CompTIA PenTest

Course description

Course Details
This comprehensive CompTIA PenTest+ eLearning course prepares you for the PenTest+ exam. PenTest+ is unique because the certification requires a candidate to demonstrate the hands-on ability and knowledge to test devices in new environments such as the cloud and mobile, in addition to traditional desktops and servers. The CompTIA PenTest+ course will ensure the successful candidate has the knowledge and skills required to:

• Plan and scope an assessment.
• Understand legal and compliance requirements.
• Perform vulnerability scanning and penetration testing using appropriate tools and techniques
• Analyze the results.

This CompTIA PenTest+ Course includes the following features:

• Instructor-led demonstrations and visual presentations to develop your skills based on real-world scenarios.
• Unlike a live class, you can fast-forward, repeat or rewind all your lectures. This gives you all the benefit of hands-on training with the flexibility of doing it around your schedule 24/7.
• FlashCards and Education Games are also provided throughout the course.
• Practice exams prepare you for your exams. These exams are on average 100 questions to ensure you are 100% prepared if you are taking a certification exam.
• You can also interact and collaborate with other students through our forums, student contributions and announcement features.

Who should complete this CompTIA PenTest+ Course?

• IT Managers, IT Security personnel, Programmers and Developers, IT Security Managers.
• People considering a career in IT Security Management.

Entry Requirements / Prerequisites
None. It is however recommended that students have Network+, Security+ or equivalent knowledge. Minimum of 3-4 years of hands-on information security or related experience. While there is no required prerequisite, PenTest+ is intended to follow CompTIA Security+ or equivalent experience and has a technical, hands-on focus.

Topics covered in this CompTIA PenTest+ Course

Module 1: Understanding the target audience

Rules of engagement
Communication escalation path
Resources and requirements
Budget
Impact analysis and remediation timelines
Disclaimers
Technical constraints
Support resources
Contracts
Environmental differences
Written authorization
Scoping
Risk acceptance
Tolerance to impact
Scheduling
Scope creep
Threat actors
Compliance-based assessments, limitations and caveats
Clearly defined objectives based on regulations

Module 2: Information Gathering and Vulnerability Identification

Scanning
Enumeration
Packet crafting
Packet inspection
Fingerprinting
Cryptography
Eavesdropping
Decompilation
Debugging
Open Source Intelligence Gathering
Credentialed vs. non-credentialed
Types of scans
Container security
Application scan
Considerations of vulnerability scanning
Asset categorization
Adjudication
Prioritization of vulnerabilities
Common themes
Map vulnerabilities to potential exploits
Prioritize activities in preparation for penetration test
Describe common techniques to complete attack
ICS
SCADA
Mobile
IoT
Embedded
Point-of-sale system
Biometrics
Application containers
RTOS

Module 3: Attacks and Exploits

Phishing: Spear phishing, SMS phishing, Voice phishing, Whaling
Elicitation
Interrogation
Impersonation
Shoulder surfing
USB key drop
Motivation techniques: Authority, Scarcity, Social proof, Urgency, Likeness, Fear
Name resolution exploits
SMB exploits
SNMP exploits
SMTP exploits
FTP exploits
DNS cache poisoning
Pass the hash
Man-in-the-middle
DoS/stress test
NAC bypass
VLAN hopping
Evil twin
Deauthentication attacks
Fragmentation attacks
Credential harvesting
WPS implementation weakness
Bluejacking
Bluesnarfing
RFID cloning
Jamming
Repeating
Injections
Authentication: Credential brute-forcing, Session hijacking, Redirect, Default credentials, Weak credentials, Kerberos exploits
Authorization
Cross-site scripting (XSS)
Cross-site request forgery (CSRF/XSRF)
Clickjacking
Security misconfiguration
File inclusion
Unsecure code practices: Comments in source code, Lack of error handling, Overly verbose error handling, Hard-coded credentials, Race conditions, Unauthorized use of functions/unprotected APIs, Hidden elements, Lack of code signing
OS vulnerabilities
Unsecure service and protocol configurations
Privilege escalation
Default account settings
Sandbox escape
Physical device security
Piggybacking/tailgating
Fence jumping
Dumpster diving
Lock picking
Lock bypass
Egress sensor
Badge cloning
Lateral movement
Persistence
Scheduled jobs
Scheduled tasks
Daemons
Back doors
Trojan
New user creation
Covering your tracks

Module 4: Penetration Testing Tools

SYN scan (-sS) vs. full connect scan (-sT)
Port selection (-p)
Service identification (-sV)
OS fingerprinting (-O)
Disabling ping (-Pn)
Target input file (-iL)
Timing (-T)
Output parameters: oA, oN, oG, oX

Module 5: Reporting and Communication

Assessment

Once you successfully pass the programme, you will receive a Diploma in IT Penetration Testing and Vulnerability Management from CMIT.

Technical Requirements
Broadband internet connection of at least 10Mbps.
Browser – we recommend Chrome or Safari for Tablet or Apple Mac; and Firefox or Internet Explorer for PC hardware.
Operating System – PC (Windows 7 or later), Mac or Android.

Accreditation
You may optionally take exams to receive CompTIA certification.