CompTIA PenTest+ Certification

Offered Live by CyberWarior.

Unlock the core principles of pentesting and boost your career potential.

Explore PenTest+, an all-encompassing course designed to equip you with the expertise and competencies essential for proficient assessment planning and scoping. If you’re a cybersecurity professional eager to delve into the world of penetration testing and vulnerability management, this course is the perfect choice for you.

Upcoming dates:

  • Nov 6, 2023 – Nov 16, 2023
    Monday through Thursday, 5:30 pm – 9:30 pm EST
  • Jan 16, 2024 – Jan 25, 2024
    Monday through Thursday, 5:30 pm – 9:30 pm EST

What you will learn

  1. Planning and Scoping: Learn how to emphasize governance, risk, and compliance concepts while meeting organizational/customer requirements.
  2. Information Gathering and Vulnerability Scanning: Enhance your skills in vulnerability scanning, passive/active reconnaissance, and vulnerability management.
  3. Attacks and Exploits: Discover how to research social engineering techniques, perform network, wireless, and application-based attacks, as well as attacks on cloud technologies and post-exploitation techniques.
  4. Reporting and Communication: Understand the vital role of reporting and communication in a regulatory environment.
  5. Network Implementations: Gain insights into identifying scripts in various software deployments and analyzing code samples.

CyberWarrior Academy is a Certified CompTIA delivery Partner.

Course Content

Lesson 1: Scoping Organizational/Customer Requirements

Lesson 1 of CompTIA PenTest+ provides an overview of the course’s objectives and introduces key concepts related to organizational penetration testing. The lesson begins by defining organizational pen testing and emphasizes its role in assessing cyber health and resiliency while reducing overall risk.

Students are familiarized with the CompTIA process, acknowledging compliance requirements, and exploring standards and methodologies associated with pen testing, such as PCI DSS, GDPR, and other privacy laws.

The lesson further highlights the importance of professionalism in the field, including conducting background checks of the team, maintaining confidentiality, and avoiding potential legal implications.

Lesson 2: Defining the Rules of Engagement

In Lesson 2 of CompTIA PenTest+, the focus is on introducing the objectives and key considerations for conducting a penetration testing engagement. The lesson starts by assessing environmental factors that may impact the scope of the project. This involves defining the project scope, identifying in-scope assets, and understanding any restrictions that need to be taken into account. The rules of engagement are outlined, providing specific details on how the penetration testing will be carried out, including the chosen type and strategy for the assessment. Validating the scope of the engagement is crucial to ensure that all relevant areas are covered.

Additionally, the lesson emphasizes the importance of preparing legal documents to protect both parties involved. This includes ensuring confidentiality and obtaining permission from the appropriate stakeholders before commencing the penetration testing.

Lesson 3: Footprinting and Gathering Intelligence

Lesson 3 of CompTIA Network+ covers the installation and configuration of switched networks, including hubs, bridges, switches, network topologies, and network types. It provides knowledge on setting up and managing these components effectively for efficient network operations.

Lesson 4: Evaluating Human and Physical Vulnerabilities

Lesson 4 of CompTIA PenTest+ covers social engineering, physical attacks, and tools used to launch social engineering attacks. Topics include phishing, pharming, and baiting the victim, exploiting physical security, and discovering the Social Engineering Toolkit (SET) to spoof a call. The lesson emphasizes the importance of understanding human psychology and the potential risks associated with social engineering attacks.

Lesson 5: Preparing the Vulnerability Scan

Lesson 5 of CompTIA PenTest+ introduces the concept of planning vulnerability scans as part of the penetration testing process. It covers the importance of understanding vulnerabilities and the lifecycle of a vulnerability.

The lesson teaches how to perform active reconnaissance and run scans effectively. Students learn to detect defense mechanisms like load balancers, firewalls, and antivirus software. Moreover, they are introduced to various scanning tools and their utilization in analyzing the attack surface, crafting packets, and evaluating web tools.

Overall, this lesson equips learners with essential skills and knowledge to efficiently conduct vulnerability scans during penetration testing engagements.

Lesson 6: Scanning Logical Vulnerabilities

Lesson 6 of CompTIA PenTest+ covers various topics related to network scanning and vulnerability assessment. The lesson begins with an introduction to scanning identified targets and recognizing the different types of scans. It then moves on to assessing vulnerable web applications and automating vulnerability scanning.

The next section of the lesson is focused on evaluating network traffic, including sniffing using Wireshark, scanning with Nessus, and gathering ARP traffic. Finally, the lesson concludes with an introduction to uncovering wireless assets, such as war driving open access points and amplifying the Wi-Fi signal.

Lesson 7: Analyzing Scanning Results

Lesson 7 of CompTIA PenTest+ introduces Nmap and NSE (Nmap Scripting Engine), focusing on network discovery and enumeration techniques. The lesson covers the fundamentals of Nmap, including scripting capabilities, and delves into the process of enumerating network hosts. Students learn how to detect intriguing hosts, fingerprint operating systems, and analyze output from scans. Moreover, the lesson explores examining network traffic, evaluating DNS and web logs, and uncovering vulnerable web servers.

By the end of this lesson, students gain essential skills in using Nmap as a powerful tool for conducting penetration testing, allowing them to identify potential vulnerabilities and weaknesses within target networks.

Lesson 8: Avoiding Detection and Covering Tracks

In Lesson 8 of CompTIA PenTest+, the focus is on evading detection and establishing covert channels. The lesson begins with the concept of flying under the radar and bypassing Network Access Control (NAC) measures. It covers techniques such as living off the land and covering tracks to avoid leaving traces of unauthorized activity.

Additionally, the lesson delves into tidying logs and entries and erasing or shredding evidence to hide the attacker’s actions. The next section introduces the use of steganography to hide and conceal data. It explains standard stego tools and alternate methods of masking, including synthesizing images.

Lastly, the lesson explores the establishment of covert channels, enabling remote access through methods like Secure Shell, Netcat, Ncat, WinRM, and PSExec, as well as the use of proxies to maintain anonymity.

Lesson 9: Exploiting the LAN and Cloud

Lesson 9 of CompTIA PenTest+ covers a wide range of topics related to network enumeration and attack techniques. The lesson starts by introducing the concept of enumerating hosts and indexing the network, followed by cataloging Windows and Linux systems. The lesson then covers attacking LAN protocols, including moving between VLANs, launching an on-path attack, and spoofing LAN protocols. Poisoning LLMNR and NBT-NS is also discussed as a way of obtaining the hash. The lesson also covers chaining exploits, comparing exploit tools, and testing with Metasploit.

The last part of the lesson focuses on cloud vulnerabilities, including configuring cloud assets, understanding storage vulnerabilities, and controlling identity and access management. The lesson concludes with exploring cloud-based attacks, such as attacking the cloud, harvesting credentials, and denying service, and auditing the cloud.

Lesson 10: Testing Wireless Networks

In lesson 10 of CompTIA PenTest+, the focus is on wireless attacks. The lesson begins with an introduction to different types of wireless attacks and how to secure wireless transmissions. The course then covers topics such as gathering signals, cracking passwords and PINs, and launching on-path or relay attacks. It also explores how to deceive clients with an evil twin. The lesson concludes with an introduction to wireless tools and techniques for attacking WLANs and recovering keys.

Lesson 11: Targeting Mobile Devices

Lesson 11 of CompTIA PenTest+ focuses on mobile device vulnerabilities and their recognition. The lesson begins with a discussion on comparing deployment models and identifying vulnerabilities in mobile devices. It delves into launching attacks on mobile devices, comparing various attack methods, and specifically explores hacking a Bluetooth signal. Additionally, the lesson provides insights into assessment tools for mobile devices, outlining a framework for evaluating and examining the code using Postman for thorough assessment and testing.

Lesson 12: Attacking Specialized Systems

In lesson 12 of CompTIA PenTest+, students learn how to identify attacks on the Internet of Things (IoT), discover the IoT, outline vulnerabilities, and trigger an attack. They also learn how to recognize other vulnerable systems by understanding data storage systems, securing control systems, and identifying vulnerabilities. Finally, the lesson covers virtual machine vulnerabilities, outlining virtual environments, recognizing vulnerabilities, and attacking a virtual environment.

Lesson 13: Web Application-Based Attacks

In Lesson #13 of CompTIA PenTest+, the focus is on recognizing web vulnerabilities and understanding the OWASP Top 10, which highlights common web application security risks. The lesson covers several important topics, including exposing sensitive data, improper error handling, missing input validation, and code signing and verification. It delves into session attacks such as hijacking session credentials, crafting request forgery attacks, escalating privilege, and upgrading a non-interactive shell.

Additionally, the lesson explores exploiting business logic flaws and planning injection attacks, specifically identifying SQL injection vulnerabilities, traversing files using invalid input, injecting code, and executing XSS attacks. The use of various tools for these purposes is also discussed, including an overview of tools and exploiting a browser with BeEF.

Lesson 14: Performing System Hacking

Lesson 14 of CompTIA PenTest+ covers various topics related to system hacking and remote access tools. The lesson begins with an introduction to system hacking, followed by a discussion of running with .NET and .NET Framework. The lesson also covers managing Windows with PowerShell and discovering tools for system hacking. Next, the lesson introduces the use of remote access tools, including exploring with Netcat, monitoring with Ncat, and communicating within a secure shell. The lesson concludes with a discussion of analyzing exploit code and various techniques for downloading, launching, and exploiting programs to enumerate users and assets.

Lesson 15: Scripting and Software Development

Lesson 15 of CompTIA PenTest+ covers various scripting and coding methodologies used in penetration testing. The lesson starts with an introduction to analyzing scripts and code samples, followed by a discussion on automating tasks using scripting. The lesson then covers specific scripting languages such as Bash shell, PowerShell cmdlets, Python, Ruby, and Perl. Additionally, the lesson delves into the data structure types of Python, recognizing other data constructs, and defining object-oriented programming. The lesson concludes with a discussion on automating penetration testing by scanning ports, acquiring scripts and tools, and reviewing and breaking down scripts for better automation.

Lesson 16: Leveraging the Attack: Pivot and Penetrate

In Lesson 16 of CompTIA PenTest+, the focus is on testing credentials and moving throughout the system. The lesson covers topics such as upgrading a restrictive Linux shell, obtaining the hash, escalating privilege, gaining control in Windows, and escalating privileges in Linux.

It also explores creating a foothold, advanced persistent threats (APTs), bypassing restrictions, using backdoors and Trojans, employing reverse and bind shells, and comparing services and daemons. Finally, the lesson discusses scheduling tasks and maintaining persistence.

Lesson 17: Communicating During the PenTesting Process

Lesson 17 of CompTIA PenTest+ focuses on effective communication during penetration testing. The lesson begins by defining the communication path, emphasizing the importance of outlining this path to facilitate smooth interactions with clients and their counterparts. Students learn about establishing contacts and understanding their roles within the communication process. Communication triggers are introduced as essential events that prompt communication during the testing process. Providing situational awareness and recognizing criminal activity are highlighted to ensure effective response to potential security breaches. Moreover, students are taught to identify false positives to avoid unnecessary alarms.

In terms of reporting, the lesson emphasizes the use of built-in tools for generating reports, enabling testers to present their findings professionally. Students also learn how to share findings with the Dradis tool and build comprehensive reports with Nessus, enhancing their ability to communicate their penetration testing results effectively.

Lesson 18: Summarizing Report Components

Lesson 18 of CompTIA PenTest+ covers best practices for reporting the results of penetration testing. The lesson begins by discussing how to identify the audience for the report, including senior management, third-party stakeholders, technical staff, and developers. The report’s contents are then listed, including the executive summary, scope details, methodology, attack narrative, risk appetite, risk rating, business impact analysis, metrics and measures, remediation suggestions, and final report sections.

The lesson also covers best practices for storing and securing reports, taking notes, ongoing documentation during tests, grabbing screenshots, recognizing common themes and root causes, identifying vulnerabilities, providing observations, and summarizing writing and handling reports.

Lesson 19: Recommending Remediation

Lesson 19 of CompTIA PenTest+ covers various technical, administrative, and physical controls that can be employed to secure a system. The technical controls discussed include hardening the system, sanitizing user input, implementing multifactor authentication, encrypting passwords, remediating at the process-level, managing and applying patches, rotating keys, controlling certificate processes, providing secret solutions, and segmenting the network.

The administrative and operational controls include implementing policies and procedures, employing role-based access control, enforcing minimum password requirements, securing the development life cycle, managing organizational mobile devices, implementing people security controls, and outlining other operational considerations. Finally, physical controls such as controlling access to buildings, employing biometric controls, and utilizing video surveillance are also discussed.

Lesson 20: Performing Post-Report Delivery Activities

Lesson 20 of CompTIA PenTest+ covers post-engagement cleanup and follow-up actions. In the post-engagement cleanup section, the lesson discusses removing shells, deleting test credentials, eliminating tools, and destroying test data. In the follow-up actions section, the lesson covers gaining the client’s acceptance, confirming the findings, planning the retest, and reviewing lessons learned.

This lesson emphasizes the importance of properly closing out a penetration testing engagement to maintain the integrity of the process and ensure the client’s satisfaction.

Course Description

The CompTIA PenTest+ Certification Training is a comprehensive and hands-on course designed to equip aspiring cybersecurity professionals with the skills and knowledge needed to excel in the field of penetration testing. This course focuses on providing practical training to identify, exploit, and remediate vulnerabilities in systems, networks, and applications.

CertMaster Practice Included

This course offers access to both the CompTIA PenTest+ curriculum and labs, as well as the CompTIA PenTest+ CertMaster Practice, a personalized online tool for assessing your knowledge. It allows you to swiftly identify your strengths and areas for improvement through adaptive questioning and feedback.

Who This Course Is For 

This comprehensive certification is designed for individuals seeking to excel in penetration testing and cybersecurity. Whether you are a seasoned IT professional aiming to enhance your skill set or an aspiring cybersecurity enthusiast eager to break into the industry, this course will equip you with the knowledge and hands-on experience needed to succeed.

Join Our Live Course and Get:

  1. 20 hours of interactive live classes, expertly led by seasoned cybersecurity professionals.
  2. Complete access to official study guides, practice tests, and hands-on labs to reinforce your learning.
  3. An exam voucher included for the prestigious CompTIA PenTest+ Certification.
  4. Full support from our dedicated team of instructors, teacher’s assistants, and academy staff, ensuring you have a smooth learning experience.

Invest in your future today!

Take the first step by choosing your desired starting date. Our upcoming dates enables you to start at CyberWarrior Academy:

  • Nov 6, 2023 – Nov 16, 2023
    Monday through Thursday, 5:30 pm – 9:30 pm EST
  • Jan 16, 2024 – Jan 25, 2024
    Monday through Thursday, 5:30 pm – 9:30 pm EST

    Get certified in PenTest+ with our in-depth course and unlock a world of career opportunities!

    Suggested Pre-Course Knowledge:

    • Familiarity with fundamental networking principles such as IP addressing, subnetting, routing, and TCP/IP protocols.
    • Prior knowledge of cybersecurity fundamentals, including common threats, attack vectors, and defense mechanisms.
    • Proficiency in popular operating systems like Windows, Linux, and macOS.
    • An understanding of scripting languages like Python or Bash and basic programming concepts.
    • Familiarity with web technologies like HTML, CSS, and JavaScript.
    • Knowledge of IT infrastructure components, such as servers, databases, and cloud services.
    • A grasp of ethical hacking principles, including legal and ethical considerations.