As organisations scramble to protect themselves and their customers against privacy or security breaches, the ability to conduct penetration testing is an emerging skill set that is becoming ever more valuable to the organisations seeking protection, and ever more lucrative for those who possess these skills. In this course, you will be introduced to general concepts and methodologies related to pen testing, and you will work your way through a simulated pen test for a fictitious company.
The CompTIA PenTest+ certification requires a candidate to demonstrate the hands-on ability and knowledge to test devices in new environments such as the cloud and mobile, in addition to traditional desktops and servers.
CompTIA PenTest+ joins CompTIA Cybersecurity Analyst (CySA+) at the intermediate-skills level of the cybersecurity career pathway as shown below. Depending on your course of study, PenTest+ and CySA+ can be taken in any order but typically follows the skills learned in Security+. While CySA+ focuses on defense through incident detection and response, PenTest+ focuses on offense through penetration testing and vulnerability assessment.
Although the two exams teach opposing skills, they are dependent on one another. The most qualified cybersecurity professionals have both offensive and defensive skills. Earn the PenTest+ certification to grow your career within the CompTIA recommended cybersecurity career pathway.
Cybersecurity professionals involved in hands-on penetration testing to identify, exploit, report, and manage vulnerabilities on a network.
By actively participating in this course, you will learn about the following:
Explain the importance of planning and key aspects of compliance-based assessments.
Conduct information gathering exercises with various tools and analyse output and basic scripts (limited to: Bash, Python, Ruby, PowerShell).
Gather information to prepare for exploitation then perform a vulnerability scan and analyse results.
Utilise report writing and handling best practices explaining recommended mitigation strategies for discovered vulnerabilities.
Exploit network, wireless, application, and RF-based vulnerabilities, summarize physical security attacks, and perform post-exploitation techniques.
Attendees should meet the following prerequisites:
Intermediate knowledge of information security concepts, including but not limited to identity and access management (IAM), cryptographic concepts and implementations, computer networking concepts and implementations, and common security technologies.
Practical experience in securing various computing environments, including small to medium businesses, as well as enterprise environments.
CompTIA Network + or CompTIA Security + or equivalent knowledge
Hands-on information security experience
Planning and Scoping Penetration Tests
Introduction to Penetration Testing Concepts
Plan a Pen Test Engagement
Scope and Negotiate a Pen Test Engagement
Prepare for a Pen Test Engagement
Conducting Passive Reconnaissance
Gather Background Information
Prepare Background Findings for Next Steps
Performing Non-Technical Tests
Perform Social Engineering Tests
Perform Physical Security Tests on Facilities
Conducting Active Reconnaissance
Scan for Vulnerabilities
Analyse Basic Scripts
Analyse Vulnerability Scan Results
Leverage Information to Prepare for Exploitation
Exploit Network-Based Vulnerabilities
Exploit Wireless and RF-Based Vulnerabilities
Exploit Specialized Systems
Exploiting Host-Based Vulnerabilities
Exploit Windows-Based Vulnerabilities
Exploit *Nix-Based Vulnerabilities
Exploit Web Application Vulnerabilities
Test Source Code and Compiled Apps
Completing Post-Exploit Tasks
Use Lateral Movement Techniques
Use Persistence Techniques
Use Anti-Forensics Techniques
Analysing and Reporting Pen Test Results
Analyse Pen Test Data
Develop Recommendations for Mitigation Strategies
Write and Handle Reports
Conduct Post-Report-Delivery Activities
Appendix A: Mapping Course Content to CompTIA PenTest+ (Exam PT0-001) Solutions Glossary Index
This course is recommended as preparation for the following exams:
This training course provided by Skilltec is accredited through Global Knowledge Training Ltd. Global Knowledge Training Ltd are the authorised learning partner; all trademarks and partner statuses are provided through them.