CompTIA Penetration Testing Certification (PenTest+)

5-Days Instructor Led

As organizations scramble to protect themselves and their customers against privacy or security breaches, the ability to conduct penetration testing is an emerging skill set that is becoming ever more valuable to the organizations seeking protection, and ever more lucrative for those who possess these skills.  In this course, you will be introduced to general concepts and methodologies related to pen testing, and you will work your way through a simulated pen test for a fictitious company.  This course will assist you if you are pursuing the CompTIA PenTest+ certification, as tested in exam PT0-002. PenTest+ is compliant with ISO 17024 standards and approved by the US DoD to meet directive 8140/8570.01-M requirements.

Learning Objectives

This course will prepare students for the CompTIA PenTest+ (PT0-002) exam and verify the successful candidate has the knowledge and skills required to:

• Plan and scope a penetration testing engagement
• Understand legal and compliance requirements
• Perform vulnerability scanning and penetration testing using appropriate tools and techniques, and then analyze the results
• Produce a written report containing proposed remediation techniques, effectively communicate results to the management team, and provide practical recommendations

Audience

This course is designed for those whose job role could be Penetration Tester, Security Consultant, Cloud Penetration Tester, Cloud Security Specialist, Network & Security Specialist, Web App Penetration Tester, Information Security Engineer, and Security Analyst.

Prerequisites

3–4 years of hands-on experience performing penetration tests, vulnerability assessments, and code analysis.

Network+, Security+, or equivalent certifications/knowledge.

Course Outline

1. Scoping Organizational/Customer Requirements

• Define Organizational PenTesting
• Acknowledge Compliance Requirements
• Compare Standards and Methodologies
• Describe Ways to Maintain Professionalism

2. Defining the Rules of Engagement

• Assess Environmental Considerations
• Outline the Rules of Engagement
• Prepare Legal Documents

3. Footprinting and Gathering Intelligence

• Discover the Target
• Gather Essential Data
• Compile Website Information
• Discover Open-Source Intelligence Tools

4. Evaluating Human and Physical Vulnerabilities

• Exploit the Human Psyche
• Summarize Physical Attacks
• Use Tools to Launch a Social Engineering Attack

5. Preparing the Vulnerability Scan

• Plan the Vulnerability Scan
• Detect Defenses
• Utilize Scanning Tools

6. Scanning Logical Vulnerabilities

• Scan Identified Targets
• Evaluate Network Traffic
• Uncover Wireless Assets

7. Analyzing Scanning Results

• Discover Nmap and NSE
• Enumerate Network Hosts
• Analyze Output from Scans

8. Avoiding Detection and Covering Tracks

• Evade Detection
• Use Steganography to Hide and Conceal
• Establish a Covert Channel

9. Exploiting the LAN and Cloud

• Enumerating Hosts
• Attack LAN Protocols
• Compare Exploit Tools
• Discover Cloud Vulnerabilities
• Explore Cloud-Based Attacks

10. Testing Wireless Networks

• Discover Wireless Attacks
• Explore Wireless Tools

11. Targeting Mobile Devices

• Recognize Mobile Device Vulnerabilities
• Launch Attacks on Mobile Devices
• Outline Assessment Tools for Mobile Devices

12. Attacking Specialized Systems

• Identify Attacks on the IoT
• Recognize Other Vulnerable Systems
• Explain Virtual Machine Vulnerabilities

13. Web Application-Based Attacks

• Recognize Web Vulnerabilities
• Launch Session Attacks
• Plan Injection Attacks
• Identify Tools

14. Performing System Hacking

• System Hacking
• Use Remote Access Tools
• Analyze Exploit Code

15. Scripting and Software Development

• Analyzing Scripts and Code Samples
• Create Logic Constructs
• Automate Penetration Testing

16. Leveraging the Attack- Pivot and Penetrate

• Test Credentials
• Move Throughout the System
• Maintain Persistence

17. Communicating During the PenTesting Process

• Define the Communication Path
• Communication Triggers
• Use Built-In Tools for Reporting

18. Summarizing Report Components

• Identify Report Audience
• List Report Contents
• Define Best Practices for Reports

19. Recommending Remediation

• Employ Technical Controls
• Administrative and Operational Controls
• Physical Controls

20. Performing Post-Report Delivery Activities

• Post-Engagement Cleanup
• Follow-Up Actions