Course Summary
CompTIA PenTest+ course prepares you for the PT0-002 exam by preparing you to complete a penetration testing engagement. This course demonstrates how to plan and a scope a testing engagements. Mitigating security weaknesses and vulnerabilities as well as how to exploit them will also be discussed. The goal of this course is to provide you with all the tools you need to prepare for the CompTIA PenTest+ PT0-002 exam — including text explanations, video demos, lab activities, self-assessment questions, and a practice exam— to increase your chances of passing the exam on your first try.
Methodology:
180-day access to:
- Lessons
- Video learning
- MeasureUp Practice Test for CompTIA PenTest+ (PT0-002). Practice Mode with remediation and Certification mode to simulate the test day experience.
Duration:
3 days of training
Audience:
Designed for those who have a beginner cybersecurity certification and want to specialize in security penetration testing (ethical hacking).
Prerequisites:
- CompTIA Security + certification (recommended).
- CompTIA Network+ (recommended).
- 3-4 years in information security or related experience.
Course Outline:
Upon successful completion of this course, students should be able to:
- Plan and scope based on customer requirements.
- Gather information and complete vulnerability scanning.
- Understand attacks and exploits on the system.
- Describe how to report and communicate exploitations.
- Explain use cases for different tools and how to complete a code analysis.
Lesson 1: Introduction to Ethical Hacking and Penetration Testing (1 hour and 36 minutes)
- Understanding Ethical Hacking and Penetration Testing (24 minutes)
- Why Do We Need to Do Penetration Testing?
- Threat actor
- Exploring Penetration Testing Methodologies (36 minutes)
- Why Do We Need to Follow a Methodology for Penetration Testing?
- Environmental Considerations
- Surveying Different Standards and Methodologies
- Building Your Own Lab (36 minutes)
- Requirements and Guidelines for Penetration Testing Labs
- What Tools Should You Use in Your Lab?
- What if You Break Something?
- Summary
- Case Study
- Quiz
Lesson 2: Planning and Scoping a Penetration Testing Assessment (2 hours)
- Comparing and Contrasting Governance, Risk, and Compliance Concepts (1 hour)
- Regulatory Compliance Considerations
- Local Restrictions
- Legal Concepts
- Contracts
- Disclaimers
- Explain the Importance of Scoping and Organizational or Customer Requirements (48 minutes)
- Rules of Engagement
- Target List and In – Scope Assets
- Validating the Scope of Engagement
- Strategy: Unknown vs. Known Environment Testing
- Demonstrating an Ethical Hacking Mindset by Maintaining Professionalism and Integrity (12 minutes)
- Summary
- Case Study
- Quiz
Lesson 3: Design and implement routing (3 hours and 12 minutes)
- Performing Passive Reconnaissance (1 hour and 36 minutes)
- Active Reconnaissance vs. Passive Reconnaissance
- DNS Lookups
- Identification of Technical and Administrative Contacts
- Cloud vs. Self – Hosted Applications and Related Subdomains
- Social Media Scraping
- Cryptographic Flaws
- Company Reputation and Security Posture
- Open – Source Intelligence (OSINT) Gathering
- Performing Active Reconnaissance (36 minutes)
- Nmap Scan Types
- Types of Enumeration
- Packet Inspection and Eavesdropping
- Understanding the Art of Performing Vulnerability Scans (36 minutes)
- How a Typical Automated Vulnerability Scanner Works
- Types of Vulnerability Scans
- Challenges to Consider When Running a Vulnerability Scan
- Understanding How to Analyze Vulnerability Scan Results (24 minutes)
- Sources for Further Investigation of Vulnerabilities
- How to Deal with a Vulnerabilit
- Summary
- Case Study
- Quiz
Lesson 4: Social Engineering Attacks (2 hours and 36 minutes)
- Pretexting for an approach and Impersonation (12 minutes)
- Social Engineering Attacks (48 minutes)
- Email Phishing
- Short Message Service (SMS) Phishing
- Universal Serial Bus (USB) Drop Key
- Watering Hole Attacks
- Physical Attacks (48 minutes)
- Tailgating
- Dumpster Diving
- Shoulder Surfing
- Badge Cloning
- Social Engineering Tools (36 minutes)
- Social-Engineer Toolkit (SET)
- Browser Exploitation Framework (BeEF)
- Call Spoofing Tools
- Methods of Influence (12 minutes)
- Summary
- Case Study
- Quiz
Lesson 5: Exploiting Wired and Wireless Networks (6 hours)
- Exploiting Network-Based Vulnerabilities (3 hours)
- Windows Name Resolution and SMB Attacks
- SMB Exploits
- DNS Cache Poisoning
- SNMP Exploits
- SMTP Exploits
- FTP Exploits
- Pass-the-Hash Attacks
- Kerberos and LDAP-Based Attacks
- Kerberoasting
- On-Path Attacks
- Route Manipulation Attacks
- DoS and DDoS Attacks
- Network Access Control (NAC) Bypass
- VLAN Hopping
- DHCP Starvation Attacks and Rogue DHCP Servers
- Exploiting Wireless Vulnerabilities (3 hours)
- Rogue Access Points
- Evil Twin Attacks
- Dissociation (or Deauthentication) Attacks
- Preferred Network List Attacks
- Wireless Signal Jamming and Interference
- War Driving
- Initialization Vector (IV) Attacks and Unsecured Wireless Protocols
- Karma Attacks
- Fragmentation Attacks
- Credential Harvesting
- Bluejacking and Bluesnarfing
- Bluetooth Low Energy (BLE) Attacks
- Radio-Frequency Identification (RFID) Attacks
- Password Spraying
- Exploit Chaining
- Summary
- Case Study
- Quiz
Lesson 6: Exploiting Application-Based Vulnerabilities (6 hours and 12 minutes)
- Overview of Web Application-Based Attacks for Security Professionals and the OWASP Top 10 (36 minutes)
- The HTTP Protocol
- Web Sessions
- OWASP Top 10
- How to Build Your Own Web Application Labs (12 minutes)
- Understanding Business Logic Flaws (12 minutes)
- Understanding Injectionp0Based Vulnerabilities (36 minutes)
- SQL Injection Vulnerabilities
- Command Injection Vulnerabilities
- Lightweight Director Access Protocols (LDAP) Injection Vulnerabilities
- Exploiting Authentication-Based Vulnerabilities (48 minutes)
- Session Hijacking
- Redirect Attacks
- Default Credentials
- Kerberos Vulnerabilities
- Exploiting Authorization-Based Vulnerabilities (24 minutes)
- Parameter Pollution
- Insecure Direct Object Reference Vulnerabilities
- Understanding Cross-Site Scription (XSS) Vulnerabilities (48 minutes)
- Reflected XSS Attacks
- Stored XSS Attacks
- XSS Evasion Techniques
- XSS Mitigations
- Understanding Cross-Site Request Forgery (CSRF/XSR) and Server-Side Request (12 minutes)
- Forgery Attacks
- Understanding Clickjacking (12 minutes)
- Exploiting Security Misconfigurations (24 minutes)
- Exploiting Directory Traversal Vulnerabilities
- Cookie Manipulation Attacks
- Exploiting File Inclusion Vulnerabilities (24 minutes)
- Local File Inclusion Vulnerabilities
- Remote Insecure Vulnerabilities
- Exploiting Insecure Code Practices (1 hour and 24 minutes)
- Comments in Source Code
- Lack of Error Handling and Overly Verbose Error Handling
- Hard-Coded Credentials
- Race Conditions
- Unprotected APIs
- Hidden Elements
- Additional Web Application Hacking Tools
Lesson 7: Cloud, Mobile, and IoT Security (3 hours and 36 minutes)
- Researching Attack Vectors and Performing Attacks on Cloud Technologies (1 hour and 48 minutes)
- Credential Harvesting
- Privilege Escalation
- Account Takeover
- Metadata Service Attacks
- Attacks Against Misconfigured Cloud Assets
- Resource Exhaustion and DoS Attacks
- Cloud Malware Injection Attacks
- Side – Channel Attacks
- Tools and Software Development Kits (SDKs)
- Explaining Common Attacks and Vulnerabilities Against Specialized Systems (1 hour and 48 minutes)
- Attacking Mobile Devices
- Attacking Internet of Things (IoT) Devices
- Analyzing IoT Protocols
- IoT Security Special Considerations
- Common IoT Vulnerabilities
- Data Storage System Vulnerabilities
- Management Interface Vulnerabilities
- Exploiting Virtual Machines
- Vulnerabilities Related to Containerized Workloads
Lesson 8: Performing Post-Exploitation Techniques (1 hour and 36 minutes)
- Creating a Foothold and Maintaining Persistence After Compromising a System (48 minutes)
- Reverse and Bind Shells
- Command and Control (C2) Utilities
- Scheduled Jobs and Tasks
- Custom Daemons, Processes, and Additional Backdoors
- New Users
- Understanding How to Perform Lateral Movement, Detection Avoidance, and Enumeration (48 minutes)
- Post-Exploitation Scanning
- Legitimate Utilities and Living Off the Land
- Post-Exploitation Privilege Escalation
- How to Cover Your Tracks
Lesson 9: Reporting and Communication (2 hours and 36 minutes)
- Comparing and Contrasting Important Components of Written Reports (48 minutes)
- Report Contents
- Storage Time for Report and Secure Distribution
- Note Taking
- Common Themes/Root Causes
- Analyzing the Findings and Recommending the Appropriate Remediation Within a Report (48 minutes)
- Technical Controls
- Administrative Controls
- Operational Controls
- Physical Controls
- Explaining the Importance of Communication During the Penetration Testing Process (36 minutes)
- Communication Triggers
- Reasons for Communication
- Goal Reprioritization and Presentation of Findings
- Explaining Post – Report Delivery Activities (24 minutes)
- Post-Engagement Cleanup
- Additional Post-Report Delivery Activities
Lesson 10 Tools and Code Analysis (5 hours)
- Understanding the Basic Concepts of Scripting and Software Development (2 hours and 36 minutes)
- Logic Constructs
- Data Structures
- Libraries
- Procedures
- Functions
- Classes
- Analysis of Scripts and Code Samples for Use in Penetration Testing
- The Bash Shell
- Resources to Learn Python
- Resources to Learn Ruby
- Resources to Learn PowerShell
- Resources to Learn Perl
- Resources to Learn JavaScript
- Understanding the Different Use Cases of Penetration Testing Tools and Analyzing Exploit Code (2 hours and 24 minutes)
- Penetration Testing-Focused Linux Distributions
- Common Tools for Reconnaissance and Enumerations
- Common Tools for Vulnerability Scanning
- Common Tools for Credential TTACKS
- Common Tools for Persistence
- Common Tools for Evasion
- Exploitation Frameworks
- Common Decompilation, Disassembly, and Debugging Tools
- Common Tools for Forensics
- Common Tools for Software Assurance
- Steganography Tools
- Cloud Tools