Domain 3 is the heart of the PenTest+ exam. It covers the hands-on skills needed to exploit vulnerabilities across various environments. You must understand not just how to run tools, but how attacks work at a fundamental level.
🌐 Network Attacks
Exploiting weaknesses in network protocols and services to gain unauthorized access or disrupt operations.
Common Vectors
- ▸ MITM: ARP Poisoning, DNS Spoofing.
- ▸ Layer 2: VLAN Hopping, MAC Flooding.
- ▸ Credential: LLMNR/NBT-NS Poisoning (Responder).
Key Tools
- ▸ Metasploit: Exploitation framework.
- ▸ Nmap: Discovery and enumeration.
- ▸ Wireshark: Traffic analysis.
💡 Exam Tip
Know how to identify an attack from log output or packet captures. For example, seeing many ARP replies without requests indicates ARP poisoning.
📡 Wireless Attacks
Targeting Wi-Fi, Bluetooth, and RFID/NFC systems.
- ▸ Deauthentication: Forcing users off APs to capture 4-way handshakes (WPA2).
- ▸ Evil Twin: Creating a rogue AP with the same SSID to trick users into connecting.
- ▸ Bluetooth: Bluejacking (spam), Bluesnarfing (data theft).
- ▸ RFID/NFC: Cloning badges for physical access.
💻 Application Attacks
Exploiting vulnerabilities in web applications and APIs. Familiarity with the OWASP Top 10 is essential.
Injection (SQLi)
Inserting malicious code into queries.
Example:
' OR 1=1 -- to bypass login.
Cross-Site Scripting (XSS)
Injecting scripts that execute in the victim's browser.
Types:
Stored (persistent), Reflected (in URL), DOM-based.
Broken Access Control (IDOR)
Accessing resources belonging to others by changing parameters.
Example: Changing user_id=100 to
user_id=101.
CSRF / SSRF
Forcing a user (CSRF) or server (SSRF) to perform unwanted actions.
☁️ Cloud-Based Attacks
Attacking cloud infrastructure (AWS, Azure, GCP) often relies on misconfigurations rather than software exploits.
- ▸ Misconfigurations: Publicly accessible S3 buckets, overly permissive IAM roles.
- ▸ Credential Harvesting: Phishing for cloud console access or finding API keys in code repos.
- ▸ Cloud-Specific Tools: Pacu, ScoutSuite, Prowler.
🎭 Social Engineering
Manipulating people into divulging confidential information or performing actions.
Phishing
Email-based attacks (Spear phishing, Whaling).
Vishing
Voice/Phone-based solicitation.
Physical
Tailgating, Piggybacking, Dumpster Diving.
🎯 Ready to Test Your Skills?
See if you can identify the attack vectors in our free PenTest+ Practice Quiz!
Start Practice Quiz →