setrus/GPEN Knowledge

## GPEN Knowledge
Exam Certification Objectives and Outcome Statements
1. Advanced Password Attacks
- The candidate will be able to user additional methods to attack password hashes and authenticate

2. Attacing Password hashes
- The candidate will be able to obtain and attack passwords hashes and other password representations

3. Escalation and Exploitation
- The candidate will be able to demonstrate the fundamental conepts of exploitation, data exfiltratrion from compromised hosts and pivoting to exploit other hosts within a target network.

4. Exploitation Fundamentals
- The candidate will be able to demonstrate the fundamental concepts associated with the exploitation phase of a pentest

5. Metasploit
- The candidate will be able to use and configure the Metasploit Framework at an intermediate level

6. Movin Files with Exploits
- The candidate will be albe to use exploits to move files between remote systems

7. Passwords Attacks
- The candidate will understand types of password attacks, formats,defenses and the circumstances under which to use each password attack variation. The candidate will be able to conduc password guessing attacks.

8. Password Formats and Hashes
- The candidate will demonstrate an understanding of common password hashes and formats for storing password data.

9. Penetration Test Planning
- The candidate will be able to demonstrate the fundamental concepts associated with pentesting, and utilize a process-oriented approach to penetration testing and reporting.

10. Penetration Testing with PowerShell and the Windows Command Line
- The candidate will demonstrate an understanding of the user of advanced Windows commands line skills during a penetration test, and demonstrate an understanding of the use of advanced Windows Power Shell skills during a penetration test.

11. Reconnaissance
- The candidate will understand the fundamental concepts of reconnaissance and will understand hot to obtain basic, high level information about the target organization and network, often considered information leakage, including but not limited to technical and non technical public contacts, IP address ranges, document formats, and supported systems.

12. Scanning and Host Discovery
- The candidate will be able to user the appropiate technique to scan a network for potential targets, and to conduct port, operating system and service version scans and analyze the results.

13. Vulnerability Scanning
- The candidate will be able to conduct vulnerability sans and analyze the results

14. Web Application Injection Attacks
- The candidate will demonstrate an understanding of how injection attacks work agains web applications and how to conduct them

15. Web Application Reconnainssance
- The candidate will demonstrate an understanding of the user of tools and proxies to discover web application vulnerabilities.

16. XSS and CRSF Attacks
- The candidate will demonstrate an understanding of how XSS and CSRF attacks work and how to conduct them
---------------------------
Roadman Link : https://www.sans.org/cyber-security-skills-roadmap
You will be able to:
- Develop tailored scoping and rules of engagement for penetration testing projects to ensure the work is focused, well defined and conducted in a safe manner
- Conduct detailed reconnaissance using document metadata, search engines and other publicly available information sources to build a technical and organizational understanding of the target environment
- Utilize the Nmap Scripting tool to conduct comprehensive network sweeps, port scans, Operating system fingerprinting and version scanning to develop a map of target environments
- Choose and properly execute Nmap Scripting Engine Scripts to extract detailed information fron the target systems
- Configure and launch Nessus vulnerability scanner so that it discovers vulnerabilities through bot authenticated and unauthenticated scnas in a safe manner, and customize the output from such tools to represent the business risk to the organization.
- Analyze the output of scanning tools to manually verify findings and perfom false positive reduction using Netcat and the Scapy packet crafting tools
- Utilize the Windows and Linux Command lines to plunder target systems for vital information that can further overall penetration test progress, establish pivots for deeper compromise and help determine business risks.
- Configure the Metasploit exploitation tool to scan, exploit and then pivot through a target environment in-deph
- Conduct comprehensive password attacks agains an environment, including automated password guessing(while avoiding account lockout), traditional Password cracking, rainbow table password cracking and pass-the-hash attacks
- Lauch web application vulnerability scanners such as ZAP and then manually exploit Cross-Site Request Forgery, Cross-Site Scripting, Command Injection and SQL injections attacks to determine the business risks faced by an organization.
	Exam Certification Objectives and Outcome Statements
	1. Advanced Password Attacks
	- The candidate will be able to user additional methods to attack password hashes and authenticate

	2. Attacing Password hashes
	- The candidate will be able to obtain and attack passwords hashes and other password representations

	3. Escalation and Exploitation
	- The candidate will be able to demonstrate the fundamental conepts of exploitation, data exfiltratrion from compromised hosts and pivoting to exploit other hosts within a target network.

	4. Exploitation Fundamentals
	- The candidate will be able to demonstrate the fundamental concepts associated with the exploitation phase of a pentest

	5. Metasploit
	- The candidate will be able to use and configure the Metasploit Framework at an intermediate level

	6. Movin Files with Exploits
	- The candidate will be albe to use exploits to move files between remote systems

	7. Passwords Attacks
	- The candidate will understand types of password attacks, formats,defenses and the circumstances under which to use each password attack variation. The candidate will be able to conduc password guessing attacks.

	8. Password Formats and Hashes
	- The candidate will demonstrate an understanding of common password hashes and formats for storing password data.

	9. Penetration Test Planning
	- The candidate will be able to demonstrate the fundamental concepts associated with pentesting, and utilize a process-oriented approach to penetration testing and reporting.

	10. Penetration Testing with PowerShell and the Windows Command Line
	- The candidate will demonstrate an understanding of the user of advanced Windows commands line skills during a penetration test, and demonstrate an understanding of the use of advanced Windows Power Shell skills during a penetration test.

	11. Reconnaissance
	- The candidate will understand the fundamental concepts of reconnaissance and will understand hot to obtain basic, high level information about the target organization and network, often considered information leakage, including but not limited to technical and non technical public contacts, IP address ranges, document formats, and supported systems.

	12. Scanning and Host Discovery
	- The candidate will be able to user the appropiate technique to scan a network for potential targets, and to conduct port, operating system and service version scans and analyze the results.

	13. Vulnerability Scanning
	- The candidate will be able to conduct vulnerability sans and analyze the results

	14. Web Application Injection Attacks
	- The candidate will demonstrate an understanding of how injection attacks work agains web applications and how to conduct them

	15. Web Application Reconnainssance
	- The candidate will demonstrate an understanding of the user of tools and proxies to discover web application vulnerabilities.

	16. XSS and CRSF Attacks
	- The candidate will demonstrate an understanding of how XSS and CSRF attacks work and how to conduct them
	---------------------------
	Roadman Link : https://www.sans.org/cyber-security-skills-roadmap
	You will be able to:
	- Develop tailored scoping and rules of engagement for penetration testing projects to ensure the work is focused, well defined and conducted in a safe manner
	- Conduct detailed reconnaissance using document metadata, search engines and other publicly available information sources to build a technical and organizational understanding of the target environment
	- Utilize the Nmap Scripting tool to conduct comprehensive network sweeps, port scans, Operating system fingerprinting and version scanning to develop a map of target environments
	- Choose and properly execute Nmap Scripting Engine Scripts to extract detailed information fron the target systems
	- Configure and launch Nessus vulnerability scanner so that it discovers vulnerabilities through bot authenticated and unauthenticated scnas in a safe manner, and customize the output from such tools to represent the business risk to the organization.
	- Analyze the output of scanning tools to manually verify findings and perfom false positive reduction using Netcat and the Scapy packet crafting tools
	- Utilize the Windows and Linux Command lines to plunder target systems for vital information that can further overall penetration test progress, establish pivots for deeper compromise and help determine business risks.
	- Configure the Metasploit exploitation tool to scan, exploit and then pivot through a target environment in-deph
	- Conduct comprehensive password attacks agains an environment, including automated password guessing(while avoiding account lockout), traditional Password cracking, rainbow table password cracking and pass-the-hash attacks
	- Lauch web application vulnerability scanners such as ZAP and then manually exploit Cross-Site Request Forgery, Cross-Site Scripting, Command Injection and SQL injections attacks to determine the business risks faced by an organization.