In this course, delegates will be introduced to some general concepts and methodologies related to penetration testing. Delegates will learn how to plan, analyze, and report on penetration tests. This course can also assist delegates who pursuing the CompTIA PenTest+ certification, as tested in exam PT0-001.
The course is designed to provide content and activities that correlate to the exam objectives, and therefore can be a resource as you prepare for the examination.
This course is intended for entry-level professionals with basic knowledge of computer hardware, software, and operating systems, who wish to increase their knowledge and understanding of Linux concepts and skills to prepare for a career in Linux support or administration, or to prepare for the CompTIA Linux+ certification examinations. A typical student in this course should have at least 6 to 12 months of Linux experience.
Prerequisites
Before attending this course, delegates must have intermediate knowledge of information security concepts, including but not limited to:
- Identity and access management (IAM)
- Cryptographic concepts and implementations
- Computer networking concepts and implementations
- Common security technologies
- Practical experience in securing various computing environments, including small to medium businesses, as well as enterprise environments
Delegates can obtain this level of skills and knowledge by taking the CompTIA Security+ (IN-SE) course and obtaining the appropriate certification by completing and passing the CompTIA SY0-501 exam.
CompTIA PenTest+ (PT0-002) comes in handy as the PT0-002 study guide with well descriptive interactive lessons containing knowledge checks, quizzes, flashcards, and glossary terms to get a detailed understanding of the concepts, such as planning and scoping a penetration testing engagement, understanding legal and compliance requirements, performing vulnerability scanning and penetration testing using appropriate tools and techniques, and then analyzing the results, and so on. The live labs present in the course will give you a hands-on experience of penetration testing.
Here’s what you will get
CompTIA PenTest+ PT0-002 exam requires a candidate to demonstrate hands-on ability to complete a penetration testing engagement and mitigate security weaknesses and vulnerabilities, as well as how to exploit them. PenTest+ assesses the most up-to-date penetration testing, and vulnerability assessment and management skills necessary to determine the resiliency of the network against attacks.
Lessons
13+ Lessons | 401+ Exercises | 232+ Quizzes | 571+ Flashcards | 457+ Glossary of terms
TestPrep
80+ Pre Assessment Questions | 2+ Full Length Tests | 80+ Post Assessment Questions | 160+ Practice Test Questions
Hand on lab
40+ LiveLab | 40+ Video tutorials | 01:48+ Hours
Here’s what you will learn
Lessons 1: Introduction
- CompTIA
- The PenTest+ Exam
- What Does This Course Cover?
- CompTIA PenTest+ Certification Exam Objectives
Lessons 2: Penetration Testing
- What Is Penetration Testing?
- Reasons for Penetration Testing
- Who Performs Penetration Tests?
- The CompTIA Penetration Testing Process
- The Cyber Kill Chain
- Tools of the Trade
- Summary
- Exam Essentials
- Lab Exercises
Lessons 3: Planning and Scoping Penetration Tests
- Scoping and Planning Engagements
- Penetration Testing Standards and Methodologies
- Key Legal Concepts for Penetration Tests
- Regulatory Compliance Considerations
- Summary
- Exam Essentials
- Lab Exercises
Lessons 4: Information Gathering
- Footprinting and Enumeration
- Active Reconnaissance and Enumeration
- Information Gathering and Defenses
- Summary
- Exam Essentials
- Lab Exercises
Lessons 5: Vulnerability Scanning
- Identifying Vulnerability Management Requirements
- Configuring and Executing Vulnerability Scans
- Software Security Testing
- Developing a Remediation Workflow
- Overcoming Barriers to Vulnerability Scanning
- Summary
- Exam Essentials
- Lab Exercises
Lessons 6: Analyzing Vulnerability Scans
- Reviewing and Interpreting Scan Reports
- Validating Scan Results
- Common Vulnerabilities
- Summary
- Exam Essentials
- Lab Exercises
Lessons 7: Exploiting and Pivoting
- Exploits and Attacks
- Exploitation Toolkits
- Exploit Specifics
- Leveraging Exploits
- Persistence and Evasion
- Pivoting
- Covering Your Tracks
- Summary
- Exam Essentials
- Lab Exercises
Lessons 8: Exploiting Network Vulnerabilities
- Identifying Exploits
- Conducting Network Exploits
- Exploiting Windows Services
- Identifying and Exploiting Common Services
- Wireless Exploits
- Summary
- Exam Essentials
- Lab Exercises
Lessons 9: Exploiting Physical and Social Vulnerabilities
- Physical Facility Penetration Testing
- Social Engineering
- Summary
- Exam Essentials
- Lab Exercises
Lessons 10: Exploiting Application Vulnerabilities
- Exploiting Injection Vulnerabilities
- Exploiting Authentication Vulnerabilities
- Exploiting Authorization Vulnerabilities
- Exploiting Web Application Vulnerabilities
- Unsecure Coding Practices
- Steganography
- Application Testing Tools
- Summary
- Exam Essentials
- Lab Exercises
Lessons 11: Attacking Hosts, Cloud Technologies, and Specialized Systems
- Attacking Hosts
- Credential Attacks and Testing Tools
- Remote Access
- Attacking Virtual Machines and Containers
- Attacking Cloud Technologies
- Attacking Mobile Devices
- Attacking IoT, ICS, Embedded Systems, and SCADA Devices
- Attacking Data Storage
- Summary
- Exam Essentials
- Lab Exercises
Lessons 12: Reporting and Communication
- The Importance of Communication
- Recommending Mitigation Strategies
- Writing a Penetration Testing Report
- Wrapping Up the Engagement
- Summary
- Exam Essentials
- Lab Exercises
Lessons 13: Scripting for Penetration Testing
- Scripting and Penetration Testing
- Variables, Arrays, and Substitutions
- Comparison Operations
- String Operations
- Flow Control
- Input and Output (I/O)
- Error Handling
- Advanced Data Structures
- Reusing Code
- The Role of Coding in Penetration Testing
- Summary
- Exam Essentials
- Lab Exercises
Hands-on LAB Activities
Information Gathering
- Using dig and nslookup Commands
- Performing Zone Transfer Using dig
- Using Maltego to Gather Information
- Using Recon-ng to Gather Information
- Using Nmap for Network Enumeration
- Performing Reconnaissance on a Network
- Performing an Intense Scan in Zenmap
- Using Nmap for User Enumeration
- Performing Nmap UDP Scan
- Performing Nmap SYN Scan
Vulnerability Scanning
- Conducting Vulnerability Scanning Using Nessus
Analyzing Vulnerability Scans
- Understanding Local Privilege Escalation
Exploiting and Pivoting
- Performing Vulnerability Scanning Using OpenVAS
- Searching Exploits Using searchsploit
- Using Meterpreter
- Using the Task Scheduler
- Understanding the Pass-the-hash Attack
- Using the Metasploit RDP Post-Exploitation Module
Exploiting Network Vulnerabilities
- Performing ARP Spoofing
- Simulating the DDoS Attack
- Using the EternalBlue Exploit in Metasploit
- Exploiting SMB
- Exploiting SMTP
- Exploiting SNMP
Exploiting Physical and Social Vulnerabilities
- Using the SET Tool
- Using BeEF
Exploiting Application Vulnerabilities
- Exploiting Command Injection Vulnerabilities
- Exploiting a Website Using SQL Injection
- Conducting a Cross-Site Request Forgery Attack
- Hiding Text Using Steganography
- Using OWASP ZAP
- Performing Session Hijacking Using Burp Suite
Attacking Hosts, Cloud Technologies, and Specialized Systems
- Cracking Passwords
- Cracking a Linux Password Using John the Ripper
- Creating Reverse and Bind Shells Using Netcat
Scripting for Penetration Testing
- Whitelisting an IP Address in the Windows Firewall
- Viewing Exploits Written in Perl
- Viewing the Effects of Hostile JavaScript in the Browser
- Finding Live Hosts by Using the Ping Sweep in Python
- Writing Bash Shell Script
Reviews
There are no reviews yet.