Planning and Scoping
 

Explain the importance of planning for an engagement.

Explain key legal concepts.

Explain the importance of scoping an engagement properly

Explain the key aspects of compliance-based assessments
 

• Understanding the target audience

• Rules of engagement

• Communication escalation path

• Resources and requirements

• Budget

• Impact analysis and remediation timelines

• Disclaimers

• Technical constraints

• Risk acceptance

• Tolerance to impact and so on

Information Gathering and Vulnerability Identification
 

Conduct information gathering

using appropriate techniques

Perform a vulnerability scan

Analyze vulnerability scan results

Explain the process of leveraging informationto prepare for exploitation

Explain weaknesses related to specialized systems
 

• Scanning

• Enumeration

• Packet crafting

• Packet inspection

• Fingerprinting

• Cryptography

• Eavesdropping

• Decompilation

• Debugging

• Open Source Intelligence Gathering and so on

Attacks and Exploits
 

Compare and contrast social engineering attacks

Exploit network-based vulnerabilities

Exploit wireless and RF-based vulnerabilities

Exploit application-based vulnerabilities

Exploit local host vulnerabilities

Summarize physical security attacks related to facilities

Perform post-exploitation techniques
 

• Phishing

• Elicitation

• Interrogation

• Impersonation

• Shoulder surfing

• USB key drop

• Motivation techniques

• Name resolution exploits

• SMB exploits

• SNMP exploits

• SMTP exploits

• FTP exploits

• DNS cache poisoning

• Pass the hash and so on

Penetration Testing Tools
 

Use Nmap to conduct information gathering exercises

Compare and contrast various use cases of tools

Analyze tool output ordata related to a penetration test

Analyze a basic script

 

• SYN scan (-sS) vs. full connect scan (-sT)

• Port selection (-p)

• Service identification (-sV)

• OS fingerprinting (-O)

• Disabling ping (-Pn)

• Target input file (-iL)

• Timing (-T)

• Output parameters and so on

Reporting and Communication
 

Use report writing and handling best practices

Explain post-report delivery activities

Recommend mitigationstrategies for discovered vulnerabilities

Explain the importance of communicationduring the penetration testing process
 

• Normalization of data

• Written report of findings

and remediation

• Risk appetite

• Storage time for report

• Secure handling and

disposition of reports

• Client acceptance

• Lessons learned

• Follow-up actions/retest

• Attestation of findings and so on


※ 세부내용은 일부 조정될 수 있습니다.