CompTIA PenTest+

Course Details

This comprehensive CompTIA PenTest+ elearning course prepares you for the PenTest+ exam. PenTest+ is unique because our certification requires a candidate to demonstrate the hands-on ability and knowledge to test devices in new environments such as the cloud and mobile, in addition to traditional desktops and servers.

This course includes the following features:

  • Instructor-led demonstrations and visual presentations to develop your skills based on real-world scenarios.
  • Unlike a live class, you can fast-forward, repeat or rewind all your lectures. This gives you all the benefit of hands-on training with the flexibility of doing it around your schedule 24/7.
  • Flash Cards and Education Games are also provided throughout the course.
  • Practice exams prepare you for your exams. These exams are on average 100 questions to ensure you are 100% prepared if you are taking a certification exam.
  • You can also interact and collaborate with other students through our forums, student contributions and announcement features.
Who should complete this course?
  • IT Managers, IT Security personnel, Programmers and Developers, IT Security Managers.
  • People considering a career in IT Security Management.
Entry Requirements / Prerequisites
  • Although not a prerequisite, it is recommended that candidates have 3-4 years of information security related experience.
  • A good knowledge of Microsoft Windows.
  • For technical requirements required to access CMIT eLearning click here>
  • For more details on the suitability of this course click here>
How CMIT eLearning Works…

Topics covered in this CompTIA Pentest+ Course

Module 1: Understanding the target audience

  • Rules of engagement
  • Communication escalation path
  • Resources and requirements
  • Budget
  • Impact analysis and remediation timelines
  • Disclaimers
  • Technical constraints
  • Support resources
  • Contracts
  • Environmental differences
  • Written authorization
  • Scoping
  • Risk acceptance
  • Tolerance to impact
  • Scheduling
  • Scope creep
  • Threat actors
  • Compliance-based assessments, limitations and caveats
  • Clearly defined objectives based on regulations

Module 2: Information Gathering and Vulnerability Identification

  • Scanning
  • Enumeration
  • Packet crafting
  • Packet inspection
  • Fingerprinting
  • Cryptography
  • Eavesdropping
  • Decompilation
  • Debugging
  • Open Source Intelligence Gathering
  • Credentialed vs. non-credentialed
  • Types of scans
  • Container security
  • Application scan
  • Considerations of vulnerability scanning
  • Asset categorization
  • Adjudication
  • Prioritization of vulnerabilities
  • Common themes
  • Map vulnerabilities to potential exploits
  • Prioritize activities in preparation for penetration test
  • Describe common techniques to complete attack
  • ICS
  • SCADA
  • Mobile
  • IoT
  • Embedded
  • Point-of-sale system
  • Biometrics
  • Application containers
  • RTOS

Module 3: Attacks and Exploits

  • Phishing: Spear phishing, SMS phishing, Voice phishing, Whaling
  • Elicitation
  • Interrogation
  • Impersonation
  • Shoulder surfing
  • USB key drop
  • Motivation techniques: Authority, Scarcity, Social proof, Urgency, Likeness, Fear
  • Name resolution exploits
  • SMB exploits
  • SNMP exploits
  • SMTP exploits
  • FTP exploits
  • DNS cache poisoning
  • Pass the hash
  • Man-in-the-middle
  • DoS/stress test
  • NAC bypass
  • VLAN hopping
  • Evil twin
  • Deauthentication attacks
  • Fragmentation attacks
  • Credential harvesting
  • WPS implementation weakness
  • Bluejacking
  • Bluesnarfing
  • RFID cloning
  • Jamming
  • Repeating
  • Injections
  • Authentication: Credential brute forcing, Session hijacking, Redirect, Default credentials, Weak credentials, Kerberos exploits
  • Authorization
  • Cross-site scripting (XSS)
  • Cross-site request forgery (CSRF/XSRF)
  • Clickjacking
  • Security misconfiguration
  • File inclusion
  • Unsecure code practices: Comments in source code, Lack of error handling, Overly verbose error handling , Hard-coded credentials, Race conditions, Unauthorized use of functions/unprotected APIs, Hidden elements, Lack of code signing
  • OS vulnerabilities
  • Unsecure service and protocol configurations
  • Privilege escalation
  • Default account settings
  • Sandbox escape
  • Physical device security
  • Piggybacking/tailgating
  • Fence jumping
  • Dumpster diving
  • Lock picking
  • Lock bypass
  • Egress sensor
  • Badge cloning
  • Lateral movement
  • Persistence
  • Scheduled jobs
  • Scheduled tasks
  • Daemons
  • Back doors
  • Trojan
  • New user creation
  • Covering your tracks

Module 4: Penetration Testing Tools

  • SYN scan (-sS) vs. full connect scan (-sT)
  • Port selection (-p)
  • Service identification (-sV)
  • OS fingerprinting (-O)
  • Disabling ping (-Pn)
  • Target input file (-iL)
  • Timing (-T)
  • Output parameters: oA, oN, oG, oX

Module 5: Reporting and Communication

Assessment
  • Once you successfully pass the programme, you will receive a Diploma in IT Penetration Testing & Vulnerability management Security from CMIT.
  • You may optionally take exams to receive certification. Exam fees are not included in the course price. Click here for exam information.
Technical Requirements
  • Broadband internet connection of at least 10Mbps.
  • Browser – we recommend Chrome or Safari for Tablet or Apple Mac; and Firefox or Internet Explorer for PC hardware.
  • Operating System – PC (Windows 7 or later), Mac or Android.
Accreditation
Student Reviews of this Course
{{ reviewsOverall }} / 5 Users (0 votes)
Rating0
What students say... Leave your rating
Order by:

Be the first to leave a review.

Verified
{{{review.rating_comment | nl2br}}}

Show more
{{ pageNumber+1 }}
Leave your rating