CompTIA PenTest+ Certification

Training Architect
course instructor image
Bob Salmans

Introduction

Course Introduction

About the Author
00:01:10
About the Course
00:04:47
Setting Up Your Pentest Lab
00:07:37
About the Exam
00:02:56

1.0 Planning and Scoping

1.1 Planning for an Engagement

Pentests and Pentesting Frameworks
00:05:30
The Pentest Process
00:05:45
Communication, Rules of Engagement, and Resources
00:09:57
Confidentiality, Budgeting, Impact Analysis, Remediation Timelines, Disclaimers, and Constraints
00:11:54

1.2 Legal Considerations

Key Legal Concepts
00:09:09

1.3 Scoping an Engagement

Defining the Scope, Goals and Deliverables, and Assessments and Strategies
00:07:05
Threat Actors, Risk Response, and Tolerance
00:08:11
Types of Targets and Pentest Considerations
00:08:59

1.4 Key Aspects of Compliance-Based Assessments

Understanding Compliance
00:05:23

2.0 Information Gathering and Vulnerability Identification

2.1 Information Gathering Techniques

Active and Passive Reconnaissance
00:16:05
Weaponizing Data and Introduction to Metasploit
00:13:28
Enumeration
00:11:17
Introduction to Meterpreter
00:06:05
Scenario Walkthrough 01: How to Use Nmap to Scan a Host
00:07:15
Scenario Walkthrough 02: How to Enumerate a Service with Banner Grabbing
00:05:04
Scenario Walkthrough 03: Performing Website Enumeration with Kali Linux
00:07:08
Scenario Walkthrough 04: Using OWASP Dirbuster to Find Hidden Directories
00:04:29
Scenario Walkthrough 05: Finding OSINT Data Using theHarvester and the OSRFramework
00:08:26

2.2 Performing a Vulnerability Scan

Vulnerability Scanning
00:11:06
Scenario Walkthrough 06: Scanning Websites for Vulnerabilities Using Nikto
00:06:39
Scenario Walkthrough 07: Performing a Vulnerability Scan using OpenVAS
00:04:30
Scenario Walkthrough 08: Using Nmap to Scan for Vulnerabilities
00:04:04

2.3 Analyzing Vulnerability Scan Results

Vulnerability Analysis
00:10:24
Scenario Walkthrough 09: Analyzing an OpenVAS Vulnerability Report
00:03:43

2.4 Leveraging Information to Prepare for Exploitation

Leveraging Information
00:12:35
Scenario Walkthrough 10: An Introduction to CherryTree
00:04:45

2.5 System Weaknesses

Weaknesses of Specialized Systems
00:07:53

3.0 Attacks and Exploits

3.1 Social Engineering

Components of a Social Engineering Attack
00:09:24
Social Engineering Attacks and Techniques
00:08:06
Scenario Walkthrough 11: Creating a Credential Harvesting Website with SET
00:04:09
Scenario Walkthrough 12: Using SET to Execute a Spear Phishing Attack
00:07:27
Scenario Walkthrough 13: Executing a USB Dropper Attack Using SET
00:06:18

3.2 Network-Based Vulnerabilities

Sniffing, Hijacking, and Man-in-the-Middle Attacks
00:11:07
Network Protocol Attacks
00:08:50
Name Resolution, Brute Force, and DoS Attacks
00:16:32
Scenario Walkthrough 14: DNS Poisoning Using the Hosts File
00:05:14
Scenario Walkthrough 15: Using Wireshark to Sniff Plaintext Passwords
00:02:39

3.3 Wireless and RF-Based Vulnerabilities

Wireless Attacks and Exploits
00:11:38
Performing an Evil Twin Attack with SSLsplit
00:06:03

3.4 Application-Based Vulnerabilities

Directory Traversal and Poison Null Bytes
00:09:29
Authentication, Authorization, and Injection Attacks
00:13:39
File Inclusion Vulnerabilities and Web Shells
00:10:33
Scenario Walkthrough 16: Using Hydra to Brute-Force FTP
00:03:20
Scenario Walkthrough 17: Finding Web Application Vulnerabilities with OWASP ZAP
00:05:29

3.5 Local Host Vulnerabilities

OS Vulnerabilities and Password Cracking
00:13:45
Password Cracking Tools, Default Accounts, and Privilege Escalation
00:14:13
System Files, Sandbox Escapes, and Hardware Attacks
00:10:58
Scenario Walkthrough 18: Obtaining Password Hashes with Armitage
00:06:47
Scenario Walkthrough 19: Cracking Password Hashes with John the Ripper
00:05:37
Scenario Walkthrough 20: Performing Local Privilege Escalation with Meterpreter
00:05:30
Scenario Walkthrough 21: Exploiting the EternalBlue Vulnerability
00:04:50

3.6 Physical Security Vulnerabilities

Physical Security Goals and Guidelines
00:05:58

3.7 Post-Exploitation Techniques

Lateral Movement, Pivoting, and Persistence
00:07:25
Shells, Netcat, and Scheduled Tasks
00:10:39
Services/Daemons, Anti-Forensics, and Covering Your Tracks
00:08:19
Scenario Walkthrough 22: Clearing System Logs with Meterpreter
00:02:44
Scenario Walkthrough 23: Setting Up Persistence with Netcat
00:08:02
Scenario Walkthrough 24: Exfiltrating Data with Netcat
00:05:58
Scenario Walkthrough 25: Setting Up Persistence with Meterpreter
00:09:54
Scenario Walkthrough 26: Exfiltrating Data with Meterpreter
00:03:42

4.0 Penetration Testing Tools

4.1 Using Nmap for Information Gathering

Nmap Deep Dive
00:10:56

4.2 Choosing Pentesting Tools

Pentesting Tools and Use Cases
00:06:25

4.3 Analyzing Tool Output and Data

Understanding Tool Outputs
00:14:36
Scenario Walkthrough 27: Executing a Pass-the-Hash Attack
00:12:55
Scenario Walkthrough 28: Performing a SQL Injection Attack
00:09:02

4.4 Analyzing Basic Scripts

Analyzing Scripts in Bash, PowerShell, Python, and Ruby
00:13:46

5.0 Reporting and Communications

5.1 Report Writing and Handling

Report Writing and Handling Best Practices
00:10:23

5.2 Post-Report Delivery Activities

Delivery and Post-Delivery
00:07:17

5.3 Mitigating Discovered Vulnerabilities

Vulnerability Mitigation Strategies
00:16:32

5.4 Communicating During the Penetration Testing Process

The Importance of Communications
00:08:06

Conclusion

Next Steps

Taking the PenTest+ Certification Exam
00:02:56
Live-Environment-Challenge: PenTest+
04:00:00

Details

Welcome to the CompTIA PenTest+ certification course!

What is a penetration tester? Maybe you've been exposed to the idea of being an ethical hacker through movies or television, and this profession intrigues you. Or maybe you already work in the security field and you'd like to move into a penetration tester (pentester) role. If either of these are true, you've come to the right place.

Pentesters specialize in identifying and exploiting weaknesses within organizations. Pentesters not only work to discover weaknesses in servers and applications, but also in people. To be a successful pentester, you must know how to use a variety of tools, and you should be able to write scripts in multiple languages, as this allows you to write your own tools and create time-saving scripts.

The CompTIA PenTest+ certification course will walk you through the process of performing a pentest. You'll also become familiar with many popular tools and scripting languages. Whether you're interested in becoming a pentester or simply curious about the profession, this course is for you. Not only will this course prepare you for the certification exam, but it will also arm you with the skills necessary for entering into the mysterious realm of pentesting.

Download The Shadow Chronicle: https://interactive.linuxacademy.com/diagrams/theshadowchronicle.html

Study Guides

The Shadow Chronicle - Interactive Diagram

This is the interactive diagram used throughout this course!

CompTIA-PenTest-Plus-Study-Guide.pdf

Instructor Deck

Community

certificate ribbon icon

Earn a Certificate of Completion

When you complete this course, you’ll receive a certificate of completion as proof of your accomplishment.

Looking For Team Training?

Learn More