Atnaujinkite slapukų nuostatas

El. knyga: CompTIA PenTest+ Certification All-in-One Exam Guide (Exam PT0-001)

4.09/5 (30 ratings by Goodreads)
  • Formatas: 656 pages
  • Išleidimo metai: 14-Dec-2018
  • Leidėjas: McGraw-Hill Education
  • Kalba: eng
  • ISBN-13: 9781260135954
Kitos knygos pagal šią temą:
CompTIA PenTest+ Certification All-in-One Exam Guide (Exam PT0-001)Didesnis paveikslėlis
  • Formatas: 656 pages
  • Išleidimo metai: 14-Dec-2018
  • Leidėjas: McGraw-Hill Education
  • Kalba: eng
  • ISBN-13: 9781260135954
Kitos knygos pagal šią temą:

DRM apribojimai

  • Kopijuoti:

    neleidžiama

  • Spausdinti:

    neleidžiama

  • El. knygos naudojimas:

    Skaitmeninių teisių valdymas (DRM)
    Leidykla pateikė šią knygą šifruota forma, o tai reiškia, kad norint ją atrakinti ir perskaityti reikia įdiegti nemokamą programinę įrangą. Norint skaityti šią el. knygą, turite susikurti Adobe ID . Daugiau informacijos  čia. El. knygą galima atsisiųsti į 6 įrenginius (vienas vartotojas su tuo pačiu Adobe ID).

    Reikalinga programinė įranga
    Norint skaityti šią el. knygą mobiliajame įrenginyje (telefone ar planšetiniame kompiuteryje), turite įdiegti šią nemokamą programėlę: PocketBook Reader (iOS / Android)

    Norint skaityti šią el. knygą asmeniniame arba „Mac“ kompiuteryje, Jums reikalinga  Adobe Digital Editions “ (tai nemokama programa, specialiai sukurta el. knygoms. Tai nėra tas pats, kas „Adobe Reader“, kurią tikriausiai jau turite savo kompiuteryje.)

    Negalite skaityti šios el. knygos naudodami „Amazon Kindle“.

Publisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product.


This comprehensive exam guide offers 100% coverage of every topic on the CompTIA PenTest+ exam

Get complete coverage of all the objectives included on the CompTIA PenTest+ certification exam PT0-001 from this comprehensive resource. Written by an expert penetration tester, the book provides learning objectives at the beginning of each chapter, hands-on exercises, exam tips, and practice questions with in-depth answer explanations. Designed to help you pass the exam with ease, this definitive volume also serves as an essential on-the-job reference.

Covers all exam topics, including:

•Pre-engagement activities

•Getting to know your targets

•Network scanning and enumeration

•Vulnerability scanning and analysis

•Mobile device and application testing

•Social engineering

•Network-based attacks

•Wireless and RF attacks

•Web and database attacks

•Attacking local operating systems

•Physical penetration testing

•Writing the pen test report

•And more

Online content includes:

•Interactive performance-based questions 

•Test engine that provides full-length practice exams and customized quizzes by chapter or by exam domain

•Downloadable virtual machine files for use with some of the exercises in the book 

•Penetration Testing Tools and References appendix


Acknowledgments xi
Introduction xiii
Objective Map: Exam PT0-001 xvi
Chapter 1 Pre-engagement Activities 1(22)
Target Audience
1(1)
Impact Analysis
2(1)
Scope and Methodology
3(9)
Types of Assessment
5(2)
Threat Modeling
7(3)
Target Selection
10(2)
Contractual Agreements
12(4)
Nondisclosure Agreement
14(1)
Master Service Agreement
14(1)
Statement of Work
14(2)
Chapter Review
16(7)
Questions
16(2)
Questions and Answers
18(5)
Chapter 2 Getting to Know Your Targets 23(22)
Footprinting and Reconnaissance
23(1)
Information Gathering
23(1)
Tools, Methods, and Frameworks
24(15)
Data Mining
24(5)
Specialized Search Engines
29(4)
DNS, Website, and Email Footprinting
33(6)
Metadata Analysis
39(1)
Chapter Review
39(6)
Questions
40(2)
Questions and Answers
42(3)
Chapter 3 Network Scanning and Enumeration 45(26)
802.11 Wireless Standards
45(4)
Wireless Spectrum Bands
46(1)
Wireless Modes and Terminology
46(3)
Wireless Testing Equipment
49(1)
Popular Antennas
50(1)
802.11 Network Discovery
50(4)
802.11 Frames
51(2)
Wireless Scanning
53(1)
Host Discovery
54(3)
Ping Scan
55(2)
Port Scanning
57(5)
Port Scanning Methods
57(1)
Common Ports and Protocols
58(1)
TCP Scan
59(1)
Half-Open Scan
60(1)
UDP Scan
61(1)
Enumeration
62(2)
Chapter Review
64(7)
Questions
64(2)
Questions and Answers
66(5)
Chapter 4 Vulnerability Scanning and Analysis 71(34)
Researching Vulnerabilities
71(5)
CVE
72(1)
CWE
73(1)
CAPEC
74(1)
ATT&CK
75(1)
Remote Security Scanning
76(9)
Credentialed vs. Noncredentialed Scanning
78(2)
Compliance and Configuration Auditing
80(1)
Nontraditional Assets
81(4)
Web and Database Scanning
85(13)
Open Web Application Security Project (OWASP)
85(1)
Fingerprinting Web and Database Servers
86(2)
Enumerating Information
88(1)
Authentication and Authorization Testing
89(7)
Data Validation Testing
96(1)
Vulnerability Mapping
97(1)
Chapter Review
98(7)
Questions
98(2)
Questions and Answers
100(5)
Chapter 5 Mobile Device and Application Testing 105(42)
Mobile Device Architecture
105(5)
iPhone Operating System
107(2)
Android Operating System
109(1)
Mobile Pentesting Fundamentals
110(3)
Static Analysis
111(1)
Dynamic and Runtime Analysis
112(1)
Network Analysis
112(1)
Server-Side Testing
113(1)
iOS Application Security Testing
113(10)
Setting Up an iOS Testing Environment
113(1)
Jailbreaking an iOS Device
113(2)
Connecting to the iOS Device
115(2)
iOS Functional Testing and Application Mapping
117(6)
Android Application Security Testing
123(7)
Setting Up an Android Testing Environment
123(1)
Rooting an Android Device
124(1)
Connecting to the Android Device
124(1)
Android Functional Testing and Application Mapping
125(5)
Software Assurance Testing
130(7)
Understanding Programming Logic
131(6)
Chapter Review
137(10)
Questions
138(3)
Questions and Answers
141(6)
Chapter 6 Social Engineering 147(16)
Motivation Techniques
147(1)
Social Engineering Attacks
148(1)
Phishing
149(6)
Email-Based
149(6)
Phone-Based
155(1)
Countermeasures
155(1)
Chapter Review
156(7)
Questions
157(1)
Questions and Answers
158(5)
Chapter 7 Network-Based Attacks 163(42)
Name Resolution Exploits
163(13)
DNS Spoofing and Cache Poisoning
165(4)
Attacking LLMNR and NetBIOS
169(7)
Stress Testing Applications and Protocols
176(3)
Denial of Service Attacks
176(2)
Executing DDoS Attacks
178(1)
Network Packet Manipulation
179(4)
Analyzing and Inspecting Packets
179(2)
Forge and Decode Packets
181(2)
Layer-2 Attacks
183(3)
Attacking the Spanning Tree Protocol
183(1)
VLAN Hopping
184(1)
Bypassing Network Access Controls
185(1)
Attacking Common Protocols
186(12)
Exploiting SNMPv1
186(2)
Poorly Configured File Sharing
188(9)
Abusing SMTP
197(1)
Chapter Review
198(7)
Questions
198(2)
Questions and Answers
200(5)
Chapter 8 Wireless and RF Attacks 205(28)
Wireless Encryption Standards
206(1)
Setting Up a Wireless Testing Lab
206(13)
Cracking WEP
206(6)
Wi-Fi Protected Access (WPA)
212(5)
Cracking WPS
217(2)
Wireless Attacks and Exploitation
219(6)
Man-in-the-Middle Attacks
220(2)
Attacking Bluetooth
222(3)
Chapter Review
225(8)
Questions
226(2)
Questions and Answers
228(5)
Chapter 9 Web and Database Attacks 233(38)
Server-Side Attacks
233(27)
Injection Attacks
233(12)
Attacking Authentication and Session Management
245(6)
Inclusion Attacks
251(2)
Exploiting Security Misconfigurations
253(7)
Client-Side Attacks
260(4)
HTML Injection
261(1)
Cross-Site Scripting
261(2)
Cross-Site Request Forgery
263(1)
Clickjacking
264(1)
Chapter Review
264(7)
Questions
265(2)
Questions and Answers
267(4)
Chapter 10 Attacking Local Host Vulnerabilities 271(74)
OS Vulnerabilities
271(2)
Postexploitation
273(6)
Gain Situational Awareness
273(3)
Collecting Information
276(2)
Exfiltration
278(1)
Privilege Escalation
279(21)
Linux Privilege Escalation
279(6)
Windows Privilege Escalation
285(15)
Exploitable Services
300(18)
Buffer Overflows
300(13)
Unquoted Service Paths
313(5)
Lateral Movement
318(13)
Lateral Movement in Linux
318(10)
Lateral Movement in Windows
328(3)
Maintaining Persistence
331(5)
Covering Your Tracks
333(1)
Clearing Command History
333(1)
Timestomping
334(2)
File Deletion
336(1)
Chapter Review
336(9)
Questions
337(2)
Questions and Answers
339(6)
Chapter 11 Physical Penetration Testing 345(30)
Keeping the Honest People Honest
347(18)
Environmental Threats
347(1)
Physical and Environmental Protection
348(4)
Physical Locks and Security
352(1)
Mechanical Locks
353(7)
Basic Tools and Opening Techniques
360(3)
Alarms and Early Warning Systems
363(2)
Physical Device Security
365(2)
Cold Boot Attack
365(1)
BIOS Attacks
365(2)
USB Keylogger
367(1)
Chapter Review
367(8)
Questions
368(2)
Questions and Answers
370(5)
Chapter 12 Reporting and Communication 375(30)
Writing the Pentest Report
375(23)
Drafting the Report
377(19)
Postengagement Cleanup
396(1)
Report Handling
397(1)
Post-Report Delivery Activities
398(1)
Customer Debriefing
398(1)
Follow-Up Actions
398(1)
Communication Is Key
398(1)
Chapter Review
399(6)
Questions
400(2)
Questions and Answers
402(3)
Appendix About the Online Content 405(4)
Glossary 409(14)
Index 423
Raymond G. Nutting, CompTIA PenTest+, CISSP-ISSEP, is a security practitioner with over 19 years' experience in the field of information security. He is the co-owner and founder of nDepth Security; a managed security service provider that specializes in penetration testing.  Raymond holds numerous industry-recognized certifications and has presented at various conferences and events throughout his career.
Daugiau apie elektronines knygas Daugiau apie elektronines knygas
Pastovi nuoroda: https://www.kriso.lt/db/97812601359542e.html
Raktažodžiai: