Premium
Title Page
1/30/2025
Copyright Page
1/30/2025
Dedication Page
1/30/2025
About the Author
1/30/2025
About the Reviewer
1/30/2025
Acknowledgement
1/30/2025
Preface
1/30/2025
Table of Contents
1/30/2025
1. CPENT Module Mastery
1/30/2025
Introduction
1/30/2025
Structure
1/30/2025
Objectives
1/30/2025
Basic fundamental knowledge
1/30/2025
Vulnerabilities
1/30/2025
Impact of vulnerabilities on systems and organizations
1/30/2025
The Cyber Kill Chain® process
1/30/2025
Penetration testing
1/30/2025
Different penetration testing techniques
1/30/2025
Tools and techniques in penetration testing
1/30/2025
Difference between penetration testing and ethical hacking
1/30/2025
Certified Penetration Testing Professional exam
1/30/2025
Why should you attempt the CPENT exam
1/30/2025
How to prepare yourself for CPENT
1/30/2025
Modules in CPENT
1/30/2025
Targeted learning for Module 1
1/30/2025
Installing and using Wireshark
1/30/2025
Installing and using Nmap
1/30/2025
Conclusion
1/30/2025
Exercises
1/30/2025
Questions
1/30/2025
2. System Requirements, Pre-requisites, Do’s and Don’ts
1/30/2025
Jargon to be familiar with
1/30/2025
Different attack types
1/30/2025
Eavesdropping attacks
1/30/2025
Phishing attacks
1/30/2025
Spear-phishing attacks
1/30/2025
Whale-phishing attacks
1/30/2025
DoS and DDoS attacks
1/30/2025
MITM attacks
1/30/2025
Session hijacking
1/30/2025
Password attack
1/30/2025
Brute force attack
1/30/2025
Ransomware
1/30/2025
URL interpretation
1/30/2025
Malware attack
1/30/2025
DNS spoofing
1/30/2025
SQL injection attack
1/30/2025
Web application attacks
1/30/2025
Cross-site scripting attacks
1/30/2025
Cross-site request forgery attack
1/30/2025
Clickjacking attacks
1/30/2025
Insider threats
1/30/2025
Trojan horses
1/30/2025
Types of penetration testing
1/30/2025
White, black, and grey box pen testing
1/30/2025
Phases of penetration testing
1/30/2025
Resources to practice penetration testing
1/30/2025
Eligibility criteria
1/30/2025
CPENT
1/30/2025
Pre-requisites
1/30/2025
System requirements
1/30/2025
Do’s and don’ts during your CPENT exam
1/30/2025
Mapping attack surface during exam
1/30/2025
Next steps
1/30/2025
Reporting
1/30/2025
3. Penetration Testing Network and Web Applications
1/30/2025
Gathering information on assets
1/30/2025
Vulnerability assessment of applications
1/30/2025
Penetration testing infrastructure
1/30/2025
External network penetration testing
1/30/2025
Performing external penetration testing
1/30/2025
Port scanning
1/30/2025
OS and service fingerprinting
1/30/2025
Vulnerability research
1/30/2025
Exploitation of vulnerabilities
1/30/2025
Internal network penetration testing
1/30/2025
Footprinting
1/30/2025
Windows exploitation
1/30/2025
Making the executable FUD
1/30/2025
Install and run Shellter
1/30/2025
Executing the payload
1/30/2025
Privilege escalation
1/30/2025
Persistence
1/30/2025
Automation of internal network penetration testing
1/30/2025
Post exploitation
1/30/2025
Perimeter devices network penetration testing
1/30/2025
Assessing firewall security implementation
1/30/2025
4. Open-source Intelligence for Penetration Testing
1/30/2025
Introduction to the OSINT framework
1/30/2025
Gathering and analyzing the intelligence
1/30/2025
Using OSINT in penetration testing
1/30/2025
Five steps of OSINT
1/30/2025
OSINT tools for penetration testing
1/30/2025
OSINT framework
1/30/2025
SecurityTrails API
1/30/2025
SpiderFoot
1/30/2025
CheckUserNames
1/30/2025
Google Dorks
1/30/2025
HaveIbeenPwned
1/30/2025
Maltego
1/30/2025
Recon-ng
1/30/2025
Censys
1/30/2025
Shodan
1/30/2025
Wappalyzer
1/30/2025
theHarvester
1/30/2025
Creepy
1/30/2025
Unicornscan
1/30/2025
Jigsaw
1/30/2025
Nmap
1/30/2025
IVRE
1/30/2025
FOCA
1/30/2025
WebShag
1/30/2025
ZoomEye
1/30/2025
Fierce
1/30/2025
ExifTool
1/30/2025
OWASP Amass
1/30/2025
Metagoofil
1/30/2025
OpenVAS
1/30/2025
5. Social Engineering Penetration Testing
1/30/2025
Social engineering
1/30/2025
Methods of social engineering attacks
1/30/2025
Measures to counter social engineering attacks
1/30/2025
Responsibilities of users
1/30/2025
Hackers’ tactics, techniques, and methods
1/30/2025
Social engineering lifecycle
1/30/2025
Baiting and quid pro quo attacks
1/30/2025
Pretexting
1/30/2025
Impersonation and tailgating
1/30/2025
Real-world case studies
1/30/2025
Social engineering in the corporate environment
1/30/2025
Red team social engineering practices
1/30/2025
Future of social engineering
1/30/2025
Penetration testing associated with social engineering
1/30/2025
Introduction to social engineering penetration testing
1/30/2025
Social engineering pen testing using email vector
1/30/2025
Overview of email-based social engineering pen testing
1/30/2025
Social engineering pen testing using telephone vector
1/30/2025
Understanding vishing as a penetration testing vector
1/30/2025
Social engineering pen testing using physical vector
1/30/2025
Introduction to physical social engineering pen tests
1/30/2025
Analyzing real-world cases of social engineering
1/30/2025
Case study, The Twitter 2020 hack
1/30/2025
Case study, RSA SecureID breach (2011)
1/30/2025
Case study, Target data breach (2013)
1/30/2025
Integrating social engineering into penetration testing
1/30/2025
Why social engineering matters
1/30/2025
Phases of penetration testing with social engineering integration
1/30/2025
6. IoT, Wireless, OT, and SCADA Penetration Testing
1/30/2025
Introduction to Internet of Things
1/30/2025
IoT attacks and threats
1/30/2025
IoT penetration testing
1/30/2025
Step-by-step firmware analysis with Binwalk
1/30/2025
Wireless local area network penetration testing
1/30/2025
RFID penetration testing
1/30/2025
Understanding RFID technology
1/30/2025
Techniques of hacking RFID
1/30/2025
Common types of RFID attacks
1/30/2025
Consequences of RFID hacking
1/30/2025
Key principles to protect RFID
1/30/2025
Importance of encryption in RFID security
1/30/2025
Authentication in RFID protection
1/30/2025
RFID hacking and penetration testing overview
1/30/2025
NFC penetration testing
1/30/2025
Working of NFC
1/30/2025
Top 10 NFC security risks
1/30/2025
Penetration testing of NFC
1/30/2025
OT/SCADA concepts
1/30/2025
Overview of OT
1/30/2025
SCADA in industrial operations
1/30/2025
Cybersecurity risks across OT, ICS, and SCADA
1/30/2025
Unique security challenges in SCADA systems
1/30/2025
Security in integrated OT/ICS environments
1/30/2025
SCADA security architecture
1/30/2025
Modbus
1/30/2025
Layers of the Modbus protocol
1/30/2025
Protocol data unit
1/30/2025
Data model of Modbus and accessing data
1/30/2025
Application data unit
1/30/2025
Common features
1/30/2025
Modbus protocol messaging structure
1/30/2025
The request
1/30/2025
The response
1/30/2025
ASCII mode
1/30/2025
RTU mode
1/30/2025
Coding system
1/30/2025
RTU framing
1/30/2025
Address field
1/30/2025
Function field
1/30/2025
Contents of the error checking field
1/30/2025
ICS and SCADA penetration testing
1/30/2025
ICS/SCADA penetration testing
1/30/2025
Additional ICS/SCADA testing resources
1/30/2025
Benefits of ICS/SCADA security testing
1/30/2025
Analyzing the Modbus traffic using Wireshark
1/30/2025
Introduction to Wireshark
1/30/2025
Network example
1/30/2025
Modbus RTU capture extension for Wireshark
1/30/2025
Wireshark COM port setup
1/30/2025
Wireshark capture
1/30/2025
Wireshark capture save
1/30/2025