دانلود کتاب آزمون CompTIA PenTest+ Study Guide Exam PT0-003

This book is designed to cover the five domains included in the PenTest+ exam: Chapter 1: Penetration Testing Learn the basics of penetration testing as you begin an in‐depth exploration of the field. In this chapter, you will learn why organizations conduct penetration testing and the role of the penetration test in a cybersecurity program. Chapter 2: Planning and Scoping Penetration Tests Proper planning is critical to a penetration test. In this chapter, you will learn how to define the rules of engagement, scope, budget, and other details that need to be determined before a penetration test starts. Details of contracts, compliance and legal concerns, and authorization are all discussed so that you can make sure you are covered before a test starts. Chapter 3: Information Gathering Gathering information is one of the earliest stages of a penetration test. In this chapter you will learn how to gather open source intelligence (OSINT) using passive means. Once you have OSINT, you can leverage the active scanning and enumeration techniques and tools you will learn about in the second half of the chapter. Chapter 4: Vulnerability Scanning Managing vulnerabilities helps to keep your systems secure. In this chapter, you will learn how to conduct vulnerability scans and use them as an important information source for penetration testing. Chapter 5: Analyzing Vulnerability Scans Vulnerability reports can contain huge amounts of data about potential problems with systems. In this chapter, you will learn how to read and analyze a vulnerability scan report, what CVSS scoring is and what it means, as well as how to choose the appropriate actions to remediate the issues you have found. Along the way, you will explore common types of vulnerabilities, their impact on systems and networks, and how they might be exploited during a penetration test. Chapter 6: Exploit and Pivot Once you have a list of vulnerabilities, you can move on to prioritizing the exploits based on the likelihood of success and availability of attack methods. In this chapter, you will explore common attack techniques and tools and when to use them. Once you have gained access, you can pivot to other systems or networks that may not have been accessible previously. You will learn tools and techniques that are useful for lateral movement once you’re inside a network’s security boundaries, how to cover your tracks, and how to hide the evidence of your efforts. Chapter 7: Exploiting Network Vulnerabilities Penetration testers often start with network attacks against common services. In this chapter, you will explore the most frequently attacked services, including NetBIOS, SMB, SNMP, and others. You will learn about on‐path attacks, network‐specific techniques, and how to attack wireless networks and systems. Chapter 8: Exploiting Physical and Social Vulnerabilities Humans are the most vulnerable part of an organization’s security posture, and penetration testers need to know how to exploit the human element of an organization. In this chapter, you will explore social engineering methods, motivation techniques, and social engineering tools. Once you know how to leverage human behavior, you will explore how to gain and leverage physical access to buildings and other secured areas. Chapter 9: Exploiting Application Vulnerabilities Applications are the go‐to starting point for testers and hackers alike. If an attacker can break through the security of a web application and access the back‐end systems supporting that application, they often have the starting point they need to wage a full‐scale attack. In this chapter, we examine many of the application vulnerabilities that are commonly exploited during penetration tests. Chapter 10: Exploiting Host Vulnerabilities Attacking hosts relies on understanding operating system–specific vulnerabilities for Windows and Linux as well as common problems found on almost all operating systems. In this chapter, you will learn about attack methods used against both Windows and Linux hosts, credential attacks and password cracking, how virtual machines and container attacks work, and attack vectors and techniques used against cloud technologies. You’ll also explore attacks against mobile devices, IoT and industrial control systems, data storage, and other specialized systems. Chapter 11: Reporting and Communication Penetration tests are only useful to the organization if the penetration testers are able to effectively communicate the state of the organization to management and technical staff. In this chapter, we turn our attention to that crucial final phase of a penetration test: reporting and communicating our results. Chapter 12: Scripting for Penetration Testing Scripting languages provide a means to automate the repetitive tasks of penetration testing. Penetration testers do not need to be software engineers. Generally speaking, pentesters don’t write extremely lengthy code or develop applications that will be used by many other people. The primary development skill that a penetration tester should acquire is the ability to read fairly simple scripts written in a variety of common languages and adapt them to their own unique needs. That’s what we’ll explore in this chapter.