Objectives

After completing this course, you will be able to plan, conduct, analyze, and report on penetration tests, including the ability to: Plan and scope penetration tests. Conduct passive reconnaissance. Perform non-technical tests to gather information. Conductive active reconnaissance. Analyze vulnerabilities. Penetrate networks. Exploit host-based vulnerabilities. Test applications. Complete post-exploit tasks. Analyze and report pen test results.

Audience

This course is designed for IT professionals who want to develop penetration testing skills to enable them to identify information-system vulnerabilities and effective remediation techniques for those vulnerabilities. Target students who also need to offer practical recommendations for action to properly protect information systems and their contents will derive those skills from this course. This course is also designed for individuals who are preparing to take the CompTIA PenTest+ certification exam PT0-001, or who plan to use PenTest+ as the foundation for more advanced security certifications or career roles. Individuals seeking this certification should have three to four years of hands-on experience performing penetration tests, vulnerability assessments, and vulnerability management.

Duration

Five days

Outline for CompTIA Penetration Tester+ (PenTest+) Certification

Chapter 1 - PLANNING AND SCOPING PENETRATION TESTS

  • Introduction to Penetration Testing Concepts
  • Plan a Pen Test Engagement
  • Scope and Negotiate a Pen Test Engagement
  • Prepare for a Pen Test Engagement

Chapter 2 - CONDUCTING PASSIVE RECONNAISSANCE

  • Gather Background Information
  • Prepare Background Findings for Next Steps

Chapter 3 - PERFORMING NON-TECHNICAL TESTS

  • Perform Social Engineering Tests
  • Perform Physical Security Tests on Facilities

Chapter 4 - CONDUCTING ACTIVE RECONNAISSANCE

  • Scan Networks
  • Enumerate Targets
  • Scan for Vulnerabilities
  • Analyze Basic Scripts

Chapter 5 - ANALYZING VULNERABILITIES

  • Analyze Vulnerability Scan Results
  • Leverage Information to Prepare for Exploitation

Chapter 6 - PENETRATING NETWORKS

  • Exploit Network-Based Vulnerabilities
  • Exploit Wireless and RF-Based Vulnerabilities
  • Exploit Specialized Systems

Chapter 7 - EXPLOITING HOST-BASED VULNERABILITIES

  • Exploit Windows-Based Vulnerabilities
  • Exploit *nix-Based Vulnerabilities

Chapter 8 - TESTING APPLICATIONS

  • Exploit Web Application Vulnerabilities
  • Test Source Code and Compiled Apps

Chapter 9 - COMPLETING POST-EXPLOIT TASKS

  • Use Lateral Movement Techniques
  • Use Persistence Techniques
  • Use Anti-Forensics Techniques

Chapter 10 - ANALYZING AND REPORTING PEN TEST RESULTS

  • Analyze Pen Test Data
  • Develop Recommendations for Mitigation Strategies
  • Write and Handle Reports
  • Conduct Post-Report-Delivery Activities