CompTIA PenTest+

11 MAR 2019-15 MAR 2019 9:00 AM - 5:00 PM (5 Days)

Network Training Center

COURSE DESCRIPTION

CompTIA PenTest+ is a certification for intermediate skills level cybersecurity professionals who are tasked with hands-on penetration testing to identify, exploit, report, and manage vulnerabilities on a network. PenTest+ is unique because the certification requires a candidate to demonstrate the hands-on ability and knowledge to test devices in new environments such as the cloud and mobile, in addition to traditional desktops and servers.


COURSE OBJECTIVES

After completing this course, you will accomplish following:

▪ Explain the importance of planning for an engagement.

▪ Explain key legal concepts.

▪ Explain the importance of scoping an engagement properly.

▪ Explain the key aspects of compliance-based assessments.

▪ Conduct information gathering using appropriate techniques.

▪ Perform a vulnerability scan.

▪ Analyze vulnerability scan results.

▪ Explain the process of leveraging information to prepare for exploitation.

▪ Explain weaknesses related to specialized systems.

▪ Compare and contrast social engineering attacks.

▪ Exploit network-based vulnerabilities.

▪ Exploit wireless and RF-based vulnerabilities.

▪ Exploit application-based vulnerabilities.

▪ Exploit local host vulnerabilities.

▪ Summarize physical security attacks related to facilities.

▪ Perform post-exploitation techniques.

▪ Use Nmap to conduct information gathering exercises.

▪ Compare and contrast various use cases of tools.

▪ Analyze tool output or data related to a penetration test.

▪ Analyze a basic script (limited to Bash, Python, Ruby, and PowerShell) Reporting and Communication.

▪ Use report writing and handling best practices.

▪ Explain post-report delivery activities.

▪ Recommend mitigation strategies for discovered vulnerabilities.

▪ Explain the importance of communication during the penetration testing process.


COURSE OUTLINE

Lesson 1: Planning and Scoping Penetration Tests

▪ Introduction to Penetration Testing Concepts

▪ Plan a Pen Test Engagement

▪ Scope and Negotiate a Pen Test Engagement

▪ Prepare for a Pen Test Engagement

Lesson 2: Conducting Passive Reconnaissance

▪ Gather Background Information

▪ Prepare Background Findings for Next Steps

Lesson 3: Performing Non-Technical Tests

▪ Perform Social Engineering Tests

▪ Perform Physical Security Tests on Facilities

Lesson 4: Conducting Active Reconnaissance

▪ Scan Networks

▪ Enumerate Targets

▪ Scan for Vulnerabilities

▪ Analyze Basic Scripts

Lesson 5: Analyzing Vulnerabilities

▪ Analyze Vulnerability Scan Results

▪ Leverage Information to Prepare for Exploitation

Lesson 6: Penetrating Networks

▪ Exploit Network-Based Vulnerabilities

▪ Exploit Wireless and RF-Based Vulnerabilities

▪ Exploit Specialized Systems

Lesson 7: Exploiting Host-Based Vulnerabilities

▪ Exploit Windows-Based Vulnerabilities

▪ Exploit *Nix-Based Vulnerabilities

Lesson 8: Testing Applications

▪ Exploit Web Application Vulnerabilities

▪ Test Source Code and Compiled Apps

Lesson 9: Completing Post-Exploit Tasks

▪ Use Lateral Movement Techniques

▪ Use Persistence Techniques

▪ Use Anti-Forensics Techniques

Lesson 10: Analyzing and Reporting Pen Test Results

▪ Analyze Pen Test Data

▪ Develop Recommendations for Mitigation Strategies

▪ Write and Handle Reports

▪ Conduct Post-Report-Delivery Activities


PREREQUISITES

▪ 3-4 years of hands-on information security or related experience

▪ Network+, Security+, or equivalent knowledge

SHARE WITH FRIENDS


For more information, please call +66 (0) 2634-7993-4