Overview
Domain 3 of the CompTIA PenTest+ (PT0-002) exam focuses on identifying, researching, and executing network, wireless, application, and cloud-based attacks. It also covers post-exploitation and physical/social engineering techniques. Mastering this domain is crucial for hands-on penetration testing roles.
3.1 Network Attacks
Network attacks involve exploiting weaknesses in network configurations, services, or protocols to gain unauthorized access or disrupt services. Testers must understand common vectors and tools used to simulate real-world attacks.
⚙️ Tools
- Metasploit – A framework for developing and executing exploits.
- Netcat – Utility for debugging and investigating the network.
- Nmap – Port scanner for network discovery and security auditing.
🛠 Techniques
- ARP Poisoning, DNS Cache Poisoning, VLAN Hopping
- Password attacks: spraying, brute force, hash cracking, dictionary
- Kerberoasting and NTLM relay attacks
- Exploitation chaining for complex attack paths
- LLMNR/NBT-NS Spoofing to capture credentials on local networks
3.2 Wireless Attacks
Wireless attacks target flaws in Wi-Fi protocols, encryption, or user behavior. These attacks can range from passive eavesdropping to active impersonation of access points and clients.
⚙️ Tools
- Aircrack-ng – Toolkit for monitoring, attacking, and cracking wireless traffic.
- Amplified antenna – Enhances range for sniffing or attacking wireless signals.
🛠 Techniques
- Eavesdropping, deauthentication, handshake capture
- Evil twin and rogue access point creation
- Bluetooth attacks: Bluejacking, Bluesnarfing, BLE attacks
- RFID cloning, NFC-based amplification attacks
- Exploitation of WPS using PIN brute-forcing