uCertify

Penetration Testing Fundamentals

(SJC-PENTEST-003.AE1) / ISBN : 978-1-64459-768-2
Lessons
Lab
TestPrep
AI Tutor (Add-on)
Get A Free Trial

Skills You’ll Get

Download Course Outline

1

Introduction

  • CompTIA
  • The PenTest+ Exam
  • What Does This Course Cover?
  • CompTIA PenTest+ Certification Exam Objectives
2

Penetration Testing

  • What Is Penetration Testing?
  • Reasons for Penetration Testing
  • Who Performs Penetration Tests?
  • The CompTIA Penetration Testing Process
  • The Cyber Kill Chain
  • Tools of the Trade
  • Summary
  • Exam Essentials
  • Lab Exercises
3

Planning and Scoping Penetration Tests

  • Summarizing Pre‐engagement Activities
  • Shared Responsibility Model
  • Key Legal Concepts for Penetration Tests
  • Regulatory Compliance Considerations
  • Penetration Testing Standards and Methodologies
  • Threat Modeling Frameworks
  • Summary
  • Exam Essentials
  • Lab Exercises
4

Information Gathering

  • Reconnaissance and Enumeration
  • Active Reconnaissance and Enumeration
  • Summary
  • Exam Essentials
  • Lab Exercises
5

Vulnerability Scanning

  • Identifying Vulnerability Management Requirements
  • Configuring and Executing Vulnerability Scans
  • Software Security Testing
  • Developing a Remediation Workflow
  • Overcoming Barriers to Vulnerability Scanning
  • Summary
  • Exam Essentials
  • Lab Exercises
6

Analyzing Vulnerability Scans

  • Reviewing and Interpreting Scan Reports
  • Validating Scan Results
  • Common Vulnerabilities
  • Summary
  • Exam Essentials
  • Lab Exercises
7

Exploit and Pivot

  • Exploits and Attacks
  • Pivoting and Lateral Movement
  • Exploitation Toolkits and Tools
  • Exploit Specifics
  • Leveraging Exploits
  • Persistence and Evasion
  • Covering Your Tracks
  • Summary
  • Exam Essentials
  • Lab Exercises
8

Exploiting Network Vulnerabilities

  • Identifying Exploits
  • Conducting Network Exploits
  • Exploiting Windows Services
  • Identifying and Exploiting Common Services
  • Wireless Exploits
  • Summary
  • Exam Essentials
  • Lab Exercises
9

Exploiting Physical and Social Vulnerabilities

  • Exploiting Physical Vulnerabilities
  • Exploiting Social Vulnerabilities
  • Summary
  • Exam Essentials
  • Lab Exercises
10

Exploiting Application Vulnerabilities

  • Exploiting Injection Vulnerabilities
  • Exploiting Authentication Vulnerabilities
  • Exploiting Authorization Vulnerabilities
  • Exploiting Web Application Vulnerabilities
  • Unsecure Coding Practices
  • Application Testing Tools
  • Summary
  • Exam Essentials
  • Lab Exercises
11

Exploiting Host Vulnerabilities

  • Attacking Hosts
  • Credential Attacks and Testing Tools
  • Remote Access
  • Attacking Virtual Machines and Containers
  • Attacking Cloud Technologies
  • Attacking Mobile Devices
  • Attacking Artificial Intelligence (AI)
  • Attacking IoT, ICS, Embedded Systems, and SCADA Devices
  • Attacking Data Storage
  • Summary
  • Exam Essentials
  • Lab Exercises
12

Reporting and Communication

  • The Importance of Collaboration and Communication
  • Recommending Mitigation Strategies
  • Writing a Penetration Testing Report
  • Wrapping Up the Engagement
  • Summary
  • Exam Essentials
  • Lab Exercises
13

Scripting for Penetration Testing

  • Scripting and Penetration Testing
  • Variables, Arrays, and Substitutions
  • Comparison Operations
  • String Operations
  • Flow Control
  • Input and Output (I/O)
  • Error Handling
  • Reusing Code
  • The Role of Coding in Penetration Testing
  • Summary
  • Exam Essentials
  • Lab Exercises

1

Information Gathering

  • Performing Zone Transfer Using dig
  • Using the dig and nslookup Commands
  • Using Maltego to Gather Information
  • Capturing Network Packets Using TCPDump
  • Performing UDP and SYN Scans Using Nmap
  • Using Nmap for Network and User Enumeration
  • Using Recon-ng to Gather Information
  • Performing Reconnaissance on a Network
2

Vulnerability Scanning

  • Conducting Vulnerability Scanning Using Nessus
  • Performing Vulnerability Scanning Using OpenVAS
  • Consulting a Vulnerability Database
3

Analyzing Vulnerability Scans

  • Analyzing CVSS Scores
4

Exploit and Pivot

  • Examining MITRE ATT&CK
  • Using Meterpreter to Display the System Information
  • Exploiting SMB
  • Running Scheduled Tasks Through cron
  • Understanding Local Privilege Escalation
  • Hiding Text Using Steganography
5

Exploiting Network Vulnerabilities

  • Performing ARP Spoofing
  • Simulating the DDoS Attack
  • Using the EternalBlue Exploit in Metasploit
  • Exploiting SMTP
  • Exploiting SNMP
6

Exploiting Physical and Social Vulnerabilities

  • Identifying Access Badge Areas
  • Using SET to Plan an Attack
  • Using BeEF
7

Exploiting Application Vulnerabilities

  • Exploiting Command Injection Vulnerabilities
  • Exploiting a Website Using SQL Injection
  • Performing Session Hijacking Using Burp Suite
  • Exploiting LFI and RFI Vulnerabilities
  • Conducting an XSS Attack
  • Conducting a CSRF Attack
  • Using OWASP ZAP
8

Exploiting Host Vulnerabilities

  • Performing Scans in Zenmap
  • Understanding the Pass-the-Hash Attack
  • Cracking Passwords Using Cain and Abel
  • Cracking Linux Passwords Using John the Ripper
  • Creating Reverse and Bind Shells Using Netcat
9

Reporting and Communication

  • Implementing Physical Security
10

Scripting for Penetration Testing

  • Finding Live Hosts by Using the Ping Sweep in Python
  • Writing a Bash Shell Script
  • Performing the Nmap Scan in Python
  • Performing Reverse DNS Lookups in Python

Any questions?
Check out the FAQs

Still have unanswered questions and need to get in touch?

Contact Us Now

Related Courses

All Courses
We use cookies for improving site experience and analytics. Learn More