GPEN GIAC Certified Penetration Tester All-in-One Exam Guide (2020)

Preview (31 of 768 Pages)

100%

Purchase to unlock

Loading page image...

Contents1.Cover2.Title Page3.Copyright Page4.Dedication5.Contents6.Acknowledgments7.Introduction1.Objectives Map: GPEN Exam8.Chapter 1 Planning and Preparation1.Penetration Testing Methodologies1.Penetration Testing Execution Standard2.NIST Technical Guide to Information SecurityTesting and Assessment3.Penetration Testing Framework4.Open Source Security Testing MethodologyManual5.OWASP Web Security Testing Guide6.MITRE ATT&CK7.CAPEC2.Pre-engagement Activities1.Testing Phases2.Rules of Engagement3.Scope4.Other Pre-engagement Documentation5.Third-Party Providers3.Chapter Review1.Questions

Loading page image...

2.Answers9.Chapter 2 Reconnaissance1.Open Source Intelligence1.Organizational Culture2.Social Media Behavior3.Information Technology2.Discovery Methods1.Regional Internet Registries2.Querying DNS Records3.Search Engines4.OSINT Collection Tools5.Metadata Analysis3.Chapter Review1.Questions2.Answers10.Chapter 3 Initial Access1.Exploitation Categories1.Server-Side Exploitation2.Client-Side Exploitation3.Privilege Escalation2.Network Basics and Not-So-Basics1.TCP Three-Way Handshake2.TCP and IP Headers3.Scanning and Host Discovery1.Monitoring Network Scans2.Lab 3-1: Using Wireshark

Loading page image...

3.Nmap Introduction4.Ping Sweeping5.Network Mapping6.Port Scanning7.Vulnerability Scanning8.Lab 3-2: Scanning with Nmap9.Lab 3-3: Vulnerability Scanning with Nessus4.Packet Crafting with Scapy1.Lab 3-4: Scapy Introductory2.Lab 3-5: Evil Scapy Scripting5.Web Application Penetration Testing1.Web Application Vulnerabilities2.Lab 3-6: BeEF Basics3.Lab 3-7: OWASP ZAP4.SQL Injection Attacks5.Lab 3-8: SQLi6.Lab 3-9: Blind SQLi and Sqlmap7.Command Injection8.Lab 3-10: Command Injection9.Client-Side Attacks10.Lab 3-11: Stored XSS6.Time-Saving Tips7.Chapter Review1.Questions2.Answers11.Chapter 4 Execution1.Command-Line Interface1.Linux CLI2.Windows CLI2.Scripting

Loading page image...

1.Declaring Methods and Variables2.Looping and Flow Control3.Error and Exception Handling3.Metasploit Framework (MSF)1.MSF Components2.Lab 4-1: Navigating the MSFconsole3.Service-Based Exploitation4.Lab 4-2: Exploiting SMB with Metasploit5.Lab 4-3: Exploiting ProFTPD with Metasploit6.Metasploit Meterpreter7.Lab 4-4: Upgrading to a Meterpreter Shell4.Chapter Review1.Questions2.Answers12.Chapter 5 Persistence, Privilege Escalation, and Evasion1.Persistence1.Windows Persistence2.Lab 5-1: Scheduled Tasks3.Lab 5-2: Configuring a Callback via WindowsServices4.Lab 5-3: Persistence with PowerShell Empire5.Linux Persistence6.Privilege Escalation7.Lab 5-4: Linux Privilege Escalation8.Lab 5-5: Windows Information Gathering andPrivilege Escalation2.Evasion1.In Memory vs. On Disk2.Disk Location3.Code Obfuscation4.Lab 5-6: Windows Defender Evasion

Loading page image...

3.Chapter Review1.Questions2.Answers13.Chapter 6 Credential Access1.Windows Password Types1.NTLM Challenge-Response Protocol2.NTLMv1 and LM3.NTLMv24.Kerberos2.Unix/Linux Password Types1.Message-Digest Algorithms2.Secure Hash Algorithms3.Types of Password Attacks4.Password Cracking1.John the Ripper2.Hashcat5.Harvesting Credentials1.Exfiltration from the Local Host2.Lab 6-1: Extract SAM from the Windows Registry3.Lab 6-2: Hashdump4.Lab 6-3: Dump Credentials from Memory5.Exfil from the Local Network6.Lab 6-4: Responder6.Chapter Review1.Questions2.Answers14.Chapter 7 Discovery and Lateral Movement

Loading page image...

1.Discovery1.Windows Situational Awareness2.Lab 7-1: Recon with PowerView3.Lab 7-2: Recon with Empire4.Lab 7-3: Information Gathering with SharpHound5.Linux Situational Awareness2.Lateral Movement1.Linux Pivoting2.Lab 7-4: Port Forwarding3.Windows Pivoting4.Lab 7-5: Pass-the-Hash5.Lab 7-6: Built-in Tools6.Lab 7-7: Lateral Movement, Owning the Domain3.Chapter Review1.Questions2.Answers15.Chapter 8 Data Collection and Exfiltration1.Data Collection1.Data from Local System2.Data from Information Repositories2.Data Exfiltration with Frameworks1.Lab 8-1: Exfilling Data with Metasploit2.Input and Screen Capture3.Clipboard Data4.Lab 8-2: Exfilling Data with Empire5.Exfilling Sensitive Files6.Timestomping3.Data Exfiltration with Operating System Tools

Loading page image...

1.Scheduled Transfer2.Lab 8-3: Exfilling Data Using Linux Cron Jobs3.Lab 8-4: Exfilling Data Using Windows ScheduledTasks4.Chapter Review1.Questions2.Answers16.Chapter 9 Writing and Communicating the Pentest Report1.The Pentest Report1.Report Writing Best Practices2.Preparing to Write the Report3.Writing the Report2.Report Handling3.Chapter Review1.Questions2.Answers17.Appendix A Penetration Testing Tools and References1.Credential Testing Tools2.Debuggers3.Evasion and Code Obfuscation4.Networking Tools5.Penetration Testing Frameworks6.Reconnaissance (OSINT)7.Remote Access Tools8.Social Engineering Tools9.Virtual Machine Software10.Vulnerability and Exploitation Research11.Vulnerability Scanners12.Web and Database Tools13.Wireless Testing Tools18.Appendix B Setting Up a Basic GPEN Lab

Loading page image...

1.What You Need2.Home Base (Host Machine) and Domain Controller3.Windows Clients4.CentOS VM with Web Apps5.Kali Linux Attack VM6.Backing Up with VM Snapshots7.Metasploitable VMs8.Complete Lab Setup19.Appendix C Capstone Project1.Capstone Tasks2.Exercise One: Reconnaissance3.Exercise Two: Initial Access4.Exercise Three: Exploit Chaining5.Exercise Four: Exploit Chaining Redux6.Capstone Hints7.Exercise One: Reconnaissance8.Exercise Two: Initial Access9.Exercise Three: Exploit Chaining10.Exercise Four: Exploit Chaining Redux11.Capstone Walkthrough12.Exercise One: Reconnaissance13.Exercise Two: Initial Access14.Exercise Three: Exploit Chaining15.Exercise Four: Exploit Chaining Redux20.Appendix D About the Online Content1.System Requirements2.Your Total Seminars Training Hub Account3.Privacy Notice4.Single User License Terms and Conditions5.TotalTester Online6.Other Book Resources7.Technical Support21.Glossary22.Index

Loading page image...

Guide1.Cover2.Title Page3.GPEN GIAC® Certified Penetration Tester All-in-One Exam GuidePage List1.i2.ii3.iii4.iv5.v6.vi7.vii8.viii9.ix10.x11.xi12.xii13.xiii14.xiv15.xv16.xvii17.xviii18.xix19.xx20.xxi21.xxiii22.xxiv23.xv24.125.226.327.428.529.630.731.8

Loading page image...

32.933.1034.1135.1236.1337.1438.1539.1640.1741.1842.1943.2044.2145.2246.2347.2448.2549.2650.2751.2852.2953.3054.3155.3256.3357.3458.3559.3660.3761.3862.3963.4064.4165.4266.4367.4468.4569.4670.4771.4872.4973.5074.51

Loading page image...

75.5276.5377.5478.5579.5680.5781.5882.5983.6084.6185.6286.6387.6488.6589.6690.6791.6892.6993.7094.7195.7296.7397.7498.7599.76100.77101.78102.79103.80104.81105.82106.83107.84108.85109.86110.87111.88112.89113.90114.91115.92116.93117.94

Loading page image...

118.95119.96120.97121.98122.99123.100124.101125.102126.103127.104128.105129.106130.107131.108132.109133.110134.111135.112136.113137.114138.115139.116140.117141.118142.119143.120144.121145.122146.123147.124148.125149.126150.127151.128152.129153.130154.131155.132156.133157.134158.135159.136160.137

Loading page image...

161.138162.139163.140164.141165.142166.143167.144168.145169.146170.147171.148172.149173.150174.151175.152176.153177.154178.155179.156180.157181.158182.159183.160184.161185.162186.163187.164188.165189.166190.167191.168192.169193.170194.171195.172196.173197.174198.175199.176200.177201.178202.179203.180

Loading page image...

204.181205.182206.183207.184208.185209.186210.187211.188212.189213.190214.191215.192216.193217.194218.195219.196220.197221.198222.199223.200224.201225.202226.203227.204228.205229.206230.207231.208232.209233.210234.211235.212236.213237.214238.215239.216240.217241.218242.219243.220244.221245.222246.223

Loading page image...

247.224248.225249.226250.227251.228252.229253.230254.231255.232256.233257.234258.235259.236260.237261.238262.239263.240264.241265.242266.243267.244268.245269.246270.247271.248272.249273.250274.251275.252276.253277.254278.255279.256280.257281.258282.259283.260284.261285.262286.263287.264288.265289.266

Loading page image...

290.267291.268292.269293.270294.271295.272296.273297.274298.275299.276300.277301.278302.279303.280304.281305.283306.284307.285308.286309.282310.287311.288312.289313.290314.291315.292316.293317.294318.295319.296320.297321.298322.299323.300324.301325.302326.303327.304328.305329.306330.307331.308332.309

Loading page image...

333.310334.311335.312336.313337.314338.315339.316340.317341.318342.319343.320344.321345.322346.323347.324348.325349.326350.327351.328352.329353.330354.331355.332356.333357.334358.335359.336360.337361.338362.339363.340364.341365.342366.343367.344368.345369.346370.347371.348372.349373.350374.351375.352

Loading page image...

376.353377.354378.355379.356380.357381.358382.359383.360384.361385.362386.363387.364388.365389.366390.367391.368392.369393.370394.371395.372396.373397.374398.375399.376400.377401.378402.379403.380404.381405.382406.383407.384408.385409.386410.387411.388412.389413.390414.391415.392416.393417.394418.395

Loading page image...

419.396420.397421.398422.399423.400424.401425.402426.403427.404428.405429.406430.407431.408432.409433.410434.411435.412436.413437.414438.415439.416440.417441.418442.419443.420444.421445.422446.423447.424448.425449.426450.427451.428452.429453.430454.431455.432456.433457.434458.435459.436460.437461.438

Loading page image...

462.439463.440464.441465.442466.443467.444468.445469.446470.447471.448472.449473.450474.451475.452476.453477.454478.455479.456

Loading page image...

ABOUT THE AUTHORSRay Nuttingis a security practitioner with over 20 years’experience in the field of information security. He is the co-owner and founder of nDepth Security, a managed securityservice provider that specializes in penetration testing. Hegraduated magna cum laude with a degree in computerinformation systems and a concentration in informationsystems security. He holds numerous industry-recognizedcertifications, including the ISCCISSP and ISSEP, the EC-Council C|EH v5, and the CompTIA Pentest+, and haspresented at various conferences and events throughout hiscareer.Bill MacCormackis a reformed systems administrator whohas worked in IT for over 15 years, and is currently apenetration tester for a small cybersecurity firm located inColumbia, Maryland. He currently teaches penetration testingat a local community college and in his free time mentors highschool students beginning their cybersecurity educations. Heholds the GIAC GPEN and GSE certifications, as well as otherindustry-recognized certifications. He lurks on Twitter@n00b_haxor.ABOUT THE TECHNICAL EDITORR. Chris Furtickis a passionate leader and cybersecuritysubject matter expert who holds various industry-recognizedcertifications, including CISSP, GPEN, and others. Chris’stechnical experience and business acumen allow him to bring aconsultative voice to all situations and help him bridge the gapbetween technology and business outcomes. Chris is a regularly2

Loading page image...

featured speaker at area conferences and mentors members ofhis team to do the same.

Loading page image...

Copyright © 2021 by McGraw Hill. All rights reserved. Exceptas permitted under the United States Copyright Act of 1976, nopart of this publication may be reproduced or distributed in anyform or by any means, or stored in a database or retrievalsystem, without the prior written permission of the publisher.ISBN: 978-1-26-045675-2MHID:1-26-045675-7The material in this eBook also appears in the print version ofthis title: ISBN: 978-1-26-045674-5, MHID: 1-26-045674-9.eBook conversion by codeMantraVersion 1.0All trademarks are trademarks of their respective owners.Rather than put a trademark symbol after every occurrence of atrademarked name, we use names in an editorial fashion only,and to the benefit of the trademark owner, with no intention ofinfringement of the trademark. Where such designations appearin this book, they have been printed with initial caps.McGraw-Hill Education eBooks are available at special quantitydiscounts to use as premiums and sales promotions or for use incorporate training programs. To contact a representative, pleasevisit the Contact Us page atwww.mhprofessional.com.Information has been obtained by McGraw Hill from sourcesbelieved to be reliable. However, because of the possibility ofhuman or mechanical error by our sources, McGraw Hill, orothers, McGraw Hill does not guarantee the accuracy, adequacy,or completeness of any information and is not responsible forany errors or omissions or the results obtained from the use ofsuch information.TERMS OF USE

Loading page image...

This is a copyrighted work and McGraw-Hill Education and itslicensors reserve all rights in and to the work. Use of this workis subject to these terms. Except as permitted under theCopyright Act of 1976 and the right to store and retrieve onecopy of the work, you may not decompile, disassemble, reverseengineer, reproduce, modify, create derivative works basedupon, transmit, distribute, disseminate, sell, publish orsublicense the work or any part of it without McGraw-HillEducation’s prior consent. You may use the work for your ownnoncommercial and personal use; any other use of the work isstrictly prohibited. Your right to use the work may beterminated if you fail to comply with these terms.THE WORK IS PROVIDED “AS IS.” McGRAW-HILLEDUCATION AND ITS LICENSORS MAKE NO GUARANTEESOR WARRANTIES AS TO THE ACCURACY, ADEQUACY ORCOMPLETENESS OF OR RESULTS TO BE OBTAINED FROMUSING THE WORK, INCLUDING ANY INFORMATION THATCAN BE ACCESSED THROUGH THE WORK VIA HYPERLINKOR OTHERWISE, AND EXPRESSLY DISCLAIM ANYWARRANTY, EXPRESS OR IMPLIED, INCLUDING BUT NOTLIMITED TO IMPLIED WARRANTIES OFMERCHANTABILITY OR FITNESS FOR A PARTICULARPURPOSE. McGraw-Hill Education and its licensors do notwarrant or guarantee that the functions contained in the workwill meet your requirements or that its operation will beuninterrupted or error free. Neither McGraw-Hill Educationnor its licensors shall be liable to you or anyone else for anyinaccuracy, error or omission, regardless of cause, in the workor for any damages resulting therefrom. McGraw-HillEducation has no responsibility for the content of anyinformation accessed through the work. Under nocircumstances shall McGraw-Hill Education and/or its licensorsbe liable for any indirect, incidental, special, punitive,consequential or similar damages that result from the use of orinability to use the work, even if any of them has been advised of

Loading page image...

the possibility of such damages. This limitation of liability shallapply to any claim or cause whatsoever whether such claim orcause arises in contract, tort or otherwise.

Loading page image...

This book is dedicated to our wives and kids. Thank you for allyour support. Without you, none of this would have beenpossible.

Preview Mode

This document has 768 pages. Sign in to access the full document!

Report

Study Now!

Document Details

Related Documents

GCIH GIAC Certified Incident Handler All-in-One Exam Guide (2020)

Company

Explore

Study Tools