Chapter 6
Exploit and Pivot
THE PENTEST+ EXAM TOPICS COVERED IN THIS CHAPTER INCLUDE:
Domain 2: Information Gathering and Vulnerability Identification
- 2.4 Explain the process of leveraging information to prepare for exploitation
- Map vulnerabilities to potential exploits
- Prioritize activities in preparation for penetration test
- Describe common techniques to complete attack
- Cross compiling code
- Exploit modification
- Exploit chaining
- Proof-of-concept development (exploit development)
- Social engineering
- Credential brute-forcing
- Dictionary attacks
- Rainbow tables
- Deception
Domain 3: Attacks and Exploits
- 3.7 Given a scenario, perform post-exploitation techniques
- Lateral movement
- RPC/DCOM
- PsExec
- WMI
- Scheduled tasks
- PS remoting/WinRM
- SMB
- RDP
- Apple Remote Desktop
- VNC
- X-server forwarding
- Telnet
- SSH
- RSH/Rlogin
- Persistence
- Scheduled jobs
- Scheduled tasks
- Daemons
- Back doors
- Trojan
- New user creation
- Covering your tracks
Domain 4: Penetration Testing Tools
- 4.2...