uCertify

Penetration Testing Fundamentals

(SJC-PENTEST-003.AE1) / ISBN : 978-1-64459-768-2
Lessons
Lab
TestPrep
AI Tutor (Add-on)
Get A Free Trial

Skills You’ll Get

Download Course Outline

1

Introduction

  • CompTIA
  • The PenTest+ Exam
  • What Does This Course Cover?
  • CompTIA PenTest+ Certification Exam Objectives
2

Penetration Testing

  • What Is Penetration Testing?
  • Reasons for Penetration Testing
  • Who Performs Penetration Tests?
  • The CompTIA Penetration Testing Process
  • The Cyber Kill Chain
  • Tools of the Trade
  • Summary
  • Exam Essentials
  • Lab Exercises
3

Planning and Scoping Penetration Tests

  • Summarizing Pre‐engagement Activities
  • Shared Responsibility Model
  • Key Legal Concepts for Penetration Tests
  • Regulatory Compliance Considerations
  • Penetration Testing Standards and Methodologies
  • Threat Modeling Frameworks
  • Summary
  • Exam Essentials
  • Lab Exercises
4

Information Gathering

  • Reconnaissance and Enumeration
  • Active Reconnaissance and Enumeration
  • Summary
  • Exam Essentials
  • Lab Exercises
5

Vulnerability Scanning

  • Identifying Vulnerability Management Requirements
  • Configuring and Executing Vulnerability Scans
  • Software Security Testing
  • Developing a Remediation Workflow
  • Overcoming Barriers to Vulnerability Scanning
  • Summary
  • Exam Essentials
  • Lab Exercises
6

Analyzing Vulnerability Scans

  • Reviewing and Interpreting Scan Reports
  • Validating Scan Results
  • Common Vulnerabilities
  • Summary
  • Exam Essentials
  • Lab Exercises
7

Exploit and Pivot

  • Exploits and Attacks
  • Pivoting and Lateral Movement
  • Exploitation Toolkits and Tools
  • Exploit Specifics
  • Leveraging Exploits
  • Persistence and Evasion
  • Covering Your Tracks
  • Summary
  • Exam Essentials
  • Lab Exercises
8

Exploiting Network Vulnerabilities

  • Identifying Exploits
  • Conducting Network Exploits
  • Exploiting Windows Services
  • Identifying and Exploiting Common Services
  • Wireless Exploits
  • Summary
  • Exam Essentials
  • Lab Exercises
9

Exploiting Physical and Social Vulnerabilities

  • Exploiting Physical Vulnerabilities
  • Exploiting Social Vulnerabilities
  • Summary
  • Exam Essentials
  • Lab Exercises
10

Exploiting Application Vulnerabilities

  • Exploiting Injection Vulnerabilities
  • Exploiting Authentication Vulnerabilities
  • Exploiting Authorization Vulnerabilities
  • Exploiting Web Application Vulnerabilities
  • Unsecure Coding Practices
  • Application Testing Tools
  • Summary
  • Exam Essentials
  • Lab Exercises
11

Exploiting Host Vulnerabilities

  • Attacking Hosts
  • Credential Attacks and Testing Tools
  • Remote Access
  • Attacking Virtual Machines and Containers
  • Attacking Cloud Technologies
  • Attacking Mobile Devices
  • Attacking Artificial Intelligence (AI)
  • Attacking IoT, ICS, Embedded Systems, and SCADA Devices
  • Attacking Data Storage
  • Summary
  • Exam Essentials
  • Lab Exercises
12

Reporting and Communication

  • The Importance of Collaboration and Communication
  • Recommending Mitigation Strategies
  • Writing a Penetration Testing Report
  • Wrapping Up the Engagement
  • Summary
  • Exam Essentials
  • Lab Exercises
13

Scripting for Penetration Testing

  • Scripting and Penetration Testing
  • Variables, Arrays, and Substitutions
  • Comparison Operations
  • String Operations
  • Flow Control
  • Input and Output (I/O)
  • Error Handling
  • Reusing Code
  • The Role of Coding in Penetration Testing
  • Summary
  • Exam Essentials
  • Lab Exercises

1

Information Gathering

  • Performing Zone Transfer Using dig
  • Using the dig and nslookup Commands
  • Using Maltego to Gather Information
  • Capturing Network Packets Using TCPDump
  • Performing UDP and SYN Scans Using Nmap
  • Using Nmap for Network and User Enumeration
  • Using Recon-ng to Gather Information
  • Performing Reconnaissance on a Network
2

Vulnerability Scanning

  • Conducting Vulnerability Scanning Using Nessus
  • Performing Vulnerability Scanning Using OpenVAS
  • Consulting a Vulnerability Database
3

Analyzing Vulnerability Scans

  • Analyzing CVSS Scores
4

Exploit and Pivot

  • Examining MITRE ATT&CK
  • Using Meterpreter to Display the System Information
  • Exploiting SMB
  • Running Scheduled Tasks Through cron
  • Understanding Local Privilege Escalation
  • Hiding Text Using Steganography
5

Exploiting Network Vulnerabilities

  • Performing ARP Spoofing
  • Simulating the DDoS Attack
  • Using the EternalBlue Exploit in Metasploit
  • Exploiting SMTP
  • Exploiting SNMP
6

Exploiting Physical and Social Vulnerabilities

  • Identifying Access Badge Areas
  • Using SET to Plan an Attack
  • Using BeEF
7

Exploiting Application Vulnerabilities

  • Exploiting Command Injection Vulnerabilities
  • Exploiting a Website Using SQL Injection
  • Performing Session Hijacking Using Burp Suite
  • Exploiting LFI and RFI Vulnerabilities
  • Conducting an XSS Attack
  • Conducting a CSRF Attack
  • Using OWASP ZAP
8

Exploiting Host Vulnerabilities

  • Performing Scans in Zenmap
  • Understanding the Pass-the-Hash Attack
  • Cracking Passwords Using Cain and Abel
  • Cracking Linux Passwords Using John the Ripper
  • Creating Reverse and Bind Shells Using Netcat
9

Reporting and Communication

  • Implementing Physical Security
10

Scripting for Penetration Testing

  • Finding Live Hosts by Using the Ping Sweep in Python
  • Writing a Bash Shell Script
  • Performing the Nmap Scan in Python
  • Performing Reverse DNS Lookups in Python

Related Courses

All Courses