Gain the skills you'll need to plan and execute penetration testing engagements, from vulnerability scanning to recommending remediation techniques. Perfect for those pursuing a career in penetration testing or network security.
CompTIA PenTest+ Certification Training Course
Overview
Syllabus
Lesson 1: Scoping Organizational/Customer Requirements
- Define Organizational PenTesting
- Acknowledge Compliance Requirements
- Compare Standards and Methodologies
- Describe Ways to Maintain Professionalism
Lesson 2: Defining the Rules of Engagement
- Assess Environmental Considerations
- Outline the Rules of Engagement
- Prepare Legal Documents
Lesson 3: Footprinting and Gathering Intelligence
- Discover the Target
- Gather Essential Data
- Compile Website Information
- Discover Open-Source Intelligence Tools
Lesson 4: Evaluating Human and Physical Vulnerabilities
- Exploit the Human Psyche
- Summarize Physical Attacks
- Use Tools to Launch a Social Engineering Attack
Lesson 5: Preparing the Vulnerability Scan
- Plan the Vulnerability Scan
- Detect Defenses
- Utilize Scanning Tools
Lesson 6: Scanning Logical Vulnerabilities
- Scan Identified Targets
- Evaluate Network Traffic
- Uncover Wireless Assets
Lesson 7: Analyzing Scanning Results
- Discover Nmap and NSE
- Enumerate Network Hosts
- Analyze Output from Scans
Lesson 8: Avoiding Detection and Covering Tracks
- Evade Detection
- Use Steganography to Hide and Conceal
- Establish a Covert Channel
Lesson 9: Exploiting the LAN and Cloud
- Enumerate Hosts
- Attack LAN Protocols
- Compare Exploit Tools
- Discover Cloud Vulnerabilities
- Explore Cloud-Based Attacks
Lesson 10: Testing Wireless Networks
- Discover Wireless Attacks
- Explore Wireless Tools
Lesson 11: Targeting Mobile Devices
- Recognize Mobile Device Vulnerabilities
- Launch Attacks on Mobile Devices
- Outline Assessment Tools for Mobile Devices
Lesson 12: Attacking Specialized Systems
- Identify Attacks on the IoT
- Recognize Other Vulnerable Systems
- Explain Virtual Machine Vulnerabilities
Lesson 13: Web Application-Based Attacks
- Recognize Web Vulnerabilities
- Launch Session Attacks
- Plan Injection Attacks
- Identify Tools
Lesson 14: Performing System Hacking
- System Hacking
- Use Remote Access Tools
- Analyze Exploit Code
Lesson 15: Scripting and Software Development
- Analyzing Scripts and Code Samples
- Create Logic Constructs
- Automate Penetration Testing
Lesson 16: Leveraging the Attack: Pivot and Penetrate
- Test Credentials
- Move Throughout the System
- Maintain Persistence
Lesson 17: Communicating During the PenTesting Process
- Define the Communication Path
- Communication Triggers
- Use Built-In Tools for Reporting
Lesson 18: Summarizing Report Components
- Identify Report Audience
- List Report Contents
- Define Best Practices for Reports
Lesson 19: Recommending Remediation
- Employ Technical Controls
- Administrative and Operational Controls
- Physical Controls
Lesson 20: Performing Post-Report Delivery Activities
- Post-Engagement Cleanup
- Follow-Up Actions
Taught by
Bruce Gay and Brian Simms