Limit search to available items
Book Cover
E-book
Author Nutting, Raymond

Title GPEN GIAC Certified Penetration Tester All-In-One Exam Guide
Published New York : McGraw-Hill Education, 2020

Copies

Description 1 online resource (558 p.)
Contents Cover -- Title Page -- Copyright Page -- Dedication -- Contents -- Acknowledgments -- Introduction -- Objectives Map: GPEN Exam -- Chapter 1 Planning and Preparation -- Penetration Testing Methodologies -- Penetration Testing Execution Standard -- NIST Technical Guide to Information Security Testing and Assessment -- Penetration Testing Framework -- Open Source Security Testing Methodology Manual -- OWASP Web Security Testing Guide -- MITRE ATT&CK -- CAPEC -- Pre-engagement Activities -- Testing Phases -- Rules of Engagement -- Scope -- Other Pre-engagement Documentation
Third-Party Providers -- Chapter Review -- Questions -- Answers -- Chapter 2 Reconnaissance -- Open Source Intelligence -- Organizational Culture -- Social Media Behavior -- Information Technology -- Discovery Methods -- Regional Internet Registries -- Querying DNS Records -- Search Engines -- OSINT Collection Tools -- Metadata Analysis -- Chapter Review -- Questions -- Answers -- Chapter 3 Initial Access -- Exploitation Categories -- Server-Side Exploitation -- Client-Side Exploitation -- Privilege Escalation -- Network Basics and Not-So-Basics -- TCP Three-Way Handshake -- TCP and IP Headers
Scanning and Host Discovery -- Monitoring Network Scans -- Lab 3-1: Using Wireshark -- Nmap Introduction -- Ping Sweeping -- Network Mapping -- Port Scanning -- Vulnerability Scanning -- Lab 3-2: Scanning with Nmap -- Lab 3-3: Vulnerability Scanning with Nessus -- Packet Crafting with Scapy -- Lab 3-4: Scapy Introductory -- Lab 3-5: Evil Scapy Scripting -- Web Application Penetration Testing -- Web Application Vulnerabilities -- Lab 3-6: BeEF Basics -- Lab 3-7: OWASP ZAP -- SQL Injection Attacks -- Lab 3-8: SQLi -- Lab 3-9: Blind SQLi and Sqlmap -- Command Injection -- Lab 3-10: Command Injection
Client-Side Attacks -- Lab 3-11: Stored XSS -- Time-Saving Tips -- Chapter Review -- Questions -- Answers -- Chapter 4 Execution -- Command-Line Interface -- Linux CLI -- Windows CLI -- Scripting -- Declaring Methods and Variables -- Looping and Flow Control -- Error and Exception Handling -- Metasploit Framework (MSF) -- MSF Components -- Lab 4-1: Navigating the MSFconsole -- Service-Based Exploitation -- Lab 4-2: Exploiting SMB with Metasploit -- Lab 4-3: Exploiting ProFTPD with Metasploit -- Metasploit Meterpreter -- Lab 4-4: Upgrading to a Meterpreter Shell -- Chapter Review -- Questions
Answers -- Chapter 5 Persistence, Privilege Escalation, and Evasion -- Persistence -- Windows Persistence -- Lab 5-1: Scheduled Tasks -- Lab 5-2: Configuring a Callback via Windows Services -- Lab 5-3: Persistence with PowerShell Empire -- Linux Persistence -- Privilege Escalation -- Lab 5-4: Linux Privilege Escalation -- Lab 5-5: Windows Information Gathering and Privilege Escalation -- Evasion -- In Memory vs. On Disk -- Disk Location -- Code Obfuscation -- Lab 5-6: Windows Defender Evasion -- Chapter Review -- Questions -- Answers -- Chapter 6 Credential Access -- Windows Password Types
Summary This effective study guide provides 100% coverage of every topic on the GPEN GIAC Penetration Tester exam This effective self-study guide fully prepares you for the Global Information Assurance Certification's challenging Penetration Tester exam, which validates advanced IT security skills. The book features exam-focused coverage of penetration testing methodologies, legal issues, and best practices. GPEN GIAC Certified Penetration Tester All-in-One Exam Guide contains useful tips and tricks, real-world examples, and case studies drawn from authors' extensive experience. Beyond exam preparation, the book also serves as a valuable on-the-job reference. Covers every topic on the exam, including: Pre-engagement and planning activities Reconnaissance and open source intelligence gathering Scanning, enumerating targets, and identifying vulnerabilities Exploiting targets and privilege escalation Password attacks Post-exploitation activities, including data exfiltration and pivoting PowerShell for penetration testing Web application injection attacks Tools of the trade: Metasploit, proxies, and more Online content includes: 230 accurate practice exam questions Test engine containing full-length practice exams and customizable quizzes
Notes Description based upon print version of record
NTLM Challenge-Response Protocol
Subject Penetration testing (Computer security) -- Examinations -- Study guides
Computer security -- Examinations -- Study guides
Computer security -- Examinations
Genre/Form Study guides
Form Electronic book
Author Ahmed, Mirza
MacCormack, William
ISBN 9781260456752
1260456757