GPEN GIAC Certified Penetration Tester All in One Exam Guide 1st Edition by Raymond Nutting,William MacCormack 9781260456745 1260456749
Original price was: $50.00.$25.00Current price is: $25.00.
GPEN GIAC Certified Penetration Tester All in One Exam Guide 1st Edition by Raymond Nutting,William MacCormack – Ebook PDF Instant Download/Delivery:9781260456745,1260456749
Full download GPEN GIAC Certified Penetration Tester All in One Exam Guide 1st Edition after payment
Product details:
ISBN 10:1260456749
ISBN 13:9781260456745
Author:Raymond Nutting,William MacCormack
This effective study guide provides 100% coverage of every topic on the GPEN GIAC Penetration Tester exam This effective self-study guide fully prepares you for the Global Information Assurance Certification’s challenging Penetration Tester exam, which validates advanced IT security skills. The book features exam-focused coverage of penetration testing methodologies, legal issues, and best practices. GPEN GIAC Certified Penetration Tester All-in-One Exam Guide contains useful tips and tricks, real-world examples, and case studies drawn from authors’ extensive experience. Beyond exam preparation, the book also serves as a valuable on-the-job reference. Covers every topic on the exam, including: Pre-engagement and planning activities Reconnaissance and open source intelligence gathering Scanning, enumerating targets, and identifying vulnerabilities Exploiting targets and privilege escalation Password attacks Post-exploitation activities, including data exfiltration and pivoting PowerShell for penetration testing Web application injection attacks Tools of the trade: Metasploit, proxies, and more Online content includes: 230 accurate practice exam questions Test engine containing full-length practice exams and customizable quizzes
GPEN GIAC Certified Penetration Tester All in One Exam Guide 1st Table of contents:
Chapter 1 Planning and Preparation
Penetration Testing Methodologies
Penetration Testing Execution Standard
NIST Technical Guide to Information Security Testing and Assessment
Penetration Testing Framework
Open Source Security Testing Methodology Manual
OWASP Web Security Testing Guide
MITRE ATT&CK
CAPEC
Pre-engagement Activities
Testing Phases
Rules of Engagement
Scope
Other Pre-engagement Documentation
Third-Party Providers
Chapter Review
Questions
Answers
Chapter 2 Reconnaissance
Open Source Intelligence
Organizational Culture
Social Media Behavior
Information Technology
Discovery Methods
Regional Internet Registries
Querying DNS Records
Search Engines
OSINT Collection Tools
Metadata Analysis
Chapter Review
Questions
Answers
Chapter 3 Initial Access
Exploitation Categories
Server-Side Exploitation
Client-Side Exploitation
Privilege Escalation
Network Basics and Not-So-Basics
TCP Three-Way Handshake
TCP and IP Headers
Scanning and Host Discovery
Monitoring Network Scans
Lab 3-1: Using Wireshark
Nmap Introduction
Ping Sweeping
Network Mapping
Port Scanning
Vulnerability Scanning
Lab 3-2: Scanning with Nmap
Lab 3-3: Vulnerability Scanning with Nessus
Packet Crafting with Scapy
Lab 3-4: Scapy Introductory
Lab 3-5: Evil Scapy Scripting
Web Application Penetration Testing
Web Application Vulnerabilities
Lab 3-6: BeEF Basics
Lab 3-7: OWASP ZAP
SQL Injection Attacks
Lab 3-8: SQLi
Lab 3-9: Blind SQLi and Sqlmap
Command Injection
Lab 3-10: Command Injection
Client-Side Attacks
Lab 3-11: Stored XSS
Time-Saving Tips
Chapter Review
Questions
Answers
Chapter 4 Execution
Command-Line Interface
Linux CLI
Windows CLI
Scripting
Declaring Methods and Variables
Looping and Flow Control
Error and Exception Handling
Metasploit Framework (MSF)
MSF Components
Lab 4-1: Navigating the MSFconsole
Service-Based Exploitation
Lab 4-2: Exploiting SMB with Metasploit
Lab 4-3: Exploiting ProFTPD with Metasploit
Metasploit Meterpreter
Lab 4-4: Upgrading to a Meterpreter Shell
Chapter Review
Questions
Answers
Chapter 5 Persistence, Privilege Escalation, and Evasion
Persistence
Windows Persistence
Lab 5-1: Scheduled Tasks
Lab 5-2: Configuring a Callback via Windows Services
Lab 5-3: Persistence with PowerShell Empire
Linux Persistence
Privilege Escalation
Lab 5-4: Linux Privilege Escalation
Lab 5-5: Windows Information Gathering and Privilege Escalation
Evasion
In Memory vs. On Disk
Disk Location
Code Obfuscation
Lab 5-6: Windows Defender Evasion
Chapter Review
Questions
Answers
Chapter 6 Credential Access
Windows Password Types
NTLM Challenge-Response Protocol
NTLMv1 and LM
NTLMv2
Kerberos
Unix/Linux Password Types
Message-Digest Algorithms
Secure Hash Algorithms
Types of Password Attacks
Password Cracking
John the Ripper
Hashcat
Harvesting Credentials
Exfiltration from the Local Host
Lab 6-1: Extract SAM from the Windows Registry
Lab 6-2: Hashdump
Lab 6-3: Dump Credentials from Memory
Exfil from the Local Network
Lab 6-4: Responder
Chapter Review
Questions
Answers
Chapter 7 Discovery and Lateral Movement
Discovery
Windows Situational Awareness
Lab 7-1: Recon with PowerView
Lab 7-2: Recon with Empire
Lab 7-3: Information Gathering with SharpHound
Linux Situational Awareness
Lateral Movement
Linux Pivoting
Lab 7-4: Port Forwarding
Windows Pivoting
Lab 7-5: Pass-the-Hash
Lab 7-6: Built-in Tools
Lab 7-7: Lateral Movement, Owning the Domain
Chapter Review
Questions
Answers
Chapter 8 Data Collection and Exfiltration
Data Collection
Data from Local System
Data from Information Repositories
Data Exfiltration with Frameworks
Lab 8-1: Exfilling Data with Metasploit
Input and Screen Capture
Clipboard Data
Lab 8-2: Exfilling Data with Empire
Exfilling Sensitive Files
Timestomping
Data Exfiltration with Operating System Tools
Scheduled Transfer
Lab 8-3: Exfilling Data Using Linux Cron Jobs
Lab 8-4: Exfilling Data Using Windows Scheduled Tasks
Chapter Review
Questions
Answers
Chapter 9 Writing and Communicating the Pentest Report
The Pentest Report
Report Writing Best Practices
Preparing to Write the Report
Writing the Report
Report Handling
Chapter Review
Questions
Answers
Appendix A Penetration Testing Tools and References
Credential Testing Tools
Debuggers
Evasion and Code Obfuscation
Networking Tools
Penetration Testing Frameworks
Reconnaissance (OSINT)
Remote Access Tools
Social Engineering Tools
Virtual Machine Software
Vulnerability and Exploitation Research
Vulnerability Scanners
Web and Database Tools
Wireless Testing Tools
Appendix B Setting Up a Basic GPEN Lab
What You Need
Home Base (Host Machine) and Domain Controller
Windows Clients
CentOS VM with Web Apps
Kali Linux Attack VM
Backing Up with VM Snapshots
Metasploitable VMs
Complete Lab Setup
Appendix C Capstone Project
Capstone Tasks
Exercise One: Reconnaissance
Exercise Two: Initial Access
Exercise Three: Exploit Chaining
Exercise Four: Exploit Chaining Redux
Capstone Hints
Exercise One: Reconnaissance
Exercise Two: Initial Access
Exercise Three: Exploit Chaining
Exercise Four: Exploit Chaining Redux
Capstone Walkthrough
Exercise One: Reconnaissance
Exercise Two: Initial Access
Exercise Three: Exploit Chaining
Exercise Four: Exploit Chaining Redux
Appendix D About the Online Content
System Requirements
Your Total Seminars Training Hub Account
Privacy Notice
Single User License Terms and Conditions
TotalTester Online
Other Book Resources
Technical Support
People also search for GPEN GIAC Certified Penetration Tester All in One Exam Guide 1st :
gpen certification cost
giac penetration tester cost
gpen certification salary
gpen giac certified penetration tester all-in-one exam guide
giac penetration tester (gpen) certification
Tags:
Raymond Nutting,William MacCormack,Penetration,Certified,Guide
You may also like…
Computers - Computer Certification & Training
Computers - Security
Computers - Computer Certification & Training
SSCP Systems Security Certified Practitioner all in one exam guide 3rd Edition Gibson
Computers - Networking
Google Cloud Certified Professional Cloud Architect All-in-One Exam Guide 1st Edition Iman Ghanizada
Computers - Computer Certification & Training
Computers - Networking
Computers - Computer Certification & Training
Ccsp Certified Cloud Security Professional All-In-One Exam Guide Daniel Carter
Computers - Programming