Penetration Testing-chapter 1
Intro
What Is Penetration Testing
Cybersecurity Goals
Reasons for Penetration Testing
Threat Hunting
Regulatory Requirements for Penetration Testing
CompTIA Penetration Testing Process
Cyber Kill Chain
Reconnaissance Tools
Vulnerability Scanners&Social Engineering Tools
Credential-Testing&Debuggers Tools
Software Assurance&Network Testing
Remote Access&Exploitation Tools
Questions
Planning and Scoping Penetration Tests-chapter 2
intro
scoping and Planning Engagements
Assessment Types
White Box, Black Box, Gray Box
Rules of Engagement
Documentation
Access and Accounts
Certificate Pinning
Budget
Contracts
Data Ownership & Retention
Authorization&Third-Party Authorization
Environmental Differences
Compliance-Based Assessments
Questions
Information Gathering - Chapter 3
intro
Footprinting and Enumeration
MITRE
Location and Organizational Data & Electronic Documents
Financial Data & domains
DNS and Traceroute Information & Zone Transfers
IP Ranges & Security Search Engines
Active Reconnaissance and Enumeration
Nmap Port Scanning
Network Topology & wireshark & zenmap
email address gathering
Defenses Against Active Reconnaissance&Preventing Passive Information Gathering
Questions
Vulnerability Scanning - chapter 4
Intro
Regulatory Environment
PCIDSS
FISMA
Determining Scan Frequency
Scanner Software&Scanner Maintenance&Scan Perspective
Supplementing Network Scans&Vulnerability Plug-In Feeds
SCAP
Analyzing and Testing Code
Fuzzing&Web Application Vulnerability Scanning
Database Vulnerability Scanning
Developing a Remediation Workflow&Testing and Implementing Fixes
OpenVas Installation
OpenVas Scanning
Nessus
web app vulnerability scanning
Questions
Analyzing Vulnerability Scans - Chapter 5
Intro
CVSS & Access Vector & Access Complexity Metrics
Confidentiality & Integrity & Availability Metrics
Exploitability score, impact score, and impact function
False Positives
Informational Results & Reconciling Scan Results with Other Data Sources
Trend Analysis & Server and Endpoint Vulnerabilities & Missing Patches
Buffer Overflows & Privilege Escalation
Arbitrary Code Execution & Hardware Flaws & Firmware Vulnerabilities
Spectre and Meltdown
Point-of-Sale System Vulnerabilities & Insecure Protocol Use
Debug Modes&Network Vulnerabilities
Missing Firmware Updates & SSL and TLS Issues & Outdated SSLTLS Versions
Certificate Problems
Domain Name System (DNS) & Internal IP Disclosure
Virtualization Vulnerabilities
Virtual Host Patching
Internet of Things (IoT)
Web Application Vulnerabilities
Questions
Exploit and Pivot- chapter 6
Intro
Exploit Databases
Developing Exploits & Proof-of-Concept Development & Exploit Chaining
Metasploit & PowerSploit & RPC-DCOM & PsExec
PS Remoting & WinRM & WMI & Scheduled Tasks and cron Jobs
SMB & RDP & VNC & X-Server Forwarding
SSH
Common Post-Exploit Attacks
Privilege Escalation
Social Engineering
Inetd Modification & Scheduled Jobs
Daemons and Services & Back Doors & new users
Pivoting & Covering Your Tracks
Questions
Exploiting Network Vulnerabilities - Chapter 7
Intro
Vlans Hopping
ProxyChains
MITM
SMB Relay Attack
ntlmrelayx
Downgrade Attacks
NAC Bypass
DoS Attacks and Stress Testing
NetBIOS Name Resolution Exploits & SMB Exploits
SNMP Exploits
FTP Exploits & SMTP Exploits
Samba & SSH Exploits
symfonos-1 CTF
SOWSNIFF CTF
Wireless Exploits
wifite
airmon & ariodump & aircrack
Airgedoon
Bluetooth Attacks
RFID Cloning
Questions
Exploiting Physical and Social Vulnerabilities-chapter 8
Intro
Entering Facilities
Piggybacking and Tailgating
Bypassing Locks and Entry Control Systems
Bypassing Perimeter Defenses and Barriers
Information Gathering
Social Engineering_1
Social Engineering_2
In-Person Social Engineering & Elicitation
Interrogation and Interviews& Impersonation
Quid Pro Quo & Shoulder Surfing& USB Key Drops
Bribery & Phishing Attacks
Website-Based Attacks
setoolkit
BEEF
Questions
Exploiting Application Vulnerabilities - Chapter 9
Intro
Input Validation
WAF
SQL Injection
Command Injection
Password Authentication
Session Attacks
Unvalidated Redirects
Kerberos Exploits
Common Kerberos attacks
Insecure Direct Object References
Directory Traversal
File Inclusion
Cross-Site Scripting (XSS)
Cross-Site Request Forgery (CSRF/XSRF)
Clickjacking
Source Code Comments
Error Handling
Hard-Coded Credentials
Race Conditions
Unprotected APIs&Unsigned Code
SAST&DAST
burpsuite
owasp zap
Fuzzing
Debuggers & Mobile Tools
Questions
Exploiting Host Vulnerabilities-Chapter 10
Intro
SUID&SGID&Sticky Bits
Unsecure SUDO
Ret2libc&Linux Kernel Exploits
Obtaining Credentials
cPassword
Cleartext Credentials in LDAP
Service Account Attacks and Kerberoasting
Acquiring and Using Hashes
Credentials in LSASS & LSA Secrets
Unattended Installation
SAM Database
DLL Hijacking
Unquoted Service Paths & Writeable Services
Windows Credential Manager & Windows Kernel Exploits
Cross-Platform Exploits & Unsecure File-Folder Permissions
Stored Credentials
Key loggers & Default Account Settings
SSH & NC
Virtualization and Containers, What’s the Difference
Virtual Machine Attacks
Container Attacks
Cold-Boot Attacks
Serial Consoles
JTAG Debug Pins and Ports
Attacking Mobile Devices
Offline Password Cracking
Credential Testing and Brute-Forcing Tools
Questions
Scripting for Penetration Testing-chapter 11
Intro
Python History & installation
Python3 Basic Syntax
Quotation in Python3 & comments & Variables
Arithmetic Operators & Assignment Operators
Comparison Operators&Membership Operators
Identity Operators & format
If statement
while & for
input
Built-in String Methods
List
List methods
Python Tuples
Python Dictionary
Dictionary Methods
File IO
Python Method
python class
python-nmap
Bash Scripting intro
Bash Scripting comments & variables
Bash Scripting execute commands
Bash Scripting Input
Bash Scripting IF statement
Bash Scripting Array
Bash Scripting for & while
Bash Scripting functions
Questions
Reporting and Communication - Chapter 12
Intro
Defining a Communication Path
Communication Triggers
Goal Reprioritization
Recommending Mitigation Strategies
specific coverage of remediation strategies
No Multifactor Authentication
SQL Injection & Unnecessary Open Services
Writing a Penetration Testing Report
Methodology & Conclusion
Secure Handling and Disposition of Reports & Post-Engagement Cleanup
Client Acceptance & Follow-Up Actions-Retesting
Questions