GPEN GIAC Certified Penetration Tester All-in-One Exam Guide (2020)
GPEN GIAC Certified Penetration Tester All-in-One Exam Guide (2020) ensures success with step-by-step guidance and test strategies.
Chloe Martinez
Contributor
4.0
46
about 2 months ago
Preview (31 of 768)
Sign in to access the full document!
Contents
1. Cover
2. Title Page
3. Copyright Page
4. Dedication
5. Contents
6. Acknowledgments
7. Introduction
1. Objectives Map: GPEN Exam
8. Chapter 1 Planning and Preparation
1. Penetration Testing Methodologies
1. Penetration Testing Execution Standard
2. NIST Technical Guide to Information Security
Testing and Assessment
3. Penetration Testing Framework
4. Open Source Security Testing Methodology
Manual
5. OWASP Web Security Testing Guide
6. MITRE ATT&CK
7. CAPEC
2. Pre-engagement Activities
1. Testing Phases
2. Rules of Engagement
3. Scope
4. Other Pre-engagement Documentation
5. Third-Party Providers
3. Chapter Review
1. Questions
1. Cover
2. Title Page
3. Copyright Page
4. Dedication
5. Contents
6. Acknowledgments
7. Introduction
1. Objectives Map: GPEN Exam
8. Chapter 1 Planning and Preparation
1. Penetration Testing Methodologies
1. Penetration Testing Execution Standard
2. NIST Technical Guide to Information Security
Testing and Assessment
3. Penetration Testing Framework
4. Open Source Security Testing Methodology
Manual
5. OWASP Web Security Testing Guide
6. MITRE ATT&CK
7. CAPEC
2. Pre-engagement Activities
1. Testing Phases
2. Rules of Engagement
3. Scope
4. Other Pre-engagement Documentation
5. Third-Party Providers
3. Chapter Review
1. Questions
Contents
1. Cover
2. Title Page
3. Copyright Page
4. Dedication
5. Contents
6. Acknowledgments
7. Introduction
1. Objectives Map: GPEN Exam
8. Chapter 1 Planning and Preparation
1. Penetration Testing Methodologies
1. Penetration Testing Execution Standard
2. NIST Technical Guide to Information Security
Testing and Assessment
3. Penetration Testing Framework
4. Open Source Security Testing Methodology
Manual
5. OWASP Web Security Testing Guide
6. MITRE ATT&CK
7. CAPEC
2. Pre-engagement Activities
1. Testing Phases
2. Rules of Engagement
3. Scope
4. Other Pre-engagement Documentation
5. Third-Party Providers
3. Chapter Review
1. Questions
1. Cover
2. Title Page
3. Copyright Page
4. Dedication
5. Contents
6. Acknowledgments
7. Introduction
1. Objectives Map: GPEN Exam
8. Chapter 1 Planning and Preparation
1. Penetration Testing Methodologies
1. Penetration Testing Execution Standard
2. NIST Technical Guide to Information Security
Testing and Assessment
3. Penetration Testing Framework
4. Open Source Security Testing Methodology
Manual
5. OWASP Web Security Testing Guide
6. MITRE ATT&CK
7. CAPEC
2. Pre-engagement Activities
1. Testing Phases
2. Rules of Engagement
3. Scope
4. Other Pre-engagement Documentation
5. Third-Party Providers
3. Chapter Review
1. Questions
2. Answers
9. Chapter 2 Reconnaissance
1. Open Source Intelligence
1. Organizational Culture
2. Social Media Behavior
3. Information Technology
2. Discovery Methods
1. Regional Internet Registries
2. Querying DNS Records
3. Search Engines
4. OSINT Collection Tools
5. Metadata Analysis
3. Chapter Review
1. Questions
2. Answers
10. Chapter 3 Initial Access
1. Exploitation Categories
1. Server-Side Exploitation
2. Client-Side Exploitation
3. Privilege Escalation
2. Network Basics and Not-So-Basics
1. TCP Three-Way Handshake
2. TCP and IP Headers
3. Scanning and Host Discovery
1. Monitoring Network Scans
2. Lab 3-1: Using Wireshark
9. Chapter 2 Reconnaissance
1. Open Source Intelligence
1. Organizational Culture
2. Social Media Behavior
3. Information Technology
2. Discovery Methods
1. Regional Internet Registries
2. Querying DNS Records
3. Search Engines
4. OSINT Collection Tools
5. Metadata Analysis
3. Chapter Review
1. Questions
2. Answers
10. Chapter 3 Initial Access
1. Exploitation Categories
1. Server-Side Exploitation
2. Client-Side Exploitation
3. Privilege Escalation
2. Network Basics and Not-So-Basics
1. TCP Three-Way Handshake
2. TCP and IP Headers
3. Scanning and Host Discovery
1. Monitoring Network Scans
2. Lab 3-1: Using Wireshark
Loading page 4...
3. Nmap Introduction
4. Ping Sweeping
5. Network Mapping
6. Port Scanning
7. Vulnerability Scanning
8. Lab 3-2: Scanning with Nmap
9. Lab 3-3: Vulnerability Scanning with Nessus
4. Packet Crafting with Scapy
1. Lab 3-4: Scapy Introductory
2. Lab 3-5: Evil Scapy Scripting
5. Web Application Penetration Testing
1. Web Application Vulnerabilities
2. Lab 3-6: BeEF Basics
3. Lab 3-7: OWASP ZAP
4. SQL Injection Attacks
5. Lab 3-8: SQLi
6. Lab 3-9: Blind SQLi and Sqlmap
7. Command Injection
8. Lab 3-10: Command Injection
9. Client-Side Attacks
10. Lab 3-11: Stored XSS
6. Time-Saving Tips
7. Chapter Review
1. Questions
2. Answers
11. Chapter 4 Execution
1. Command-Line Interface
1. Linux CLI
2. Windows CLI
2. Scripting
4. Ping Sweeping
5. Network Mapping
6. Port Scanning
7. Vulnerability Scanning
8. Lab 3-2: Scanning with Nmap
9. Lab 3-3: Vulnerability Scanning with Nessus
4. Packet Crafting with Scapy
1. Lab 3-4: Scapy Introductory
2. Lab 3-5: Evil Scapy Scripting
5. Web Application Penetration Testing
1. Web Application Vulnerabilities
2. Lab 3-6: BeEF Basics
3. Lab 3-7: OWASP ZAP
4. SQL Injection Attacks
5. Lab 3-8: SQLi
6. Lab 3-9: Blind SQLi and Sqlmap
7. Command Injection
8. Lab 3-10: Command Injection
9. Client-Side Attacks
10. Lab 3-11: Stored XSS
6. Time-Saving Tips
7. Chapter Review
1. Questions
2. Answers
11. Chapter 4 Execution
1. Command-Line Interface
1. Linux CLI
2. Windows CLI
2. Scripting
Loading page 5...
1. Declaring Methods and Variables
2. Looping and Flow Control
3. Error and Exception Handling
3. Metasploit Framework (MSF)
1. MSF Components
2. Lab 4-1: Navigating the MSFconsole
3. Service-Based Exploitation
4. Lab 4-2: Exploiting SMB with Metasploit
5. Lab 4-3: Exploiting ProFTPD with Metasploit
6. Metasploit Meterpreter
7. Lab 4-4: Upgrading to a Meterpreter Shell
4. Chapter Review
1. Questions
2. Answers
12. Chapter 5 Persistence, Privilege Escalation, and Evasion
1. Persistence
1. Windows Persistence
2. Lab 5-1: Scheduled Tasks
3. Lab 5-2: Configuring a Callback via Windows
Services
4. Lab 5-3: Persistence with PowerShell Empire
5. Linux Persistence
6. Privilege Escalation
7. Lab 5-4: Linux Privilege Escalation
8. Lab 5-5: Windows Information Gathering and
Privilege Escalation
2. Evasion
1. In Memory vs. On Disk
2. Disk Location
3. Code Obfuscation
4. Lab 5-6: Windows Defender Evasion
2. Looping and Flow Control
3. Error and Exception Handling
3. Metasploit Framework (MSF)
1. MSF Components
2. Lab 4-1: Navigating the MSFconsole
3. Service-Based Exploitation
4. Lab 4-2: Exploiting SMB with Metasploit
5. Lab 4-3: Exploiting ProFTPD with Metasploit
6. Metasploit Meterpreter
7. Lab 4-4: Upgrading to a Meterpreter Shell
4. Chapter Review
1. Questions
2. Answers
12. Chapter 5 Persistence, Privilege Escalation, and Evasion
1. Persistence
1. Windows Persistence
2. Lab 5-1: Scheduled Tasks
3. Lab 5-2: Configuring a Callback via Windows
Services
4. Lab 5-3: Persistence with PowerShell Empire
5. Linux Persistence
6. Privilege Escalation
7. Lab 5-4: Linux Privilege Escalation
8. Lab 5-5: Windows Information Gathering and
Privilege Escalation
2. Evasion
1. In Memory vs. On Disk
2. Disk Location
3. Code Obfuscation
4. Lab 5-6: Windows Defender Evasion
Loading page 6...
3. Chapter Review
1. Questions
2. Answers
13. Chapter 6 Credential Access
1. Windows Password Types
1. NTLM Challenge-Response Protocol
2. NTLMv1 and LM
3. NTLMv2
4. Kerberos
2. Unix/Linux Password Types
1. Message-Digest Algorithms
2. Secure Hash Algorithms
3. Types of Password Attacks
4. Password Cracking
1. John the Ripper
2. Hashcat
5. Harvesting Credentials
1. Exfiltration from the Local Host
2. Lab 6-1: Extract SAM from the Windows Registry
3. Lab 6-2: Hashdump
4. Lab 6-3: Dump Credentials from Memory
5. Exfil from the Local Network
6. Lab 6-4: Responder
6. Chapter Review
1. Questions
2. Answers
14. Chapter 7 Discovery and Lateral Movement
1. Questions
2. Answers
13. Chapter 6 Credential Access
1. Windows Password Types
1. NTLM Challenge-Response Protocol
2. NTLMv1 and LM
3. NTLMv2
4. Kerberos
2. Unix/Linux Password Types
1. Message-Digest Algorithms
2. Secure Hash Algorithms
3. Types of Password Attacks
4. Password Cracking
1. John the Ripper
2. Hashcat
5. Harvesting Credentials
1. Exfiltration from the Local Host
2. Lab 6-1: Extract SAM from the Windows Registry
3. Lab 6-2: Hashdump
4. Lab 6-3: Dump Credentials from Memory
5. Exfil from the Local Network
6. Lab 6-4: Responder
6. Chapter Review
1. Questions
2. Answers
14. Chapter 7 Discovery and Lateral Movement
Loading page 7...
1. Discovery
1. Windows Situational Awareness
2. Lab 7-1: Recon with PowerView
3. Lab 7-2: Recon with Empire
4. Lab 7-3: Information Gathering with SharpHound
5. Linux Situational Awareness
2. Lateral Movement
1. Linux Pivoting
2. Lab 7-4: Port Forwarding
3. Windows Pivoting
4. Lab 7-5: Pass-the-Hash
5. Lab 7-6: Built-in Tools
6. Lab 7-7: Lateral Movement, Owning the Domain
3. Chapter Review
1. Questions
2. Answers
15. Chapter 8 Data Collection and Exfiltration
1. Data Collection
1. Data from Local System
2. Data from Information Repositories
2. Data Exfiltration with Frameworks
1. Lab 8-1: Exfilling Data with Metasploit
2. Input and Screen Capture
3. Clipboard Data
4. Lab 8-2: Exfilling Data with Empire
5. Exfilling Sensitive Files
6. Timestomping
3. Data Exfiltration with Operating System Tools
1. Windows Situational Awareness
2. Lab 7-1: Recon with PowerView
3. Lab 7-2: Recon with Empire
4. Lab 7-3: Information Gathering with SharpHound
5. Linux Situational Awareness
2. Lateral Movement
1. Linux Pivoting
2. Lab 7-4: Port Forwarding
3. Windows Pivoting
4. Lab 7-5: Pass-the-Hash
5. Lab 7-6: Built-in Tools
6. Lab 7-7: Lateral Movement, Owning the Domain
3. Chapter Review
1. Questions
2. Answers
15. Chapter 8 Data Collection and Exfiltration
1. Data Collection
1. Data from Local System
2. Data from Information Repositories
2. Data Exfiltration with Frameworks
1. Lab 8-1: Exfilling Data with Metasploit
2. Input and Screen Capture
3. Clipboard Data
4. Lab 8-2: Exfilling Data with Empire
5. Exfilling Sensitive Files
6. Timestomping
3. Data Exfiltration with Operating System Tools
Loading page 8...
1. Scheduled Transfer
2. Lab 8-3: Exfilling Data Using Linux Cron Jobs
3. Lab 8-4: Exfilling Data Using Windows Scheduled
Tasks
4. Chapter Review
1. Questions
2. Answers
16. Chapter 9 Writing and Communicating the Pentest Report
1. The Pentest Report
1. Report Writing Best Practices
2. Preparing to Write the Report
3. Writing the Report
2. Report Handling
3. Chapter Review
1. Questions
2. Answers
17. Appendix A Penetration Testing Tools and References
1. Credential Testing Tools
2. Debuggers
3. Evasion and Code Obfuscation
4. Networking Tools
5. Penetration Testing Frameworks
6. Reconnaissance (OSINT)
7. Remote Access Tools
8. Social Engineering Tools
9. Virtual Machine Software
10. Vulnerability and Exploitation Research
11. Vulnerability Scanners
12. Web and Database Tools
13. Wireless Testing Tools
18. Appendix B Setting Up a Basic GPEN Lab
2. Lab 8-3: Exfilling Data Using Linux Cron Jobs
3. Lab 8-4: Exfilling Data Using Windows Scheduled
Tasks
4. Chapter Review
1. Questions
2. Answers
16. Chapter 9 Writing and Communicating the Pentest Report
1. The Pentest Report
1. Report Writing Best Practices
2. Preparing to Write the Report
3. Writing the Report
2. Report Handling
3. Chapter Review
1. Questions
2. Answers
17. Appendix A Penetration Testing Tools and References
1. Credential Testing Tools
2. Debuggers
3. Evasion and Code Obfuscation
4. Networking Tools
5. Penetration Testing Frameworks
6. Reconnaissance (OSINT)
7. Remote Access Tools
8. Social Engineering Tools
9. Virtual Machine Software
10. Vulnerability and Exploitation Research
11. Vulnerability Scanners
12. Web and Database Tools
13. Wireless Testing Tools
18. Appendix B Setting Up a Basic GPEN Lab
Loading page 9...
1. What You Need
2. Home Base (Host Machine) and Domain Controller
3. Windows Clients
4. CentOS VM with Web Apps
5. Kali Linux Attack VM
6. Backing Up with VM Snapshots
7. Metasploitable VMs
8. Complete Lab Setup
19. Appendix C Capstone Project
1. Capstone Tasks
2. Exercise One: Reconnaissance
3. Exercise Two: Initial Access
4. Exercise Three: Exploit Chaining
5. Exercise Four: Exploit Chaining Redux
6. Capstone Hints
7. Exercise One: Reconnaissance
8. Exercise Two: Initial Access
9. Exercise Three: Exploit Chaining
10. Exercise Four: Exploit Chaining Redux
11. Capstone Walkthrough
12. Exercise One: Reconnaissance
13. Exercise Two: Initial Access
14. Exercise Three: Exploit Chaining
15. Exercise Four: Exploit Chaining Redux
20. Appendix D About the Online Content
1. System Requirements
2. Your Total Seminars Training Hub Account
3. Privacy Notice
4. Single User License Terms and Conditions
5. TotalTester Online
6. Other Book Resources
7. Technical Support
21. Glossary
22. Index
2. Home Base (Host Machine) and Domain Controller
3. Windows Clients
4. CentOS VM with Web Apps
5. Kali Linux Attack VM
6. Backing Up with VM Snapshots
7. Metasploitable VMs
8. Complete Lab Setup
19. Appendix C Capstone Project
1. Capstone Tasks
2. Exercise One: Reconnaissance
3. Exercise Two: Initial Access
4. Exercise Three: Exploit Chaining
5. Exercise Four: Exploit Chaining Redux
6. Capstone Hints
7. Exercise One: Reconnaissance
8. Exercise Two: Initial Access
9. Exercise Three: Exploit Chaining
10. Exercise Four: Exploit Chaining Redux
11. Capstone Walkthrough
12. Exercise One: Reconnaissance
13. Exercise Two: Initial Access
14. Exercise Three: Exploit Chaining
15. Exercise Four: Exploit Chaining Redux
20. Appendix D About the Online Content
1. System Requirements
2. Your Total Seminars Training Hub Account
3. Privacy Notice
4. Single User License Terms and Conditions
5. TotalTester Online
6. Other Book Resources
7. Technical Support
21. Glossary
22. Index
Loading page 10...
Guide
1. Cover
2. Title Page
3. GPEN GIAC® Certified Penetration Tester All-in-One Exam Guide
Page List
1. i
2. ii
3. iii
4. iv
5. v
6. vi
7. vii
8. viii
9. ix
10. x
11. xi
12. xii
13. xiii
14. xiv
15. xv
16. xvii
17. xviii
18. xix
19. xx
20. xxi
21. xxiii
22. xxiv
23. xv
24. 1
25. 2
26. 3
27. 4
28. 5
29. 6
30. 7
31. 8
1. Cover
2. Title Page
3. GPEN GIAC® Certified Penetration Tester All-in-One Exam Guide
Page List
1. i
2. ii
3. iii
4. iv
5. v
6. vi
7. vii
8. viii
9. ix
10. x
11. xi
12. xii
13. xiii
14. xiv
15. xv
16. xvii
17. xviii
18. xix
19. xx
20. xxi
21. xxiii
22. xxiv
23. xv
24. 1
25. 2
26. 3
27. 4
28. 5
29. 6
30. 7
31. 8
Loading page 11...
32. 9
33. 10
34. 11
35. 12
36. 13
37. 14
38. 15
39. 16
40. 17
41. 18
42. 19
43. 20
44. 21
45. 22
46. 23
47. 24
48. 25
49. 26
50. 27
51. 28
52. 29
53. 30
54. 31
55. 32
56. 33
57. 34
58. 35
59. 36
60. 37
61. 38
62. 39
63. 40
64. 41
65. 42
66. 43
67. 44
68. 45
69. 46
70. 47
71. 48
72. 49
73. 50
74. 51
33. 10
34. 11
35. 12
36. 13
37. 14
38. 15
39. 16
40. 17
41. 18
42. 19
43. 20
44. 21
45. 22
46. 23
47. 24
48. 25
49. 26
50. 27
51. 28
52. 29
53. 30
54. 31
55. 32
56. 33
57. 34
58. 35
59. 36
60. 37
61. 38
62. 39
63. 40
64. 41
65. 42
66. 43
67. 44
68. 45
69. 46
70. 47
71. 48
72. 49
73. 50
74. 51
Loading page 12...
75. 52
76. 53
77. 54
78. 55
79. 56
80. 57
81. 58
82. 59
83. 60
84. 61
85. 62
86. 63
87. 64
88. 65
89. 66
90. 67
91. 68
92. 69
93. 70
94. 71
95. 72
96. 73
97. 74
98. 75
99. 76
100. 77
101. 78
102. 79
103. 80
104. 81
105. 82
106. 83
107. 84
108. 85
109. 86
110. 87
111. 88
112. 89
113. 90
114. 91
115. 92
116. 93
117. 94
76. 53
77. 54
78. 55
79. 56
80. 57
81. 58
82. 59
83. 60
84. 61
85. 62
86. 63
87. 64
88. 65
89. 66
90. 67
91. 68
92. 69
93. 70
94. 71
95. 72
96. 73
97. 74
98. 75
99. 76
100. 77
101. 78
102. 79
103. 80
104. 81
105. 82
106. 83
107. 84
108. 85
109. 86
110. 87
111. 88
112. 89
113. 90
114. 91
115. 92
116. 93
117. 94
Loading page 13...
118. 95
119. 96
120. 97
121. 98
122. 99
123. 100
124. 101
125. 102
126. 103
127. 104
128. 105
129. 106
130. 107
131. 108
132. 109
133. 110
134. 111
135. 112
136. 113
137. 114
138. 115
139. 116
140. 117
141. 118
142. 119
143. 120
144. 121
145. 122
146. 123
147. 124
148. 125
149. 126
150. 127
151. 128
152. 129
153. 130
154. 131
155. 132
156. 133
157. 134
158. 135
159. 136
160. 137
119. 96
120. 97
121. 98
122. 99
123. 100
124. 101
125. 102
126. 103
127. 104
128. 105
129. 106
130. 107
131. 108
132. 109
133. 110
134. 111
135. 112
136. 113
137. 114
138. 115
139. 116
140. 117
141. 118
142. 119
143. 120
144. 121
145. 122
146. 123
147. 124
148. 125
149. 126
150. 127
151. 128
152. 129
153. 130
154. 131
155. 132
156. 133
157. 134
158. 135
159. 136
160. 137
Loading page 14...
161. 138
162. 139
163. 140
164. 141
165. 142
166. 143
167. 144
168. 145
169. 146
170. 147
171. 148
172. 149
173. 150
174. 151
175. 152
176. 153
177. 154
178. 155
179. 156
180. 157
181. 158
182. 159
183. 160
184. 161
185. 162
186. 163
187. 164
188. 165
189. 166
190. 167
191. 168
192. 169
193. 170
194. 171
195. 172
196. 173
197. 174
198. 175
199. 176
200. 177
201. 178
202. 179
203. 180
162. 139
163. 140
164. 141
165. 142
166. 143
167. 144
168. 145
169. 146
170. 147
171. 148
172. 149
173. 150
174. 151
175. 152
176. 153
177. 154
178. 155
179. 156
180. 157
181. 158
182. 159
183. 160
184. 161
185. 162
186. 163
187. 164
188. 165
189. 166
190. 167
191. 168
192. 169
193. 170
194. 171
195. 172
196. 173
197. 174
198. 175
199. 176
200. 177
201. 178
202. 179
203. 180
Loading page 15...
204. 181
205. 182
206. 183
207. 184
208. 185
209. 186
210. 187
211. 188
212. 189
213. 190
214. 191
215. 192
216. 193
217. 194
218. 195
219. 196
220. 197
221. 198
222. 199
223. 200
224. 201
225. 202
226. 203
227. 204
228. 205
229. 206
230. 207
231. 208
232. 209
233. 210
234. 211
235. 212
236. 213
237. 214
238. 215
239. 216
240. 217
241. 218
242. 219
243. 220
244. 221
245. 222
246. 223
205. 182
206. 183
207. 184
208. 185
209. 186
210. 187
211. 188
212. 189
213. 190
214. 191
215. 192
216. 193
217. 194
218. 195
219. 196
220. 197
221. 198
222. 199
223. 200
224. 201
225. 202
226. 203
227. 204
228. 205
229. 206
230. 207
231. 208
232. 209
233. 210
234. 211
235. 212
236. 213
237. 214
238. 215
239. 216
240. 217
241. 218
242. 219
243. 220
244. 221
245. 222
246. 223
Loading page 16...
247. 224
248. 225
249. 226
250. 227
251. 228
252. 229
253. 230
254. 231
255. 232
256. 233
257. 234
258. 235
259. 236
260. 237
261. 238
262. 239
263. 240
264. 241
265. 242
266. 243
267. 244
268. 245
269. 246
270. 247
271. 248
272. 249
273. 250
274. 251
275. 252
276. 253
277. 254
278. 255
279. 256
280. 257
281. 258
282. 259
283. 260
284. 261
285. 262
286. 263
287. 264
288. 265
289. 266
248. 225
249. 226
250. 227
251. 228
252. 229
253. 230
254. 231
255. 232
256. 233
257. 234
258. 235
259. 236
260. 237
261. 238
262. 239
263. 240
264. 241
265. 242
266. 243
267. 244
268. 245
269. 246
270. 247
271. 248
272. 249
273. 250
274. 251
275. 252
276. 253
277. 254
278. 255
279. 256
280. 257
281. 258
282. 259
283. 260
284. 261
285. 262
286. 263
287. 264
288. 265
289. 266
Loading page 17...
290. 267
291. 268
292. 269
293. 270
294. 271
295. 272
296. 273
297. 274
298. 275
299. 276
300. 277
301. 278
302. 279
303. 280
304. 281
305. 283
306. 284
307. 285
308. 286
309. 282
310. 287
311. 288
312. 289
313. 290
314. 291
315. 292
316. 293
317. 294
318. 295
319. 296
320. 297
321. 298
322. 299
323. 300
324. 301
325. 302
326. 303
327. 304
328. 305
329. 306
330. 307
331. 308
332. 309
291. 268
292. 269
293. 270
294. 271
295. 272
296. 273
297. 274
298. 275
299. 276
300. 277
301. 278
302. 279
303. 280
304. 281
305. 283
306. 284
307. 285
308. 286
309. 282
310. 287
311. 288
312. 289
313. 290
314. 291
315. 292
316. 293
317. 294
318. 295
319. 296
320. 297
321. 298
322. 299
323. 300
324. 301
325. 302
326. 303
327. 304
328. 305
329. 306
330. 307
331. 308
332. 309
Loading page 18...
333. 310
334. 311
335. 312
336. 313
337. 314
338. 315
339. 316
340. 317
341. 318
342. 319
343. 320
344. 321
345. 322
346. 323
347. 324
348. 325
349. 326
350. 327
351. 328
352. 329
353. 330
354. 331
355. 332
356. 333
357. 334
358. 335
359. 336
360. 337
361. 338
362. 339
363. 340
364. 341
365. 342
366. 343
367. 344
368. 345
369. 346
370. 347
371. 348
372. 349
373. 350
374. 351
375. 352
334. 311
335. 312
336. 313
337. 314
338. 315
339. 316
340. 317
341. 318
342. 319
343. 320
344. 321
345. 322
346. 323
347. 324
348. 325
349. 326
350. 327
351. 328
352. 329
353. 330
354. 331
355. 332
356. 333
357. 334
358. 335
359. 336
360. 337
361. 338
362. 339
363. 340
364. 341
365. 342
366. 343
367. 344
368. 345
369. 346
370. 347
371. 348
372. 349
373. 350
374. 351
375. 352
Loading page 19...
376. 353
377. 354
378. 355
379. 356
380. 357
381. 358
382. 359
383. 360
384. 361
385. 362
386. 363
387. 364
388. 365
389. 366
390. 367
391. 368
392. 369
393. 370
394. 371
395. 372
396. 373
397. 374
398. 375
399. 376
400. 377
401. 378
402. 379
403. 380
404. 381
405. 382
406. 383
407. 384
408. 385
409. 386
410. 387
411. 388
412. 389
413. 390
414. 391
415. 392
416. 393
417. 394
418. 395
377. 354
378. 355
379. 356
380. 357
381. 358
382. 359
383. 360
384. 361
385. 362
386. 363
387. 364
388. 365
389. 366
390. 367
391. 368
392. 369
393. 370
394. 371
395. 372
396. 373
397. 374
398. 375
399. 376
400. 377
401. 378
402. 379
403. 380
404. 381
405. 382
406. 383
407. 384
408. 385
409. 386
410. 387
411. 388
412. 389
413. 390
414. 391
415. 392
416. 393
417. 394
418. 395
Loading page 20...
419. 396
420. 397
421. 398
422. 399
423. 400
424. 401
425. 402
426. 403
427. 404
428. 405
429. 406
430. 407
431. 408
432. 409
433. 410
434. 411
435. 412
436. 413
437. 414
438. 415
439. 416
440. 417
441. 418
442. 419
443. 420
444. 421
445. 422
446. 423
447. 424
448. 425
449. 426
450. 427
451. 428
452. 429
453. 430
454. 431
455. 432
456. 433
457. 434
458. 435
459. 436
460. 437
461. 438
420. 397
421. 398
422. 399
423. 400
424. 401
425. 402
426. 403
427. 404
428. 405
429. 406
430. 407
431. 408
432. 409
433. 410
434. 411
435. 412
436. 413
437. 414
438. 415
439. 416
440. 417
441. 418
442. 419
443. 420
444. 421
445. 422
446. 423
447. 424
448. 425
449. 426
450. 427
451. 428
452. 429
453. 430
454. 431
455. 432
456. 433
457. 434
458. 435
459. 436
460. 437
461. 438
Loading page 21...
462. 439
463. 440
464. 441
465. 442
466. 443
467. 444
468. 445
469. 446
470. 447
471. 448
472. 449
473. 450
474. 451
475. 452
476. 453
477. 454
478. 455
479. 456
463. 440
464. 441
465. 442
466. 443
467. 444
468. 445
469. 446
470. 447
471. 448
472. 449
473. 450
474. 451
475. 452
476. 453
477. 454
478. 455
479. 456
Loading page 22...
ABOUT THE AUTHORS
Ray Nutting is a security practitioner with over 20 years’
experience in the field of information security. He is the co-
owner and founder of nDepth Security, a managed security
service provider that specializes in penetration testing. He
graduated magna cum laude with a degree in computer
information systems and a concentration in information
systems security. He holds numerous industry-recognized
certifications, including the ISC CISSP and ISSEP, the EC-
Council C|EH v5, and the CompTIA Pentest+, and has
presented at various conferences and events throughout his
career.
Bill MacCormack is a reformed systems administrator who
has worked in IT for over 15 years, and is currently a
penetration tester for a small cybersecurity firm located in
Columbia, Maryland. He currently teaches penetration testing
at a local community college and in his free time mentors high
school students beginning their cybersecurity educations. He
holds the GIAC GPEN and GSE certifications, as well as other
industry-recognized certifications. He lurks on Twitter
@n00b_haxor.
ABOUT THE TECHNICAL EDITOR
R. Chris Furtick is a passionate leader and cybersecurity
subject matter expert who holds various industry-recognized
certifications, including CISSP, GPEN, and others. Chris’s
technical experience and business acumen allow him to bring a
consultative voice to all situations and help him bridge the gap
between technology and business outcomes. Chris is a regularly
2
Ray Nutting is a security practitioner with over 20 years’
experience in the field of information security. He is the co-
owner and founder of nDepth Security, a managed security
service provider that specializes in penetration testing. He
graduated magna cum laude with a degree in computer
information systems and a concentration in information
systems security. He holds numerous industry-recognized
certifications, including the ISC CISSP and ISSEP, the EC-
Council C|EH v5, and the CompTIA Pentest+, and has
presented at various conferences and events throughout his
career.
Bill MacCormack is a reformed systems administrator who
has worked in IT for over 15 years, and is currently a
penetration tester for a small cybersecurity firm located in
Columbia, Maryland. He currently teaches penetration testing
at a local community college and in his free time mentors high
school students beginning their cybersecurity educations. He
holds the GIAC GPEN and GSE certifications, as well as other
industry-recognized certifications. He lurks on Twitter
@n00b_haxor.
ABOUT THE TECHNICAL EDITOR
R. Chris Furtick is a passionate leader and cybersecurity
subject matter expert who holds various industry-recognized
certifications, including CISSP, GPEN, and others. Chris’s
technical experience and business acumen allow him to bring a
consultative voice to all situations and help him bridge the gap
between technology and business outcomes. Chris is a regularly
2
Loading page 23...
featured speaker at area conferences and mentors members of
his team to do the same.
his team to do the same.
Loading page 24...
Loading page 25...
Loading page 26...
Loading page 27...
Copyright © 2021 by McGraw Hill. All rights reserved. Except
as permitted under the United States Copyright Act of 1976, no
part of this publication may be reproduced or distributed in any
form or by any means, or stored in a database or retrieval
system, without the prior written permission of the publisher.
ISBN: 978-1-26-045675-2
MHID: 1-26-045675-7
The material in this eBook also appears in the print version of
this title: ISBN: 978-1-26-045674-5, MHID: 1-26-045674-9.
eBook conversion by codeMantra
Version 1.0
All trademarks are trademarks of their respective owners.
Rather than put a trademark symbol after every occurrence of a
trademarked name, we use names in an editorial fashion only,
and to the benefit of the trademark owner, with no intention of
infringement of the trademark. Where such designations appear
in this book, they have been printed with initial caps.
McGraw-Hill Education eBooks are available at special quantity
discounts to use as premiums and sales promotions or for use in
corporate training programs. To contact a representative, please
visit the Contact Us page at www.mhprofessional.com.
Information has been obtained by McGraw Hill from sources
believed to be reliable. However, because of the possibility of
human or mechanical error by our sources, McGraw Hill, or
others, McGraw Hill does not guarantee the accuracy, adequacy,
or completeness of any information and is not responsible for
any errors or omissions or the results obtained from the use of
such information.
TERMS OF USE
as permitted under the United States Copyright Act of 1976, no
part of this publication may be reproduced or distributed in any
form or by any means, or stored in a database or retrieval
system, without the prior written permission of the publisher.
ISBN: 978-1-26-045675-2
MHID: 1-26-045675-7
The material in this eBook also appears in the print version of
this title: ISBN: 978-1-26-045674-5, MHID: 1-26-045674-9.
eBook conversion by codeMantra
Version 1.0
All trademarks are trademarks of their respective owners.
Rather than put a trademark symbol after every occurrence of a
trademarked name, we use names in an editorial fashion only,
and to the benefit of the trademark owner, with no intention of
infringement of the trademark. Where such designations appear
in this book, they have been printed with initial caps.
McGraw-Hill Education eBooks are available at special quantity
discounts to use as premiums and sales promotions or for use in
corporate training programs. To contact a representative, please
visit the Contact Us page at www.mhprofessional.com.
Information has been obtained by McGraw Hill from sources
believed to be reliable. However, because of the possibility of
human or mechanical error by our sources, McGraw Hill, or
others, McGraw Hill does not guarantee the accuracy, adequacy,
or completeness of any information and is not responsible for
any errors or omissions or the results obtained from the use of
such information.
TERMS OF USE
Loading page 28...
This is a copyrighted work and McGraw-Hill Education and its
licensors reserve all rights in and to the work. Use of this work
is subject to these terms. Except as permitted under the
Copyright Act of 1976 and the right to store and retrieve one
copy of the work, you may not decompile, disassemble, reverse
engineer, reproduce, modify, create derivative works based
upon, transmit, distribute, disseminate, sell, publish or
sublicense the work or any part of it without McGraw-Hill
Education’s prior consent. You may use the work for your own
noncommercial and personal use; any other use of the work is
strictly prohibited. Your right to use the work may be
terminated if you fail to comply with these terms.
THE WORK IS PROVIDED “AS IS.” McGRAW-HILL
EDUCATION AND ITS LICENSORS MAKE NO GUARANTEES
OR WARRANTIES AS TO THE ACCURACY, ADEQUACY OR
COMPLETENESS OF OR RESULTS TO BE OBTAINED FROM
USING THE WORK, INCLUDING ANY INFORMATION THAT
CAN BE ACCESSED THROUGH THE WORK VIA HYPERLINK
OR OTHERWISE, AND EXPRESSLY DISCLAIM ANY
WARRANTY, EXPRESS OR IMPLIED, INCLUDING BUT NOT
LIMITED TO IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR
PURPOSE. McGraw-Hill Education and its licensors do not
warrant or guarantee that the functions contained in the work
will meet your requirements or that its operation will be
uninterrupted or error free. Neither McGraw-Hill Education
nor its licensors shall be liable to you or anyone else for any
inaccuracy, error or omission, regardless of cause, in the work
or for any damages resulting therefrom. McGraw-Hill
Education has no responsibility for the content of any
information accessed through the work. Under no
circumstances shall McGraw-Hill Education and/or its licensors
be liable for any indirect, incidental, special, punitive,
consequential or similar damages that result from the use of or
inability to use the work, even if any of them has been advised of
licensors reserve all rights in and to the work. Use of this work
is subject to these terms. Except as permitted under the
Copyright Act of 1976 and the right to store and retrieve one
copy of the work, you may not decompile, disassemble, reverse
engineer, reproduce, modify, create derivative works based
upon, transmit, distribute, disseminate, sell, publish or
sublicense the work or any part of it without McGraw-Hill
Education’s prior consent. You may use the work for your own
noncommercial and personal use; any other use of the work is
strictly prohibited. Your right to use the work may be
terminated if you fail to comply with these terms.
THE WORK IS PROVIDED “AS IS.” McGRAW-HILL
EDUCATION AND ITS LICENSORS MAKE NO GUARANTEES
OR WARRANTIES AS TO THE ACCURACY, ADEQUACY OR
COMPLETENESS OF OR RESULTS TO BE OBTAINED FROM
USING THE WORK, INCLUDING ANY INFORMATION THAT
CAN BE ACCESSED THROUGH THE WORK VIA HYPERLINK
OR OTHERWISE, AND EXPRESSLY DISCLAIM ANY
WARRANTY, EXPRESS OR IMPLIED, INCLUDING BUT NOT
LIMITED TO IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR
PURPOSE. McGraw-Hill Education and its licensors do not
warrant or guarantee that the functions contained in the work
will meet your requirements or that its operation will be
uninterrupted or error free. Neither McGraw-Hill Education
nor its licensors shall be liable to you or anyone else for any
inaccuracy, error or omission, regardless of cause, in the work
or for any damages resulting therefrom. McGraw-Hill
Education has no responsibility for the content of any
information accessed through the work. Under no
circumstances shall McGraw-Hill Education and/or its licensors
be liable for any indirect, incidental, special, punitive,
consequential or similar damages that result from the use of or
inability to use the work, even if any of them has been advised of
Loading page 29...
the possibility of such damages. This limitation of liability shall
apply to any claim or cause whatsoever whether such claim or
cause arises in contract, tort or otherwise.
apply to any claim or cause whatsoever whether such claim or
cause arises in contract, tort or otherwise.
Loading page 30...
This book is dedicated to our wives and kids. Thank you for all
your support. Without you, none of this would have been
possible.
your support. Without you, none of this would have been
possible.
Loading page 31...
28 more pages available. Scroll down to load them.
Preview Mode
Sign in to access the full document!
100%
Study Now!
XY-Copilot AI
Unlimited Access
Secure Payment
Instant Access
24/7 Support
AI Assistant
Document Details
Subject
Global Information Assurance Certification