Introduction
In this course, delegates will be introduced to some general concepts and methodologies related to penetration testing. Delegates will learn how to plan, analyse, and report on penetration tests. This course can also assist delegates who pursuing the CompTIA PenTest+ certification, as tested in exam PT0-002. The course is designed to provide content and activities that correlate to the exam objectives, and therefore can be a resource as you prepare for the examination.
Audience profile
This course is intended for entry-level professionals with basic knowledge of computer hardware, software, and operating systems, who wish to increase their knowledge and understanding of Linux concepts and skills to prepare for a career in Linux support or administration, or to prepare for the CompTIA Linux+ certification examinations. A typical student in this course should have at least 6 to 12 months of Linux experience.
Pre-requisites
Before attending this course, delegates must have intermediate knowledge of information security concepts, including but not limited to:
- Identity and access management (IAM)
- Cryptographic concepts and implementations
- Computer networking concepts and implementations
- Common security technologies
- Practical experience in securing various computing environments, including small to medium businesses, as well as enterprise environments
Delegates can obtain this level of skills and knowledge by taking the CompTIA Security+ (IN-SE) course and obtaining the appropriate certification by completing and passing the CompTIA SY0-601 exam.
Course objectives
After completing this course, students will be able to:
- Plan and scope penetration tests
- Conduct passive reconnaissance
- Perform non-technical tests to gather information
- Conduct active reconnaissance
- Analyse vulnerabilities
- Penetrate networks
- Exploit host-based vulnerabilities
- Test applications
- Complete post-exploit tasks
- Analyse and report pen test results
Course content
| Lesson 1: Scoping Organizational/Customer Requirements |
- Define Organizational PenTesting
|
- Acknowledge Compliance Requirements
|
- Compare Standards and Methodologies
|
|
| Lesson 2: Defining the Rules of Engagement |
- Assess Environmental Considerations
|
- Outline the Rules of Engagement
|
|
|
|
| Lesson 3: Foot printing and Gathering Intelligence |
|
|
|
- Compile Website Information
|
- Discover Open-Source Intelligence Tools
|
| Lesson 4: Evaluating Human and Physical Vulnerabilities |
|
|
- Summarize Physical Attacks
|
- Use Tools to Launch a Social Engineering Attack
|
|
| Lesson 5: Preparing the Vulnerability Scan |
- Plan the Vulnerability Scan
|
|
|
|
|
| Lesson 6: Scanning Logical Vulnerabilities |
|
|
|
|
|
|
| Lesson 7: Analysing Scanning Results |
|
|
|
- Analyse Output from Scans
|
|
| Lesson 8: Avoiding Detection and Covering Tracks |
|
|
- Use Steganography to Hide and Conceal
|
- Establish a Covert Channel
|
|
| Lesson 9: Exploiting the LAN and Cloud |
|
|
|
|
|
- Discover Cloud Vulnerabilities
|
- Explore Cloud Based Attacks
|
|
| Lesson 10: Testing Wireless Networks |
- Discover Wireless Attacks
|
|
| Lesson 11: Targeting Mobile Devices |
- Recognize Mobile Device Vulnerabilities
|
- Launch Attacks on Mobile Devices
|
- Outline Assessment Tools for Mobile Devices
|
|
| Lesson 12: Attacking Specialized Systems |
- Identify Attacks on the IoT
|
- Recognize Other Vulnerable Systems
|
- Explain Virtual Machine Vulnerabilities
|
|
| Lesson 13: Web Application-Based Attacks |
- Recognize Web Vulnerabilities
|
|
|
|
|
| Lesson 14: Performing System Hacking |
|
|
|
|
|
|
| Lesson 15: Scripting and Software Development |
- Analysing Scripts and Code Samples
|
|
- Automate Penetration Testing
|
|
| Lesson 16: Leveraging the Attack: Pivot and Penetrate |
|
|
- Move Throughout the System
|
|
|
|
| Lesson 17: Communicating During the PenTesting Process |
- Define the Communication Path
|
|
- Use Built-In Tools for Reporting
|
|
| Lesson 18: Summarizing Report Components |
|
|
|
- Define Best Practices for Reports
|
|
| Lesson 19: Recommending Remediation |
- Employ Technical Controls
|
- Administrative and Operational Controls
|
|
|
|
| Lesson 20: Performing Post-Report Delivery Activities |
|
|
|
Associated certifications and exam
This course will prepare delegates to write the CompTIA PenTest+ PT0-002 Exam. Successfully passing this exam will result in the attainment of the CompTIA PenTest+ Certification.
The CompTIA PenTest+ will certify the successful candidate has the knowledge and skills required to plan and scope a penetration testing engagement including vulnerability scanning, understand legal and compliance requirements, analyse results, and produce a written report with remediation techniques.
| Exam Details |
CompTIA PenTest+ |
| Exam Title |
CompTIA PenTest+ |
| Number of Questions/Practical Challenges |
85 Questions |
| Recommended Experience |
Network+, Security+ or equivalent knowledge. Minimum of 3-4 years of hands-on information security or related experience. While there is no required prerequisite, PenTest+ is intended to follow CompTIA Security+ or equivalent experience and has a technical, hands-on focus. |
| Test Duration |
2 Hours 45 Minutes |
| Test Format |
Multiple choice questions and performance-based questions |
| Test Delivery |
Pearson VUE
Testing Centres
Online Testing |
| Availability |
Pearson VUE |
| Exam Prefix |
PT0-002 |
| Passing Score |
750 (on a scale of 900) |
| Retirement |
Three years after date of launch. |
