GPEN GIAC Certified Penetration Tester All-in-One Exam Guide

  • 7h 51m
  • Bill MacCormack, Ray Nutting
  • McGraw-Hill/Osborne
  • 2021

This effective study guide provides 100% coverage of every topic on the GPEN GIAC Penetration Tester exam

This effective self-study guide fully prepares you for the Global Information Assurance Certification’s challenging Penetration Tester exam, which validates advanced IT security skills. The book features exam-focused coverage of penetration testing methodologies, legal issues, and best practices. GPEN GIAC Certified Penetration Tester All-in-One Exam Guide contains useful tips and tricks, real-world examples, and case studies drawn from authors’ extensive experience. Beyond exam preparation, the book also serves as a valuable on-the-job reference.

Covers every topic on the exam, including:

  • Pre-engagement and planning activities
  • Reconnaissance and open source intelligence gathering
  • Scanning, enumerating targets, and identifying vulnerabilities
  • Exploiting targets and privilege escalation
  • Password attacks
  • Post-exploitation activities, including data exfiltration and pivoting
  • PowerShell for penetration testing
  • Web application injection attacks
  • Tools of the trade: Metasploit, proxies, and more

About the Authors

Raymond Nutting, CompTIA PenTest+™, CISSP-ISSEP, is a published author and security practitioner with over 20 years of experience in the field of information security. He is the co-owner and founder of nDepth Security, a managed security service provider that specializes in penetration testing. Ray holds numerous industry-recognized certifications and has presented at various conferences and events throughout his career.

William MacCormack, GPEN, GSE, is a reformed systems administrator who has worked in IT for over 15 years and is currently a penetration tester for a small cybersecurity firm located in Columbia, MD. He currently teaches penetration testing at a local community college and in his free time mentors high school students beginning their cybersecurity education.

In this Book

  • Introduction
  • Planning and Preparation
  • Reconnaissance
  • Initial Access
  • Execution
  • Persistence, Privilege Escalation, and Evasion
  • Credential Access
  • Discovery and Lateral Movement
  • Data Collection and Exfiltration
  • Writing and Communicating the Pentest Report
  • Glossary