Security remains one of the hottest topics in IT and other industries. It seems that each
week brings news of some new breach of privacy or security. As organizations scramble to
protect themselves and their customers, the ability to conduct penetration testing is an
emerging skill set that is becoming ever more valuable to the organizations seeking
protection, and ever more lucrative for those who possess these skills. In this course, you will
be introduced to some general concepts and methodologies related to pen testing, and you
will work your way through a simulated pen test for a fictitious company.
This course can also assist you if you are pursuing the CompTIA PenTest+ certification,
as tested in exam PT0-001. The course is designed to provide content and activities that
correlate to the exam objectives, and therefore can be a resource as you prepare for the
examination.
After you complete this course, you will be able to plan, conduct, analyze, and report
on penetration tests. You will:
- Plan and scope penetration tests.
- Conduct passive reconnaissance.
- Perform non-technical tests to gather information.
- Conduct active reconnaissance.
- Analyze vulnerabilities.
- Penetrate networks.
- Test applications
- Exploit host-based vulnerabilities.
- Complete post-exploit tasks
- Analyze and report pen test results.
This course is designed for IT professionals who want to develop penetration testing
skills to enable them to identify information-system vulnerabilities and effective remediation
techniques for those vulnerabilities. Target students who also need to offer practical
recommendations for action to properly protect information systems and their contents will
derive those skills from this course.
This course is also designed for individuals who are preparing to take the CompTIA PenTest+
certification exam PT0-001, or who plan to use PenTest+ as the foundation for more
advanced security certifications or career roles. Individuals seeking this certification should
have three to four years of hands-on experience performing penetration tests, vulnerability
assessments, and vulnerability management.
Table of Contents
Lesson 1: Planning and Scoping Penetration Tests
Topic A: Introduction to Penetration Testing Concepts
Topic B: Plan a Pen Test Engagement
Topic C: Scope and Negotiate a Pen Test Engagement
Topic D: Prepare for a Pen Test Engagement
Lesson 2: Conducting Passive Reconnaissance
Topic A: Gather Background Information
Topic B: Prepare Background Findings for Next Steps
Lesson 3: Performing Non-Technical Tests
Topic A: Perform Social Engineering Tests
Topic B: Perform Physical Security Tests on Facilities
Lesson 4: Conducting Active Reconnaissance
Topic A: Scan Networks
Topic B: Enumerate Targets
Topic C: Scan for Vulnerabilities
Topic D: Analyze Basic Scripts
Lesson 5: Analyzing Vulnerabilities
Topic A: Analyze Vulnerability Scan Results
Topic B: Leverage Information to Prepare for Exploitation
Lesson 6: Penetrating Networks
Topic A: Exploit Network-Based Vulnerabilities
Topic B: Exploit Wireless and RF-Based Vulnerabilities
Topic C: Exploit Specialized Systems
Lesson 7: Exploiting Host-Based Vulnerabilities
Topic A: Exploit Windows-Based Vulnerabilities
Topic B: Exploit *nix-Based Vulnerabilities
Lesson 8: Testing Applications
Topic A: Exploit Web Application Vulnerabilities
Topic B: Test Source Code and Compiled Apps
Lesson 9: Completing Post-Exploit Tasks
Topic A: Use Lateral Movement Techniques
Topic B: Use Persistence Techniques
Topic C: Use Anti-Forensics Techniques
Lesson 10: Analyzing and Reporting Pen Test Results
Topic A: Analyze Pen Test Data
Topic B: Develop Recommendations for Mitigation Strategies
Topic C: Write and Handle Reports
Topic D: Conduct Post-Report-Delivery Activities
