 451 Flow Control 452 Conditional Execution 453 for Loops 458  while Loops 465 Input and Output (I/O) 471 Redirecting Standard Input and Output 471 Comma- Separated Values (CSV) 472 Error Handling 472 Bash 472 PowerShell 473 Ruby 473 Python 473 Advanced Data Structures 474 JavaScript Object Notation (JSON) 474 Trees 475 Reusing Code 475 The Role of Coding in Penetration Testing 476 Analyzing Exploit Code 476 Automating Penetration Tests 477 Summary 477 Exam Essentials 477 Lab Exercises 478 Activity 12.1: Reverse DNS Lookups 478 Activity 12.2: Nmap Scan 479 Review Questions 480 Appendix A Answers to Review Questions 485 Chapter 1: Penetration Testing 486 Chapter 2: Planning and Scoping Penetration Tests 487 Chapter 3: Information Gathering 489 Chapter 4: Vulnerability Scanning 491 Chapter 5: Analyzing Vulnerability Scans 493 Chapter 6: Exploiting and Pivoting 495 Chapter 7: Exploiting Network Vulnerabilities 497 Chapter 8: Exploiting Physical and Social Vulnerabilities 499 Chapter 9: Exploiting Application Vulnerabilities 501 Chapter 10: Attacking Hosts, Cloud Technologies, and Specialized Systems 503 Chapter 11: Reporting and Communication 505 Chapter 12: Scripting for Penetration Testing 506 Appendix B Solution to Lab Exercise 509 Solution to Activity 5.2: Analyzing a CVSS Vector 510 Index 511 

MIKE CHAPPLE, Security+, CySA+, CISSP, is Teaching Professor of IT, Analytics, and Operations at the University of Notre Dame. He's a cybersecurity professional and educator with over 20 years of experience. Mike provides cybersecurity certification resources at his website, CertMike.com. DAVID SEIDL, Security+, CySA+, CISSP, PenTest+, is Vice President for Information Technology and CIO at Miami University. David co-led Notre Dame's move to the cloud, and has written multiple cybersecurity certification books.

See Also