Description

Overview

The CompTIA PenTest+ certification equips you to plan, conduct, analyze, and report on penetration tests. Your ability to learn and master these skills will bring value to organizations because it proves that you can ensure their data is secure.

The PenTest+ certification is critical to your success as a cybersecurity professional because it demonstrates your ability to test devices in a variety of environments, including servers and the cloud. Additionally, you’ll hone your management skills and be able to determine the resiliency of an organization’s infrastructure.

You’ll learn how to plan and scope penetration tests, conduct passive reconnaissance, perform non-technical tests to gather information and conductive active reconnaissance, and analyze vulnerabilities. Additional skills include using a fictitious company to learn how to penetrate networks, exploit host-based vulnerabilities, test applications, and complete post-exploit tasks.

  • 34:16:00 Hours
  • 12 Months Access
  • Presented by highly qualified, industry leading experts

Course Details

Objectives

  • Planning and Scoping Penetration Tests
  • Conducting Passive Reconnaissance
  • Performing Non-Technical Tests
  • Conducting Active Reconnaissance
  • Analyzing Vulnerabilities
  • Penetrating Networks
  • Exploiting Host-Based Vulnerabilities
  • Testing Applications
  • Completing Post-Exploit Tasks
  • Analyzing and Reporting Pen Test Results

Audience

  • Systems administrators required to secure networks against attacks.
  • Individuals with experience in IT looking to expand into penetration testing.
  • IT professionals with CompTIA CySA+ certifications interested in expanding their skills.
  • Those building foundational skils required for more advanced cybersecurity certifications such as CompTIA CASP+.

Prerequisites

  • Before starting your journey to become CompTIA PenTest+ certified, we recommend that you meet the following prerequisites

Before starting PenTest+ exam preparation

  • CompTIA A+, Network+ and Security+ certification.
  • 2 years of hands-on, technical IT experience.

Before taking the CompTIA PenTest+ exam:

  • Minimum of 4 years of hands-on information security experience.
  • Completion of our CompTIA PenTest+ training program.
  • Thorough understanding of all topics detailed in the exam objectives.10

Course Outline

The CompTIA PenTest+ certification course covers key concepts needed to grow your penetration testing skills. From key legal concepts to planning for an engagement to understanding attacks and exploits, you’ll be well equipped to master the exam.

Planning and Scoping

  • Explain the importance of planning for an engagement.
  • Explain key legal concepts.
  • Explain the importance of scoping an engagement properly.
  • Explain the key aspects of compliance-based assessments.

Information Gathering and Vulnerability Identification

  • Given a scenario, conduct information gathering using appropriate techniques.
  • Given a scenario, perform a vulnerability scan.
  • Given a scenario, analyze vulnerability scan results.
  • Explain the process of leveraging information to prepare for exploitation.
  • Explain weaknesses related to specialized systems.

Attacks and Exploits

  • Compare and contrast social engineering attacks.
  • Given a scenario, exploit network-based vulnerabilities.
  • Given a scenario, exploit wireless and RF-based vulnerabilities.
  • Given a scenario, exploit application-based vulnerabilities.
  • Given a scenario, exploit local host vulnerabilities.
  • Summarize physical security attacks related to facilities.
  • Given a scenario, perform post-exploitation techniques.

Penetration Testing Tools

  • Given a scenario, use Nmap to conduct information gathering exercises.
  • Compare and contrast various use cases of tools.
  • Given a scenario, analyze tool output or data related to a penetration test.
  • Given a scenario, analyze a basic script (limited to Bash, Python, Ruby, and PowerShell).

Reporting and Communication

  • Given a scenario, use report writing and handling best practices.
  • Explain post-report delivery activities.
  • Given a scenario, recommend mitigation strategies for discovered vulnerabilities.
  • Explain the importance of communication during the penetration testing process.

Top of Form

PLANNING AND SCOPING

  • Overview
  • Planning an Engagement
  • Planning on Engagement Part 2
  • Planning an Engagement Part 3
  • Planning an Engagement Part 4
  • Legal Concepts
  • Scoping an Engagement
  • Scoping an Engagement Part 2
  • Compliance-Based Assessments

INFORMATION GATHERING AND VULNERABILITY IDENTIFICATION

  • Pentesting Tools: Use Cases
  • Pentesting Tools: Use Cases Part 2
  • Pentesting Tools: Scanners
  • Pentesting Tools: Credential Testing
  • Pentesting Tools: Credential Testing Part 2
  • Pentesting Tools: Web Directory Enum
  • Pentesting Tools: Debuggers
  • Pentesting Tools: OSINT
  • Pentesting Tools: Wireless
  • Pentesting Tools: Web Proxies
  • Pentesting Tools: Social Engineering
  • Pentesting Tools: Remote Access
  • Pentesting Tools: Networking
  • Pentesting Tools: Misc
  • Pentesting Tools: Mobile
  • Nmap
  • Common Pentest Objectives
  • Analyze Scripts: Bash
  • Analyze Scripts: Bash Part 2
  • Analyze Scripts: Bash Part 3
  • Analyze Scripts: Python
  • Analyze Scripts: Python Part 2
  • Analyze Scripts: Python Part 3
  • Analyze Scripts: Ruby
  • Analyze Scripts: Ruby Part 2
  • Analyze Scripts: PowerShell
  • Analyze Scripts: Powershell Part 2
  • Vulnerability Scan Results

ATTACKS AND EXPLOITS

  • Info Gathering Techniques
  • Info Gathering Techniques Part 2
  • Info Gathering Techniques Part 3
  • Info Gathering Techniques Part 4
  • Perform Vulnerability Scans
  • Perform Vulnerability Scans Part 2
  • Perform Vulnerability Scans Part 3
  • Perform Vulnerability Scans Part 4
  • Exploration Preparation
  • Exploration Preparation Part 2
  • Weaknesses in Specialized Systems
  • Weaknesses in Specialized Systems Part 2

PENETRATION TESTING TOOLS

  • Social Engineering
  • Social Engineering Part 2
  • Network Vulnerability: Name Resolution
  • Network Vulnerability: SNMP, SMTP and FTP
  • Network Vulnerability: Pass-the-Hash
  • Network Vulnerabilities: MITM
  • Network Vulnerability Denial of Service
  • Network Vulnerabilities: NAC Bypass, VLAN Hopping
  • App Vulnerabilities Injection Attacks
  • App Vulnerabilities Injection Attacks Part 2
  • App Vulnerabilities: Injection Attacks Part 3
  • App Vulnerabilities: File Inclusions
  • App Vulnerabilities: File Inclusions Part 2
  • App Vulnerabilities: XSS, CSRF, Clickjacking
  • App Vulnerabilities: XSS, CSRF, Clickjacking Pt2
  • App Vulnerabilities: Authentication, Authorization
  • App Vulnerabilities: Insecure Coding
  • Wireless and RF Vulnerabilities
  • Wireless and RF Vulnerabilities Part 2
  • Host-Based Vulnerabilities
  • Host Based Vulnerabilities Part 2
  • Host Based Vulnerabilites Part 3
  • Host-Based Vulnerabilities Part 4
  • Host-Based Vulnerabilities Part 5
  • Site Security
  • Site Security Part 2
  • Post-Exploitation
  • Post-Exploitation Part 2

REPORTING AND COMMUNICATION

  • Reports
  • Post Report Activities
  • Vulnerability Mitigation Strategies
  • Communication Importance