CompTIA

CYB-325 Ethical Hacking and Penetration Testing

(AIUS-CYB-325.AB2)
Lessons
Lab
TestPrep
AI Tutor (Add-on)
Get A Free Trial

Skills You’ll Get

Download Course Outline

1

Ethical Hacking: Planning, Information Gathering, and Vulnerability Scanning

  • Understanding Ethical Hacking and Penetration Testing
  • Exploring Penetration Testing Methodologies
  • Building Your Own Lab
  • Comparing and Contrasting Governance, Risk, and Compliance Concepts
  • Explaining the Importance of Scoping and Organizational or Customer Requirements
  • Demonstrating an Ethical Hacking Mindset by Maintaining Professionalism and Integrity
  • Performing Passive Reconnaissance
  • Performing Active Reconnaissance
  • Understanding the Art of Performing Vulnerability Scans
  • Understanding How to Analyze Vulnerability Scan Results
2

Social Engineering Attacks and Exploiting Networks

  • Pretexting for an Approach and Impersonation
  • Social Engineering Attacks
  • Physical Attacks
  • Social Engineering Tools
  • Methods of Influence
  • Exploiting Network-Based Vulnerabilities
  • Exploiting Wireless Vulnerabilities
3

Exploiting Application Vulnerabilities, Cloud, Mobile, and IoT Security

  • Overview of Web Application-Based Attacks for Security Professionals and the OWASP Top 10
  • How to Build Your Own Web Application Lab
  • Understanding Business Logic Flaws
  • Understanding Injection-Based Vulnerabilities
  • Exploiting Authentication-Based Vulnerabilities
  • Exploiting Authorization-Based Vulnerabilities
  • Understanding Cross-Site Scripting (XSS) Vulnerabilities
  • Understanding Cross-Site Request Forgery (CSRF/XSRF) and Server-Side Request Forgery Attacks
  • Understanding Clickjacking
  • Exploiting Security Misconfigurations
  • Exploiting File Inclusion Vulnerabilities
  • Exploiting Insecure Code Practices
  • Researching Attack Vectors and Performing Attacks on Cloud Technologies
  • Explaining Common Attacks and Vulnerabilities Against Specialized Systems
4

Performing Post-Exploitation Techniques, Reporting and Communication

  • Creating a Foothold and Maintaining Persistence After Compromising a System
  • Understanding How to Perform Lateral Movement, Detection Avoidance, and Enumeration
  • Comparing and Contrasting Important Components of Written Reports
  • Analyzing the Findings and Recommending the Appropriate Remediation Within a Report
  • Explaining the Importance of Communication During the Penetration Testing Process
  • Explaining Post-Report Delivery Activities
5

Tools and Code Analysis

  • Understanding the Basic Concepts of Scripting and Software Development
  • Understanding the Different Use Cases of Penetration Testing Tools and Analyzing Exploit Code
6

1

Ethical Hacking: Planning, Information Gathering, and Vulnerability Scanning

  • Performing Zone Transfer Using dig
  • Using dnsrecon
  • Using Recon-ng to Gather Information
  • Performing Reconnaissance on a Network
  • Performing a UDP Scan Using Nmap
  • Using Nmap for User Enumeration
  • Using Nmap for Network Enumeration
  • Performing Nmap SYN Scan
  • Conducting Vulnerability Scanning Using Nessus
2

Social Engineering Attacks and Exploiting Networks

  • Using BeEF
  • Using the SET Tool to Plan an Attack
  • Using the EternalBlue Exploit in Metasploit
  • Simulating the DDoS Attack
  • Performing a DHCP Starvation Attack
  • Understanding the Pass-the-hash Attack
  • Performing ARP Spoofing
  • Exploiting SMTP
  • Exploiting SNMP
  • Searching Exploits Using searchsploit
  • Exploiting SMB
3

Exploiting Application Vulnerabilities, Cloud, Mobile, and IoT Security

  • Exploiting Command Injection Vulnerabilities
  • Exploiting a Website Using SQL Injection
  • Performing Session Hijacking Using Burp Suite
  • Cracking Passwords
  • Conducting a Cross-Site Request Forgery Attack
  • Understanding Local Privilege Escalation
4

Performing Post-Exploitation Techniques, Reporting and Communication

  • Using OWASP ZAP
  • Using the Task Scheduler
  • Writing Bash Shell Script
  • Performing a Scan in Zenmap
  • Using dig and nslookup Commands
  • Creating Reverse and Bind Shells Using Netcat
  • Hiding Text Using Steganography
  • Using the Metasploit RDP Post-Exploitation Module
5

Tools and Code Analysis

  • Finding Live Hosts by Using the Ping Sweep in Python
  • Whitelisting an IP Address in the Windows Firewall
  • Viewing Exploits Written in Perl
  • Viewing the Effects of Hostile JavaScript in the Browser
  • Using Meterpreter to Display the System Information
  • Performing Vulnerability Scanning Using OpenVAS
  • Enumerating Data Using enum4linux
  • Using Maltego to Gather Information
  • Cracking a Linux Password Using John the Ripper

Related Courses

All Courses