Description
Course Description
This highly hands-on course gives participants experience in network and system penetration testing. It covers all of the exam objectives for the PT0-001 exam, while taking the learner step-by-step through hacking and exploiting each network and system type. Tools used in the activities are mostly Kali Linuxbased, covering a broad range of real-world examples used by penetration testers and red teams.
The PenTest+ certification is a much-sought-after security certification offered by CompTIA. It is the final step in achieving the new CompTIA Network Vulnerability Assessment Professional (CNVP) or Network Security Professional (CNSP) stackable certification. It is also an intermediary step in achieving the CompTIA Security Infrastructure Expert (CSIE) top level certification.
Example Training Video (Not From This Course)
Course Content
The topics in this course follow a natural real-world pentest engagement flow, as well as map to the exam objectives.
Module 1 - The Pen Test Engagement
In this module, you will learn how to work with a client and prepare for a penetration testing engagement. The topics are:
1. Penetration Testing Overview
In this topic, you will learn what a penetration test is, the steps taken to prepare for a pentest, tools used, communicating with the client and your team, and pen testing standards and frameworks.
2. Engagement Planning
In this topic, you will learn about the logistics of planning for a pentest engagement including setting scope, determining end goals and deliverables, assessment types, threat modeling, and scheduling.
3. Engagement Documents
In this topic, you will learn about documentation required for a professional pentest engagement including contracts, authorizations, rules of engagement, impact analysis, disclaimers, and support resources.
4. Prepare to Go Live
In this topic, you will prepare both the client and your team to start the actual test.
Module 2 - Passive Reconnaissance
In this module, you will learn how to gather background information on your target. The topic is:
1. OSINT
In this topic, you will learn about passive reconnaissance through open source intelligence gathering, including using websites, social media, Google hacking, DNS querying, and other tools.
Activities include using Whois, Google Hacking Database, theHarvester, Recon-ng, FOCA, dig, nslookup, and Shodan.
Module 3 - Active Reconnaissance
In this module, you will learn how to actively search for targets. The topics are:
1. Host Discovery and Port Scanning
In this topic, you will learn about the different tools and methods for discovering target systems and the services they provide.
Activities include using the command line, nmap, and Metasploit.
2. Enumeration
In this topic, you will learn how to obtain additional information from network services, Windows and Linux systems, as you prepare to exploit those systems.
Activities include using Windows and Linux command line commands, nmap, netcat, telnet, rpcclient, dirbuster, and Metasploit.
3. Vulnerability Scanning
In this topic, you will use different types of scans including packet crafting to discover exploitable vulnerabilities on hosts, websites, network services, and network devices.
Activities include using OpenVAS, nmap NSE scripts, Metasploit Pro, sqlmap, Nikto, MBSA, hping3, airmon-ng, aircrack-ng, Fern Wi-Fi Cracker, mdk3, and Kismet.
Module 4 - Physical Security
In this module, you will learn how to test physical security controls. The topic is:
1. Physical Security Tests
In this topic, you will learn about ways to circumvent physical security controls to gain access to restricted areas.
Activities include RFID badge cloning
Module 5 - Social Engineering
In this topic, you will learn about social engineering. The topic is:
1. Social Engineering Attacks
In this topic, you will learn how to execute both technical and non-technical social engineering attacks.
Activities include using msfvenom and Metasploit for USB stick baiting, and the Kali Social Engineering Toolkit for website login cloning, phishing, and credential interception.
Module 6 - Vulnerability Scan Analysis
In this module, you will learn how to examine vulnerability scan results to choose the best exploit against discovered targets. The topic is:
1. Vulnerability Scan Results
In this topic, you will learn how to assess vulnerability scan results, weed out false positives, adjudicate and prioritize findings, and map vulnerabilities to exploits. You will also learn about both the value and limits of using automated vulnerability scans in your pentest engagement.
Activities include using Metasploit Pro to validate vulnerability scan findings and determine the appropriate exploit modules that can be used to penetrate the vulnerable systems.
Module 7 - Password Cracking
In this module, you will learn the basics of password cracking. The topic is:
1. Password Cracking Types
In this topic, you will learn about dictionary, rainbow table, and brute force attacks. You will learn how to brute force network service authentication, intercept a network authentication, and pass-the-hash.
Activities include using Medusa, John-the-Ripper, Wireshark, and Metasploit.
NOTE: You will learn additional password cracking techniques in subsequent modules.
Module 8 - Penetrating Wired Networks
In this module, you will learn how to penetrate a wired Ethernet network. The topic is:
1. Common Network Exploits
In this topic, you will learn how to sniff wired network activity, intercept file transfers, read transmitted email, conduct Man-in-the-Middle attacks using ARP poisoning, hijack TCP sessions, execute network-based denial-of-service attacks, and exploit common network services.
Activities include using Wireshark, ettercap, Low Orbit Ion Cannon, nmap, the Searchsploit database, gcc, and Metasploit.
Module 9 - Penetrating Wireless Networks
In this module, you will learn how attack wireless networks. The topic is:
1. Wireless Network Exploits
In this topic you will learn how to sniff and jam Wi-Fi networks, crack WEP, WPA/WPA2 and WPS, conduct Evil Twin attacks, and attack BlueTooth.
Activities include using Netcut, Wireshark, and airmon-ng, besside-ng, bettercap, and Wi-Fi Pumpkin.
Module 10 - Windows Exploits
In this module, you will learn how to exploit Windows hosts. The topics are:
1. Common Windows-Based Vulnerabilities
In this topic you will learn about common Windows vulnerabilities, exploits, and payloads.
Activities include using Metasploit, the Searchsploit database, and command-line commands.
2. Password Cracking in Windows
In this topic, you will learn about cracking Windows passwords.
Activities include using Cain & Abel, John-the-Ripper and L0pht 7
3. Windows Components
In this topic, you will learn how to exploit standard Windows components including default protocols and configurations, the file system, the kernel, and memory. You will also learn how to leverage these components to escalate privilege on a compromised host.
Activities include using Metasploit and the Searchsploit database.
4. Windows Accounts
In this topic you will learn how to exploit default and user-defined Windows accounts.
Activities include using Metasploit and command-line commands.
5. Sandboxes
In this topic, you will learn about using sandboxing to contain hacking attempts.
Module 11 - Linux Exploits
In this module, you will learn how to hack Linux systems. The topics are:
1. Common Linux/Unix-Based Vulnerabilities
In this topic you will learn about common Linux vulnerabilities, exploits, and payloads.
Activities include using Metasploit, the Searchsploit database, and command-line commands.
2. Password Cracking in Linux
In this topic you will learn how to crack Linux passwords.
Activities include using command-line commands, unshadow, and John-the-Ripper.
3. Vulnerable Linux Components
In this topic, you will learn how to exploit standard Linux components including default protocols and configurations, the file system, the kernel, and memory. You will also learn how to leverage these components to escalate privilege on a compromised host.
Activities include using command-line commands, Metasploit and the Searchsploit database.
4. Linux Accounts
In this topic, you will learn how to attack default Linux accounts.
Activities include using Linux bash commands.
Module 12 - Mobile Devices
In this module, you will learn how to attack mobile devices. The topics are:
1. Android Exploits
In this topic, you will learn how to exploit common Android vulnerabilities
Activities include using msfvenom and Metasploit to compromise and remotely control an Android phone.
2. Apple Exploits
In this topic, you will learn how to exploit common Apple vulnerabilities
Activities include using nmap and WinSCP to access a compromised iPhone.
Module 13 - Specialized Systems
In this module, you will learn about specialized systems. The topics are:
1. ICS
In this topic, you will learn about common vulnerabilities of industrial control ICS and SCADA systems
2. Embedded Systems
In this topic, you will learn about common vulnerabilities of embedded systems such as point-of-sale and real-time operating systems
Activities include using a Raspberry PI to attack an internal network.
3. 13.3 IoT
In this topic, you will learn about common and emerging threats related to the Internet of Things
4. 13.4 Hardware Attacks
In this topic, you will learn about additional hardware-based attacks that can be conducted against specialized systems.
Module 14 - Scripts
In this module, you will learn the basics of scripting, as pertains to penetration testing. The topics are:
1. Scripting Basics
In this topic, you will learn about the basics of Bash, PowerShell, Python, and Ruby scripting
2. Common Scripting Elements
In this topic, you will learn about common scripting elements found in all of the scripting languages including variables, substitution, arrays, operations, logic, and error handling.
Activities include writing simple scripts.
Module 15 - Application Testing
In this module you will learn about testing application code for vulnerabilities. The topics are:
1. Static Code Analysis
In this topic, you will learn how to analyze static, non-running code
2. Dynamic Code Analysis
In this topic, you will learn how to test running code.
Activity includes fuzz testing an application for potential buffer overflow vulnerabilities.
3. Reverse Engineering
In this topic, you will learn about application reverse-engineering techniques including de-compilation, disassembly, and debugging.
Module 16 - Web App Exploits
In this module, you will learn how to exploit web apps. The topics are:
1. Common Web Application Vulnerabilities
In this topic, you will learn how to exploit authentication, authorization, misconfigurations, browser sessions, and insecure code.
2. Injection Attacks
In this topic, you will learn about various injection techniques.
Activities include using a browser, sqlmap, and Metasploit to inject code and SQL commands into a web app form.
3. Cross-Site Attacks
In this topic, you will learn how to conduct Cross-Site Scripting and Cross-Site Request Forgery attacks.
Activities include using a browser and other tools to perform XSS attacks.
4. Other Web-Based Attacks
In this topic, you will learn how to conduct other types of web-based attacks including clickjacking, file inclusion, and webshells.
Module 17 - Lateral Movement
In this module, you will learn how to move around in a compromised network. The topic is:
1. Lateral Movement Techniques
In this topic, you will learn how to use lateral movement techniques including migrating malicious code to another process, pivoting, and using proxy chains.
Activities include using Metasploit to migrate code and pivot through the target network, and Armitage Team Server to pass control to another attacker.
Module 18 - Persistence
In this module, you will learn how to maintain control of a compromised system. The topics are:
1. Persistence Techniques
In this topic, you will learn about common persistence techniques.
2. Backdoors
In this topic, you will learn how to plant persistent back doors on a compromised system.
Activities include using ProRAT Trojan builder
3. Bind and Reverse Shells
In this topic, you will learn the difference between bind and reverse shells, and when it is appropriate to use either.
Activities include using Metasploit to create bind and reverse connections to a compromised target.
4. Netcat
In this topic, you will learn how to use netcat to set up a persistent back door.
Activities include using netcat to launch both bind and reverse shells.
5. Scheduled Tasks
In this topic, you will learn how to maintain persistence through scheduled tasks.
Activities include using the task scheduler to regularly launch a netcat session that exfiltrates updated data out of the target and back to the attacker.
Module 19 - Cover Your Tracks
In this module, you will learn how to remove evidence of your hacking activities. The topic is:
1. Anti-forensics Techniques
In this topic, you will learn how to hide malicious activity from a forensic investigator
Activities include clearing logs, changing file timestamps, and impersonating another user when conducting malicious activity.
Module 20 - The Report
In this module, you will learn how to analyze your pentest findings and write a report as the final deliverable for your client. The topics are:
1. Data Analysis
In this topic, you will categorize and prioritize the data you have collected during the penetration test.
2. Recommendations
In this topic, you will formulate recommendations for the client based on the data you collected during the penetration test.
3. Writing the Report
In this topic, you will normalize the data you have collected, and organize it into an actionable report aimed at multiple audiences.
4. Handling the Report
In this topic, you will securely hand over the report to your client.
The activity includes examining real world report examples.
Module 21 - Post Engagement Cleanup
In this module, you will learn about the tasks you must perform after completing a professional penetration test. The topic is:
1. Post Engagement Activities
In this topic, you will learn about the cleanup tasks required after a typical pentest engagement, including removing artifacts, client acceptance of the findings, lessons learned, and follow up actions.
LEARN365 Courses Include 12 Months Unlimited Online Access to:
Expert Instructor-Led Training: Learn 365 uses only the industry's finest instructors in the IT industry. They have a minimum of 15 years real-world experience and are subject matter experts in their fields. Unlike a live class, you can fast-forward, repeat or rewind all your lectures. This creates a personal learning experience and gives you all the benefit of hands-on training with the flexibility of doing it around your schedule 24/7.
Visual Demonstrations & Multimedia Presentations: Our courseware includes instructor-led demonstrations and visual presentations that allow students to develop their skills based on real world scenarios explained by the instructor. Learn 365 always focuses on real world scenarios and skill-set development.
Quizzes & Exam Simulators: Learn 365's custom practice exams prepare you for your exams differently and more effectively than the traditional exam preps on the market. You will have practice quizzes after each module to ensure you are confident on the topic you have completed before proceeding. This will allow you to gauge your effectiveness before moving to the next module in your course. Learn 365 courses also include practice exams designed to replicate and mirror the environment in the testing center. These exams are on average 100 questions to ensure you are 100% prepared before taking your certification exam.
Social Learning & Networking: Learn 365 has designed a world class Learning Management System (LMS). This system allows you to interact and collaborate with other students and Learn 365 employees, form study groups, engage in discussions in our NOW@ Forums, rate and like different courses and stay up to date with all the latest industry knowledge through our forums, student contributions and announcement features.
Flash Cards & Educational Games: IT online learning knows that education is not a one size fits all approach. Students learn in different ways through different tools. That is why we provide Flash Cards and Education Games throughout our courses. This will allow you to train in ways that keep you engaged and focused. Each course will have dozens of Flash Cards so you can sharpen your skill-sets throughout your training as well as educational games designed to make sure your retention level of the materials is extremely high.
Navigation and Controls: Learn 365's self-paced training programs are designed in a modular fashion to allow you the flexibility to work with expert level instruction anytime 24/7. All courses are arranged in defined sections with navigation controls allowing you to control the pace of your training. This allows students to learn at their own pace around their schedule.
Certificate of Completion: Upon completion of your training course, you will receive a Certificate of completion displaying your full name, course completed as well as the date of completion. You can print this out or save it digitally to showcase your accomplishment.
Need to train your Team? Contact Us for Discounts on Multiple Subscription Purchases.Payment & Security
Your payment information is processed securely. We do not store credit card details nor have access to your credit card information.