Chapter 10
Exploiting Host Vulnerabilities
THIS CHAPTER COVERS THE FOLLOWING COMPTIA PENTEST+ EXAM TOPICS:
Domain 2: Information Gathering and Vulnerability Identification
- 2.5 Explain weaknesses related to specialized systems.
- Biometrics
Domain 3: Attacks and Exploits
- 3.5 Given a scenario, exploit local host vulnerabilities.
- OS vulnerabilities
- Windows
- MacOS
- Linux
- Android
- iOS
- Unsecure service and protocol configuration
- Privilege escalation
- Linux specific
- SUID/SGID programs
- Unsecure SUDO
- Ret2libc
- Sticky bits
- Windows specific
- Cpassword
- Clear text credentials in LDAP
- Kerberoasting
- Credentials in LSASS
- Unattended installation
- SAM database
- DLL hijacking
- Exploitable services
- Unquoted service paths
- Writeable services
- Unsecure file/folder permissions
- Keylogger
- Scheduled tasks
- Kernel exploits
- Linux specific
- Default account settings
- Sandbox escape
- Shell upgrade
- VM
- Container
- Physical device security
- Cold boot attack
- JTAG debug
- Serial console
- OS vulnerabilities
Domain 4: Penetration Testing...