GPEN GIAC Certified Penetration Tester All-In-One Exam Guide
This effective study guide provides 100% coverage of every topic on the GPEN GIAC Penetration Tester exam This effective self-study guide fully prepares you for the Global Information Assurance Certification's challenging Penetration Tester exam, which validates advanced IT security skills. The...
| Main Author: | |
|---|---|
| Other Authors: | , |
| Format: | eBook |
| Language: | English |
| Published: |
New York
McGraw-Hill Education
2020
|
| Subjects: | |
| Online Access: | |
| Collection: | O'Reilly - Collection details see MPG.ReNa |
Table of Contents:
- Third-Party Providers
- Chapter Review
- Questions
- Answers
- Chapter 2 Reconnaissance
- Open Source Intelligence
- Organizational Culture
- Social Media Behavior
- Information Technology
- Discovery Methods
- Regional Internet Registries
- Querying DNS Records
- Search Engines
- OSINT Collection Tools
- Metadata Analysis
- Chapter Review
- Questions
- Answers
- Chapter 3 Initial Access
- Exploitation Categories
- Server-Side Exploitation
- Client-Side Exploitation
- Privilege Escalation
- Network Basics and Not-So-Basics
- TCP Three-Way Handshake
- TCP and IP Headers
- Answers
- Chapter 5 Persistence, Privilege Escalation, and Evasion
- Persistence
- Windows Persistence
- Lab 5-1: Scheduled Tasks
- Lab 5-2: Configuring a Callback via Windows Services
- Lab 5-3: Persistence with PowerShell Empire
- Linux Persistence
- Privilege Escalation
- Lab 5-4: Linux Privilege Escalation
- Lab 5-5: Windows Information Gathering and Privilege Escalation
- Evasion
- In Memory vs. On Disk
- Disk Location
- Code Obfuscation
- Lab 5-6: Windows Defender Evasion
- Chapter Review
- Questions
- Answers
- Chapter 6 Credential Access
- Windows Password Types
- Client-Side Attacks
- Lab 3-11: Stored XSS
- Time-Saving Tips
- Chapter Review
- Questions
- Answers
- Chapter 4 Execution
- Command-Line Interface
- Linux CLI
- Windows CLI
- Scripting
- Declaring Methods and Variables
- Looping and Flow Control
- Error and Exception Handling
- Metasploit Framework (MSF)
- MSF Components
- Lab 4-1: Navigating the MSFconsole
- Service-Based Exploitation
- Lab 4-2: Exploiting SMB with Metasploit
- Lab 4-3: Exploiting ProFTPD with Metasploit
- Metasploit Meterpreter
- Lab 4-4: Upgrading to a Meterpreter Shell
- Chapter Review
- Questions
- Scanning and Host Discovery
- Monitoring Network Scans
- Lab 3-1: Using Wireshark
- Nmap Introduction
- Ping Sweeping
- Network Mapping
- Port Scanning
- Vulnerability Scanning
- Lab 3-2: Scanning with Nmap
- Lab 3-3: Vulnerability Scanning with Nessus
- Packet Crafting with Scapy
- Lab 3-4: Scapy Introductory
- Lab 3-5: Evil Scapy Scripting
- Web Application Penetration Testing
- Web Application Vulnerabilities
- Lab 3-6: BeEF Basics
- Lab 3-7: OWASP ZAP
- SQL Injection Attacks
- Lab 3-8: SQLi
- Lab 3-9: Blind SQLi and Sqlmap
- Command Injection
- Lab 3-10: Command Injection
- Cover
- Title Page
- Copyright Page
- Dedication
- Contents
- Acknowledgments
- Introduction
- Objectives Map: GPEN Exam
- Chapter 1 Planning and Preparation
- Penetration Testing Methodologies
- Penetration Testing Execution Standard
- NIST Technical Guide to Information Security Testing and Assessment
- Penetration Testing Framework
- Open Source Security Testing Methodology Manual
- OWASP Web Security Testing Guide
- MITRE ATT&CK
- CAPEC
- Pre-engagement Activities
- Testing Phases
- Rules of Engagement
- Scope
- Other Pre-engagement Documentation