CompTIA PenTest+ Certification
CompTIA PenTest+ PT0-002
CompTIA PenTest+ (PT0-002): Active Reconnaissance
it_csptpl_04_enus
CompTIA PenTest+ (PT0-002): Analyzing Tool & Script Output
it_csptpl_15_enus
CompTIA PenTest+ (PT0-002): Application-based Attacks
it_csptpl_08_enus
CompTIA PenTest+ (PT0-002): Attacks on Cloud Technologies
it_csptpl_09_enus
CompTIA PenTest+ (PT0-002): Attacks on Specialized Systems
it_csptpl_10_enus
CompTIA PenTest+ (PT0-002): Communication & Post-Report Activities
it_csptpl_14_enus
CompTIA PenTest+ (PT0-002): Network Attacks & Exploits
it_csptpl_06_enus
CompTIA PenTest+ (PT0-002): Passive Reconnaissance
it_csptpl_03_enus
CompTIA PenTest+ (PT0-002): Penetration Testing Tools
it_csptpl_16_enus
CompTIA PenTest+ (PT0-002): Post-Exploitation Techniques
it_csptpl_12_enus
CompTIA PenTest+ (PT0-002): Professionalism & Integrity
it_csptpl_02_enus
CompTIA PenTest+ (PT0-002): Scoping & Engagement
it_csptpl_01_enus
CompTIA PenTest+ (PT0-002): Social Engineering Attacks
it_csptpl_11_enus
CompTIA PenTest+ (PT0-002): Vulnerability Scanning
it_csptpl_05_enus
CompTIA PenTest+ (PT0-002): Wireless Attacks
it_csptpl_07_enus
CompTIA PenTest+ (PT0-002): Written Reports
it_csptpl_13_enus
CompTIA PenTest+ (PT0-002): Active Reconnaissance
Lesson Objectives
CompTIA PenTest+ (PT0-002): Active Reconnaissance
- discover the key concepts covered in this course
- describe how enumeration can be used to gather information about hosts, users, and domains
- recognize how to perform active web site reconnaissance
- provide an overview of packet crafting and the Scapy packet manipulation program
- describe defense techniques used for avoidance and detection
- provide an overview of active reconnaissance of tokens
- recognize why and when to use wardriving techniques
- recognize how to sniff and capture API network traffic requests
- list tools and techniques used for cloud asset discovery
- describe how to identify third-party hosted services
- recognize how to perform fingerprinting
- describe how to analyze the results of a reconnaissance exercise
- summarize the key concepts covered in this course
Overview/Description
Active reconnaissance requires a penetration tester to engage and interact with the targeted system to gather information and identify vulnerabilities. To do this, penetration testers can use several different methods including automated scanning and manual testing techniques. In this course, you'll learn how to use active reconnaissance techniques such as enumeration and web site reconnaissance, which are commonly used to gather intelligence about hosts, services, and web sites. You'll also learn about packet crafting, tokens, wardriving, network traffic, active fingerprinting, and defense detection and avoidance techniques. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
Active reconnaissance requires a penetration tester to engage and interact with the targeted system to gather information and identify vulnerabilities. To do this, penetration testers can use several different methods including automated scanning and manual testing techniques. In this course, you'll learn how to use active reconnaissance techniques such as enumeration and web site reconnaissance, which are commonly used to gather intelligence about hosts, services, and web sites. You'll also learn about packet crafting, tokens, wardriving, network traffic, active fingerprinting, and defense detection and avoidance techniques. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
Target
Prerequisites: none
CompTIA PenTest+ (PT0-002): Analyzing Tool & Script Output
Lesson Objectives
CompTIA PenTest+ (PT0-002): Analyzing Tool & Script Output
- discover the key concepts covered in this course
- recognize the basic concepts of logic constructs including loops, conditionals, Boolean operators, string operators, and arithmetic operators
- describe data structures including JavaScript Object Notation (JSON), key value, arrays, dictionaries, comma-separated values (CSV), lists, and trees
- recognize libraries penetration testers should know about
- describe key concepts of classes
- provide an overview of stored procedures
- recognize the key characteristics of functions in scription
- differentiate between different shells such as bash and PowerShell
- provide an overview of programming languages including Python, ruby, and Perl
- describe steps used to analyze exploit code
- recognize opportunities for automation in testing processes and analysis
- summarize the key concepts covered in this course
Overview/Description
Scripting languages can be used by penetration testers to help automate the execution of common tasks and increase the depth and scope of testing coverage. In this course, you'll learn the basic concepts of scripting and software development. Explore logic constructs concepts such as loops and conditionals, as well as the following operators; Boolean, string, and arithmetic. Discover other basic concepts of scripting including data structures, libraries, classes, procedures, and functions. You then explore how to analyze a script or code sample for use in a penetration test. Discover shells, programming languages, and exploit codes, and learn how to identify opportunities for automation. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
Scripting languages can be used by penetration testers to help automate the execution of common tasks and increase the depth and scope of testing coverage. In this course, you'll learn the basic concepts of scripting and software development. Explore logic constructs concepts such as loops and conditionals, as well as the following operators; Boolean, string, and arithmetic. Discover other basic concepts of scripting including data structures, libraries, classes, procedures, and functions. You then explore how to analyze a script or code sample for use in a penetration test. Discover shells, programming languages, and exploit codes, and learn how to identify opportunities for automation. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
Target
Prerequisites: none
CompTIA PenTest+ (PT0-002): Application-based Attacks
Lesson Objectives
CompTIA PenTest+ (PT0-002): Application-based Attacks
- discover the key concepts covered in this course
- provide an overview of the OWASP Top 10 standard awareness document
- provide an overview of server-side request forgery (SSRF) attacks
- describe how business logic vulnerabilities can be exploited
- recognize characteristics of a Structured Query Language (SQL) injection attack
- provide an overview of command injection attacks
- describe how to perform cross-site scripting (XSS) attacks
- list characteristics of a Lightweight Directory Access Protocol (LDAP) injection attack
- differentiate between race conditions, lack of error handling, lack of code signing, and insecure data transmission application vulnerabilities
- differentiate between session attacks including session hijacking, cross-site request forgery (CSRF), privilege escalation, session replay, and session fixation
- provide an overview of application programming interface (API) attacks
- recognize how directory traversal attacks work
- differentiate between application-based attack tools such as SQLmap and DirBuster
- provide an overview of the benefits offered by resources such as wordlists
- summarize the key concepts covered in this course
Overview/Description
Application-based attacks are designed to deliberately cause a fault in a computer's operating system or applications. In this course, you'll learn how to research attack vectors and perform application-based attacks. You'll explore the benefits of the OWASP Top 10 standard awareness document, which is used to present the most critical security risks to web applications. You'll examine application-based attacks such as server-side request forgery, business logic flaws, and injection attacks. You'll move on to learn about application vulnerabilities such as race conditions, lack of code signing, and session attacks, as well as the characteristics of API attacks such as Restful, Soap, and Extensible Markup Language-Remote Procedure Call. Lastly, you'll learn about application-based attack tools and resources. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
Application-based attacks are designed to deliberately cause a fault in a computer's operating system or applications. In this course, you'll learn how to research attack vectors and perform application-based attacks. You'll explore the benefits of the OWASP Top 10 standard awareness document, which is used to present the most critical security risks to web applications. You'll examine application-based attacks such as server-side request forgery, business logic flaws, and injection attacks. You'll move on to learn about application vulnerabilities such as race conditions, lack of code signing, and session attacks, as well as the characteristics of API attacks such as Restful, Soap, and Extensible Markup Language-Remote Procedure Call. Lastly, you'll learn about application-based attack tools and resources. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
Target
Prerequisites: none
CompTIA PenTest+ (PT0-002): Attacks on Cloud Technologies
Lesson Objectives
CompTIA PenTest+ (PT0-002): Attacks on Cloud Technologies
- discover the key concepts covered in this course
- describe how credential harvesting can be used to amass a large number of credentials
- describe how privilege escalation works
- recognize the characteristics of an account takeover (ATO) attack
- provide an overview of metadata service attacks
- describe how misconfigurations can lead to cloud-based data breaches
- recognize how to mitigate the risks of cloud resource exhaustion outages
- provide an overview of cloud malware injection attacks
- list characteristics of a denial of service attack
- recognize the signs of a side-channel attack
- recognize signs of a direct-to-origin cyber attack
- describe how software development kit (SDK) can be used as a tool in cloud-based attacks
- summarize the key concepts covered in this course
Overview/Description
Penetration testers need to account for all types of systems available in an environment. In addition to servers and network appliances, this can also include cloud-based systems. In this course, you'll learn how to research attack vectors and perform attacks on cloud technologies. You'll explore common cloud-based attacks, such as credential harvesting, privilege escalation, and account takeovers. You'll learn how to identify misconfigured cloud assets, including identity and access management and containerization technologies. You'll move on to explore how cloud malware injection, denial of service, and side-channel attacks can exploit a system. Lastly, you'll learn about common cloud tools such as the software development kit. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
Penetration testers need to account for all types of systems available in an environment. In addition to servers and network appliances, this can also include cloud-based systems. In this course, you'll learn how to research attack vectors and perform attacks on cloud technologies. You'll explore common cloud-based attacks, such as credential harvesting, privilege escalation, and account takeovers. You'll learn how to identify misconfigured cloud assets, including identity and access management and containerization technologies. You'll move on to explore how cloud malware injection, denial of service, and side-channel attacks can exploit a system. Lastly, you'll learn about common cloud tools such as the software development kit. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
Target
Prerequisites: none
CompTIA PenTest+ (PT0-002): Attacks on Specialized Systems
Lesson Objectives
CompTIA PenTest+ (PT0-002): Attacks on Specialized Systems
- discover the key concepts covered in this course
- recognize how to protect against mobile attacks
- provide an overview of common mobile vulnerabilities such as certificate pinning and insecure storage
- list common mobile attack tools such as Drozer and Needle
- recognize threats to Internet of Things (IoT) devices such as BLE attacks, data corruption, and data exfiltration
- provide an overview of data storage system vulnerabilities such as misconfigurations and network exposure
- provide an overview of Intelligent platform management interface (IPMI) vulnerabilities
- list common threats to supervisory control and data acquisition (SCADA), Industrial Internet of Things (IIoT), and industrial control system (ICS) systems
- describe common vulnerabilities found in virtual environments
- describe common vulnerabilities related to containerized workloads
- summarize the key concepts covered in this course
Overview/Description
Specialized systems by nature can be very challenging for penetration testers. They can use proprietary operating systems and file systems, and may require advanced reverse engineering and sandbox analysis. However, specialized systems are also very susceptible when it comes to weaknesses and vulnerabilities. In this course, you'll learn how to identify common attacks and vulnerabilities against specialized systems, including mobile systems and Internet of Things devices. You'll also explore common vulnerabilities, including data storage system vulnerabilities, management interface vulnerabilities, vulnerabilities related to virtual environments, and vulnerabilities related to containerized workloads. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
Specialized systems by nature can be very challenging for penetration testers. They can use proprietary operating systems and file systems, and may require advanced reverse engineering and sandbox analysis. However, specialized systems are also very susceptible when it comes to weaknesses and vulnerabilities. In this course, you'll learn how to identify common attacks and vulnerabilities against specialized systems, including mobile systems and Internet of Things devices. You'll also explore common vulnerabilities, including data storage system vulnerabilities, management interface vulnerabilities, vulnerabilities related to virtual environments, and vulnerabilities related to containerized workloads. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
Target
Prerequisites: none
CompTIA PenTest+ (PT0-002): Communication & Post-Report Activities
Lesson Objectives
CompTIA PenTest+ (PT0-002): Communication & Post-Report Activities
- discover the key concepts covered in this course
- recognize the importance of the communication path
- recognize communication triggers such as critical findings and indicators of prior compromise
- provide an overview of reasons to communicate such as de-escalation and criminal activity
- provide an overview of goal reprioritization
- describe the importance of presentation of findings
- describe post-report delivery activities such as post-engagement cleanup
- recognize the importance of client acceptance and lessons learned
- provide an overview of common follow up actions and attestation of findings
- recognize the importance of the data destruction processes
- summarize the key concepts covered in this course
Overview/Description
During penetration testing, tester activities can leave behind remnants that may alter a system. Any action performed during testing should be clearly documented. Upon completion of testing, penetration testers should perform a series of post-report delivery activities that include removing shells, removing tester created credentials, and removing any penetration testing tools. In this course, you'll explore post-report delivery activities such as post-engagement cleanup, client acceptance, lessons learned, attestation of findings, as well as data destruction processes and best practices. You'll also learn the importance of communication during the penetration testing process. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
During penetration testing, tester activities can leave behind remnants that may alter a system. Any action performed during testing should be clearly documented. Upon completion of testing, penetration testers should perform a series of post-report delivery activities that include removing shells, removing tester created credentials, and removing any penetration testing tools. In this course, you'll explore post-report delivery activities such as post-engagement cleanup, client acceptance, lessons learned, attestation of findings, as well as data destruction processes and best practices. You'll also learn the importance of communication during the penetration testing process. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
Target
Prerequisites: none
CompTIA PenTest+ (PT0-002): Network Attacks & Exploits
Lesson Objectives
CompTIA PenTest+ (PT0-002): Network Attacks & Exploits
- discover the key concepts covered in this course
- describe how to verify the stability and reliability of a service and system
- list common exploit resources such as exploit database
- provide an overview of ARP poisoning attacks
- list characteristics of an exploit chaining attack
- describe common password attacks such as password spraying and brute force
- describe on-path attacks, formerly known as man-in-the-middle attacks
- provide an overview of kerberoasting network attacks
- provide an overview of DNS cache poisoning
- describe virtual local area network (VLAN) hopping attacks and mitigation strategies
- provide an overview of network access control (NAC) bypass hacking
- recognize how to perform media access control spoofing
- describe how to perform a link-local multicast name resolution (LLMNR) attack
- provide an overview of New Technology LAN Manager (NTLM) relay attacks
- recognize how to exploit SNMP and SMTP protocols
- classify denial of service exploits
- describe FTP and DNS exploits
- provide an overview of network attack tools such as Metasploit, Netcat, and Nmap
- summarize the key concepts covered in this course
Overview/Description
Network attacks are commonly performed to gain unauthorized access to an organization's network, with a goal of performing malicious activity or stealing data. In this course, you'll learn how to research attack vectors and perform network attacks. You'll learn about password attacks such as password spraying, hash cracking, brute force, and dictionary. You'll explore how to perform common network attacks such as ARP poisoning, on-path, kerberoasting, virtual local area network hopping, as well as Link-Local Multicast Name Resolution and NetBIOS Name Service poisoning. Finally, you'll explore common network attack tools such as Metasploit, Netcat, and Nmap. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
Network attacks are commonly performed to gain unauthorized access to an organization's network, with a goal of performing malicious activity or stealing data. In this course, you'll learn how to research attack vectors and perform network attacks. You'll learn about password attacks such as password spraying, hash cracking, brute force, and dictionary. You'll explore how to perform common network attacks such as ARP poisoning, on-path, kerberoasting, virtual local area network hopping, as well as Link-Local Multicast Name Resolution and NetBIOS Name Service poisoning. Finally, you'll explore common network attack tools such as Metasploit, Netcat, and Nmap. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
Target
Prerequisites: none
CompTIA PenTest+ (PT0-002): Passive Reconnaissance
Lesson Objectives
CompTIA PenTest+ (PT0-002): Passive Reconnaissance
- discover the key concepts covered in this course
- recognize how to gather DNS information
- recognize how to identify and maintain technical contacts
- describe how to identify and maintain administrator contacts
- differentiate between techniques used to test cloud and self-hosted environments
- list different social media scraping techniques
- describe cryptographic flaws and vulnerabilities
- describe company reputation and security posture
- list passive reconnaissance data such as password dumps, file metadata, and web site archiving
- provide an overview of open source intelligence (OSINT) tools and sources
- summarize the key concepts covered in this course
Overview/Description
One of the main responsibilities of a penetration tester is to gather information by way of reconnaissance. Simply put, reconnaissance is the process of collecting as much information as possible about a target. In this course, you'll learn how to gather information using various passive reconnaissance techniques such as DNS lookups, cryptographic flaws, and social media scraping. You'll learn how to differentiate between cloud and self-hosted reconnaissance and examine valuable data found in password dumps, metadata, and public source-code repositories. You'll also explore how to use open source intelligence techniques, tools, and sources to exploit weaknesses and gather intelligence. This course will help prepare learners for the CompTIA PenTest+ PT0-002 certification exam.
One of the main responsibilities of a penetration tester is to gather information by way of reconnaissance. Simply put, reconnaissance is the process of collecting as much information as possible about a target. In this course, you'll learn how to gather information using various passive reconnaissance techniques such as DNS lookups, cryptographic flaws, and social media scraping. You'll learn how to differentiate between cloud and self-hosted reconnaissance and examine valuable data found in password dumps, metadata, and public source-code repositories. You'll also explore how to use open source intelligence techniques, tools, and sources to exploit weaknesses and gather intelligence. This course will help prepare learners for the CompTIA PenTest+ PT0-002 certification exam.
Target
Prerequisites: none
CompTIA PenTest+ (PT0-002): Penetration Testing Tools
Lesson Objectives
CompTIA PenTest+ (PT0-002): Penetration Testing Tools
- discover the key concepts covered in this course
- provide an overview of penetration testing tool use cases
- use Nmap for reconnaissance
- use scanner tools such as SQLmap, Nikto, Nessus, WPScan, and Brakeman
- work with credential testing tools
- compare debugging and software assurance tools
- describe OSINT tools
- provide an overview of wireless networking tools
- provide an overview of networking tools such as Wireshark and Hping
- recognize how to use web application tools such as OWASP ZAP, Burp Suite, and Gobuster
- use remote access tools
- provide an overview of social engineering tools such as BeEF
- recognize and compare miscellaneous tools available to penetration testers
- differentiate between steganography tools
- list and compare different cloud tools such as Pacu, Scout Suite, CloudBrute, and Cloud Custodian
- summarize the key concepts covered in this course
Overview/Description
A penetration tester's toolkit should include a wide range of tools and may vary based on the penetration testing engagement requirements. In this course, you'll explore use cases of tools required during the different phases of a penetration test. You'll examine scanner tools such as Nikto, SQLmap, and WPScan, as well as credential testing tools and debuggers. You'll learn about open-source intelligence tools, as well as wireless and networking tools such as Wireshark. Next, you'll explore web application, social engineering, remote access tools, and other miscellaneous tools. Lastly, you'll learn about common steganography tools and cloud tools. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
A penetration tester's toolkit should include a wide range of tools and may vary based on the penetration testing engagement requirements. In this course, you'll explore use cases of tools required during the different phases of a penetration test. You'll examine scanner tools such as Nikto, SQLmap, and WPScan, as well as credential testing tools and debuggers. You'll learn about open-source intelligence tools, as well as wireless and networking tools such as Wireshark. Next, you'll explore web application, social engineering, remote access tools, and other miscellaneous tools. Lastly, you'll learn about common steganography tools and cloud tools. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
Target
Prerequisites: none
CompTIA PenTest+ (PT0-002): Post-Exploitation Techniques
Lesson Objectives
CompTIA PenTest+ (PT0-002): Post-Exploitation Techniques
- discover the key concepts covered in this course
- demonstrate how to use the Empire post-exploitation tool
- demonstrate how to use the Mimikatz post-exploitation tool
- demonstrate how to use the BloodHound post exploitation tool
- define lateral movement in post-exploitation exercises
- recognize how to perform network segmentation testing
- provide an overview of privilege escalation and differentiate between horizontal and vertical escalation
- recognize how and why to perform a restrictive shell upgrade
- recognize techniques used to maintain foothold and persistence
- identify ways to cover tracks and avoid detection
- differentiate between enumeration techniques used to gather user, group, and forest information
- summarize the key concepts covered in this course
Overview/Description
Cybercriminals use post-exploitation techniques to maintain a level of access while they attempt to perform other actions during an open session. In this course, you'll learn about post-exploitation techniques and tools. You'll explore common post-exploitation tools such as Empire, Mimikatz, and BloodHound. Next, you'll examine post-exploitation techniques such as lateral movement, privilege escalation, and upgrading a restrictive shell. You'll learn techniques used to maintain foothold and persistence using trojans, backdoors, and daemons. Finally, you'll learn detection avoidance techniques, as well as enumeration techniques used to extract users, groups, forests, sensitive data, and unencrypted files. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
Cybercriminals use post-exploitation techniques to maintain a level of access while they attempt to perform other actions during an open session. In this course, you'll learn about post-exploitation techniques and tools. You'll explore common post-exploitation tools such as Empire, Mimikatz, and BloodHound. Next, you'll examine post-exploitation techniques such as lateral movement, privilege escalation, and upgrading a restrictive shell. You'll learn techniques used to maintain foothold and persistence using trojans, backdoors, and daemons. Finally, you'll learn detection avoidance techniques, as well as enumeration techniques used to extract users, groups, forests, sensitive data, and unencrypted files. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
Target
Prerequisites: none
CompTIA PenTest+ (PT0-002): Professionalism & Integrity
Lesson Objectives
CompTIA PenTest+ (PT0-002): Professionalism & Integrity
- discover the key concepts covered in this course
- describe the importance of performing background checks for penetration testing team members
- recognize the importance of adhering to the specific scope of engagement
- recognize how to handle findings that could be criminal in nature
- describe how to report on potential security breaches and suspicious activity
- limit the use of tools to what is required for a particular engagement
- provide an overview of steps that can be used to limit invasiveness based on scope
- describe the importance of maintaining confidentiality of data and information
- list potential risks to the penetration tester such as fees, fines, and criminal charges
- summarize the key concepts covered in this course
Overview/Description
Penetration testers must be ethical in order to avoid any illegal activities and to best serve clients. In this course, you'll learn how to develop and demonstrate an ethical hacking mindset by maintaining integrity and professionalism during penetration testing exercises. You'll explore the importance of performing background checks on penetration testing team members and adhering to the scope of engagement. You'll then examine how to identify, handle, and report on security breaches and potential findings of a criminal nature. You'll learn how to limit the use of tools for a particular engagement and invasiveness based on scope. Lastly, you'll learn the importance of maintaining data and information confidentiality of data and information and explore risks to penetration testing team members. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
Penetration testers must be ethical in order to avoid any illegal activities and to best serve clients. In this course, you'll learn how to develop and demonstrate an ethical hacking mindset by maintaining integrity and professionalism during penetration testing exercises. You'll explore the importance of performing background checks on penetration testing team members and adhering to the scope of engagement. You'll then examine how to identify, handle, and report on security breaches and potential findings of a criminal nature. You'll learn how to limit the use of tools for a particular engagement and invasiveness based on scope. Lastly, you'll learn the importance of maintaining data and information confidentiality of data and information and explore risks to penetration testing team members. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
Target
Prerequisites: none
CompTIA PenTest+ (PT0-002): Scoping & Engagement
Lesson Objectives
CompTIA PenTest+ (PT0-002): Scoping & Engagement
- discover the key concepts covered in this course
- recognize compliance considerations such as Payment Card Industry Data Security Standard (PCI DSS) and General Data Protection Regulation (GDPR)
- list geographical location restrictions such as country limitations, tool restrictions, local laws, and local government requirements
- describe when to use service level agreements (SLAs)
- recognize the importance of protecting confidentiality during penetration testing exercises
- recognize what details should be included in a penetration testing statement of work
- recognize key components of a non-disclosure agreement
- list the benefits of defining a master server agreement prior to penetration testing
- describe how to use approval forms to document the permission to attack
- recognize common standards and methodologies including MITRE ATT&CK, Open Web Application Security Project (OWASP), and the National Institute of Standards and Technology (NIST)
- recognize how clearly defined rules of engagement can help document the expectations of penetration testing
- recognize environmental considerations such as network, application, and cloud
- recognize how to define target lists such as wireless networks, domain, and physical locations
- recognize how to validate the scope of engagement using strategies such as time management and client contract review
- summarize the key concepts covered in this course
Overview/Description
Penetration testing is a coordinated and simulated cyberattack used to evaluate the security of a computer system or computer network. The initial and critical planning phase of penetration testing is key to a successful engagement process. In this course, you'll explore the fundamentals of penetration testing, including a comparison of governance, risk, and compliance concepts. You'll examine legal concepts such as service level agreements, statements of work, non-disclosure agreements, and master service agreements. You'll learn the importance of scoping and organizational and customer requirements, including common standards and methodologies, rules of engagement, environmental considerations, target list definition, and scope of the engagement validation. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
Penetration testing is a coordinated and simulated cyberattack used to evaluate the security of a computer system or computer network. The initial and critical planning phase of penetration testing is key to a successful engagement process. In this course, you'll explore the fundamentals of penetration testing, including a comparison of governance, risk, and compliance concepts. You'll examine legal concepts such as service level agreements, statements of work, non-disclosure agreements, and master service agreements. You'll learn the importance of scoping and organizational and customer requirements, including common standards and methodologies, rules of engagement, environmental considerations, target list definition, and scope of the engagement validation. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
Target
Prerequisites: none
CompTIA PenTest+ (PT0-002): Social Engineering Attacks
Lesson Objectives
CompTIA PenTest+ (PT0-002): Social Engineering Attacks
- discover the key concepts covered in this course
- provide an overview of the pretexting phase of social engineering
- differentiate between whaling and spear phishing e-mail phishing attacks
- recognize the characteristics of a short message service (SMS) phishing attack
- describe the dangers of lost and found thumb drives
- provide an overview of the vishing attack method
- describe the characteristics of a watering hole attack
- list characteristics of a tailgating attack
- provide an overview of dumpster diving attacks
- describe how shoulder surfing can lead to data theft
- list characteristics of badge cloning attacks
- describe how impersonation attacks work
- differentiate between social engineering attack tools
- list methods of influence that can be used in a social engineering attack
- summarize the key concepts covered in this course
Overview/Description
Social engineering involves the psychological manipulation of people and it's used to trick them into divulging information or performing certain actions. In this course, you'll learn how social engineering attacks are performed and how they can be used by attackers. You'll explore the pretext for a social engineering approach, as well as various social engineering attacks such as e-mail phishing, vishing, short message service, phishing, universal serial bus drop key, and watering hole. You'll then learn about tailgating, dumpster diving, shoulder surfing, and badge cloning physical attack methods. Lastly, you'll examine social engineering impersonation techniques, methods of influence, and tools. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
Social engineering involves the psychological manipulation of people and it's used to trick them into divulging information or performing certain actions. In this course, you'll learn how social engineering attacks are performed and how they can be used by attackers. You'll explore the pretext for a social engineering approach, as well as various social engineering attacks such as e-mail phishing, vishing, short message service, phishing, universal serial bus drop key, and watering hole. You'll then learn about tailgating, dumpster diving, shoulder surfing, and badge cloning physical attack methods. Lastly, you'll examine social engineering impersonation techniques, methods of influence, and tools. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
Target
Prerequisites: none
CompTIA PenTest+ (PT0-002): Vulnerability Scanning
Lesson Objectives
CompTIA PenTest+ (PT0-002): Vulnerability Scanning
- discover the key concepts covered in this course
- recognize key considerations when performing vulnerability scanning
- describe best practices for scanning targets for vulnerabilities
- recognize how to configure scan settings to avoid detection
- differentiate between types of scans
- list Nmap commands that can be used in penetration testing
- list vulnerability testing tools that help facilitate automation
- scan applications and containers
- categorize assets for scans
- describe adjudication and prioritization of scans
- define common scanning themes
- perform a vulnerability scan
- analyze a vulnerability scan
- summarize the key concepts covered in this course
Overview/Description
Vulnerability scanning is a process used to assess systems for known weaknesses. In this course, you'll learn how to configure vulnerability scanner settings and scan targets for vulnerabilities. You'll explore the different types of scanning methods, as well as vulnerability testing tools and common scanning themes. Next, you'll learn how to perform a scan analysis. You'll also examine the Nmap utility, which is designed to discover hosts and services on a computer network. You'll move on to explore Nmap Scripting Engine scripts and the numerous switches included in the Nmap utility that can helpful in penetration testing. Lastly, you'll learn about vulnerability testing tools that can help facilitate automation. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
Vulnerability scanning is a process used to assess systems for known weaknesses. In this course, you'll learn how to configure vulnerability scanner settings and scan targets for vulnerabilities. You'll explore the different types of scanning methods, as well as vulnerability testing tools and common scanning themes. Next, you'll learn how to perform a scan analysis. You'll also examine the Nmap utility, which is designed to discover hosts and services on a computer network. You'll move on to explore Nmap Scripting Engine scripts and the numerous switches included in the Nmap utility that can helpful in penetration testing. Lastly, you'll learn about vulnerability testing tools that can help facilitate automation. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
Target
Prerequisites: none
CompTIA PenTest+ (PT0-002): Wireless Attacks
Lesson Objectives
CompTIA PenTest+ (PT0-002): Wireless Attacks
- discover the key concepts covered in this course
- differentiate between wireless attack methods
- describe wireless evil twin attacks
- recognize the risks of a captive portal attack
- list characteristics of a wireless bluejacking attack
- describe wireless bluesnarfing attacks
- recognize the steps involved in radio-frequency identification (RFID) cloning
- describe how to hack Bluetooth Low Energy (BLE) devices
- describe wireless amplification attacks
- describe how Wi-Fi protected setup hacking attacks are performed
- provide an overview of cloning, jamming, and repeating
- provide an overview of wireless attack tools such as aircrack-ng suite and amplified antenna
- summarize the key concepts covered in this course
Overview/Description
The goal of a wireless network attack is generally to capture information sent across the network. In this course, you'll learn how to research attack vectors and perform wireless attacks. You'll explore common wireless network attack methods including eavesdropping, data modification, data corruption, relay attacks, spoofing, jamming, on-path, and capture handshakes. You'll then learn about common network attacks such as evil twin, bluejacking, bluesnarfing, radio-frequency identification cloning, amplification attacks, and Wi-Fi protected setup PIN attacks. Lastly, you'll discover how to use aircrack-ng suite and amplified antenna wireless network attack tools. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
The goal of a wireless network attack is generally to capture information sent across the network. In this course, you'll learn how to research attack vectors and perform wireless attacks. You'll explore common wireless network attack methods including eavesdropping, data modification, data corruption, relay attacks, spoofing, jamming, on-path, and capture handshakes. You'll then learn about common network attacks such as evil twin, bluejacking, bluesnarfing, radio-frequency identification cloning, amplification attacks, and Wi-Fi protected setup PIN attacks. Lastly, you'll discover how to use aircrack-ng suite and amplified antenna wireless network attack tools. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
Target
Prerequisites: none
CompTIA PenTest+ (PT0-002): Written Reports
Lesson Objectives
CompTIA PenTest+ (PT0-002): Written Reports
- discover the key concepts covered in this course
- list potential report audience members including stakeholders, technical staff, and developers
- list components of a written report such as executive summary, findings, and conclusion
- recognize the importance of security in the distribution of reports
- recognize the key elements of note taking and documentation
- describe common themes such as vulnerabilities and observations
- provide an overview of technical control recommendations to include in a report
- provide an overview of administrative control recommendations
- list common operational control recommendations to include in a report
- summarize the key concepts covered in this course
Overview/Description
A final written report is prepared by a penetration tester or testing team to document all findings and recommendations for the client once the engagement has completed. In this course, you'll learn the critical components of a written report, as well as the importance of communication during the penetration testing process. You'll explore how to analyze and report on findings, and how to securely distribute of the final product. Next, you'll examine common content to include in a written report such as an executive summary, scope details, methodology, findings, and conclusion. Lastly, you'll learn the steps required to properly analyze the findings and recommend the appropriate remediation within a report. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
A final written report is prepared by a penetration tester or testing team to document all findings and recommendations for the client once the engagement has completed. In this course, you'll learn the critical components of a written report, as well as the importance of communication during the penetration testing process. You'll explore how to analyze and report on findings, and how to securely distribute of the final product. Next, you'll examine common content to include in a written report such as an executive summary, scope details, methodology, findings, and conclusion. Lastly, you'll learn the steps required to properly analyze the findings and recommend the appropriate remediation within a report. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
Target
Prerequisites: none
