- Course Fee:
Eur395Special Offer 295
- Approved CompTIA eLearning Course
- eLearning course leading to certification from CompTIA
- Students have 12 months to work at their own pace, and can start at any time of year
- Click here to Enrol for this course online now
- Click here to Request a Prospectus
This comprehensive CompTIA PenTest+ elearning course prepares you for the PenTest+ exam. PenTest+ is unique because our certification requires a candidate to demonstrate the hands-on ability and knowledge to test devices in new environments such as the cloud and mobile, in addition to traditional desktops and servers.
This course includes the following features:
- Instructor-led demonstrations and visual presentations to develop your skills based on real-world scenarios.
- Unlike a live class, you can fast-forward, repeat or rewind all your lectures. This gives you all the benefit of hands-on training with the flexibility of doing it around your schedule 24/7.
- Flash Cards and Education Games are also provided throughout the course.
- Practice exams prepare you for your exams. These exams are on average 100 questions to ensure you are 100% prepared if you are taking a certification exam.
- You can also interact and collaborate with other students through our forums, student contributions and announcement features.
Who should complete this course?
- IT Managers, IT Security personnel, Programmers and Developers, IT Security Managers.
- People considering a career in IT Security Management.
Entry Requirements / Prerequisites
- Although not a prerequisite, it is recommended that candidates have 3-4 years of information security related experience.
- A good knowledge of Microsoft Windows.
- For technical requirements required to access CMIT eLearning click here>
- For more details on the suitability of this course click here>
How CMIT eLearning Works…
Topics covered in this CompTIA Pentest+ Course
Module 1: Understanding the target audience
- Rules of engagement
- Communication escalation path
- Resources and requirements
- Impact analysis and remediation timelines
- Technical constraints
- Support resources
- Environmental differences
- Written authorization
- Risk acceptance
- Tolerance to impact
- Scope creep
- Threat actors
- Compliance-based assessments, limitations and caveats
- Clearly defined objectives based on regulations
Module 2: Information Gathering and Vulnerability Identification
- Packet crafting
- Packet inspection
- Open Source Intelligence Gathering
- Credentialed vs. non-credentialed
- Types of scans
- Container security
- Application scan
- Considerations of vulnerability scanning
- Asset categorization
- Prioritization of vulnerabilities
- Common themes
- Map vulnerabilities to potential exploits
- Prioritize activities in preparation for penetration test
- Describe common techniques to complete attack
- Point-of-sale system
- Application containers
Module 3: Attacks and Exploits
- Phishing: Spear phishing, SMS phishing, Voice phishing, Whaling
- Shoulder surfing
- USB key drop
- Motivation techniques: Authority, Scarcity, Social proof, Urgency, Likeness, Fear
- Name resolution exploits
- SMB exploits
- SNMP exploits
- SMTP exploits
- FTP exploits
- DNS cache poisoning
- Pass the hash
- DoS/stress test
- NAC bypass
- VLAN hopping
- Evil twin
- Deauthentication attacks
- Fragmentation attacks
- Credential harvesting
- WPS implementation weakness
- RFID cloning
- Authentication: Credential brute forcing, Session hijacking, Redirect, Default credentials, Weak credentials, Kerberos exploits
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF/XSRF)
- Security misconfiguration
- File inclusion
- Unsecure code practices: Comments in source code, Lack of error handling, Overly verbose error handling , Hard-coded credentials, Race conditions, Unauthorized use of functions/unprotected APIs, Hidden elements, Lack of code signing
- OS vulnerabilities
- Unsecure service and protocol configurations
- Privilege escalation
- Default account settings
- Sandbox escape
- Physical device security
- Fence jumping
- Dumpster diving
- Lock picking
- Lock bypass
- Egress sensor
- Badge cloning
- Lateral movement
- Scheduled jobs
- Scheduled tasks
- Back doors
- New user creation
- Covering your tracks
Module 4: Penetration Testing Tools
- SYN scan (-sS) vs. full connect scan (-sT)
- Port selection (-p)
- Service identification (-sV)
- OS fingerprinting (-O)
- Disabling ping (-Pn)
- Target input file (-iL)
- Timing (-T)
- Output parameters: oA, oN, oG, oX
Module 5: Reporting and Communication
- Once you successfully pass the programme, you will receive a Diploma in IT Penetration Testing & Vulnerability management Security from CMIT.
- You may optionally take exams to receive certification. Exam fees are not included in the course price. Click here for exam information.
- Broadband internet connection of at least 10Mbps.
- Browser – we recommend Chrome or Safari for Tablet or Apple Mac; and Firefox or Internet Explorer for PC hardware.
- Operating System – PC (Windows 7 or later), Mac or Android.