Chapter 3
Information Gathering
THIS CHAPTER COVERS THE FOLLOWING PENTEST+ EXAM TOPICS:
Domain 2: Information Gathering and Vulnerability Identification
- 2.1 Given a scenario, conduct information gathering using appropriate techniques.
- Scanning
- Enumeration
- Hosts
- Networks
- Domains
- Users
- Groups
- Network shares
- Web pages
- Applications
- Services
- Tokens
- Social networking sites
- Packet crafting
- Packet inspection
- Fingerprinting
- Cryptography
- Certificate inspection
- Eavesdropping
- RF communication monitoring
- Sniffing
- Wired
- Wireless
- Decompilation
- Debugging
- Open-Source Intelligence Gathering
- Sources of research
- CERT
- NIST
- JPCERT
- CAPEC
- Full Disclosure
- CVE
- CWE
- Sources of research
Domain 4: Penetration Testing Tools
- 4.1 Given a scenario, use Nmap to conduct information-gathering exercises.
- SYN scan (-sS) vs. full connect scan (-sT)
- Port selection (-p)
- Service identification (-sV)
- OS fingerprinting (-O)
- Disabling ping (-Pn)
- Target input file (-iL)
- Timing (-T)
- Output parameters
- -oA
- -oN
- -oG
- -oX
- ...