CompTIA PenTest+ Online Course

My Training Academy

Penetration testing is performed by purposefully carrying out a cyber-attack on an organisation’s computer systems in order to gauge the effectiveness of that company’s IT security measures.

The CompTIA PenTest+ certification is a highly sought-after, hands-on course that teaches networking and security professionals to perform these tests in their own organisations.

This certification is the final step towards the CompTIA Network Vulnerability Assessment Professional (CNVP) or Network Security Professional (CNSP) certifications. It will also bring you a step closer to gaining the CompTIA Security Infrastructure Expert (CSIE) certification.

What will I learn?

This course will teach you how to recognise and exploit various types of networks and computer systems. This course will provide you with various examples of testing, as used by professional Penetration Testers in their own organisations.

CompTIA Course Outline:

Module 1 - Engagement Management

• 1.1 Pre Engagement Activities
• 1.2 Collaboration and Communication Activities
• 1.3 Testing Frameworks and Methodologies
• 1.3.1 Examining MITRE ATT&CK
• 1.4 Engagement Management Review

Module 2 - Reconnaissance and Enumeration

• 2.1 Passive Reconnaissance
• 2.1.1 Google Hacking
• 2.2 Active Reconnaissance
• 2.2.1 Port Scanning and Fingerprinting
• 2.2.2 Tracing a Network Path with Traceroute
• 2.2.3 Intercepting Data with Wireshark
• 2.2.4 Web Scraping
• 2.3 Enumeration Techniques
• 2.3.1 Directory Enumeration
• 2.3.2 Email Enumeration
• 2.4 Reconnaissance and Enumeration Scripts
• 2.4.1 Using Scripts
• 2.5 Reconnaissance and Enumeration Tools
• 2.5.1 Perform OSINT with Recon ng
• 2.5.2 Adding an API Key to Recon ng
• 2.5.3 Discovering IoT with Shodan
• 2.5.4 Performing WHOIS Lookups
• 2.5.5 Performing DNS Lookups
• 2.5.6 Using NMAP Scripts
• 2.5.7 Performing OSINT with theHarvester
• 2.6 Reconnaissance and Enumeration Review

Module 3 - Vulnerability Discovery and Analysis

• 3.1 Vulnerability Discovery
• 3.1.1 Performing a Vulnerability Scan with OpenVAS
• 3.1.2 Performing Static Code Analysis
• 3.2 Reconnaissance, Scanning and Enumeration Output Analysis
• 3.3 Physical Security
• 3.3.1 Cloning an RFID Badge
• 3.3.2 Cloning NFC with Flipper Zero
• 3.4 Vulnerability Discover and Analysis Review

Module 4 - Attacks and Exploits

• 4.1 Prioritize and Prepare Attacks
• 4.2 Network Attacks
• 4.2.1 Performing an On Path Attack
• 4.2.2 Executing a Network Attack with Metasploit
• 4.2.3 Migrating Meterpreter to Another Process
• 4.2.4 Creating a Malware Dropper with Msfvenom
• 4.2.5 Using Netcat
• 4.2.6 Capturing Files with Wireshark
• 4.3 Authentication Attacks
• 4.3.1 Brute Forcing with Medusa
• 4.3.2 Pass the Hash
• 4.3.3 Password Spraying with Hydra
• 4.3.4 Pass the Token Attack
• 4.3.5 Spoofing Authentication with Responder
• 4.3.6 Cracking Linux Passwords with John the Ripper
• 4.3.7 Hashcat Password Cracking
• 4.4 Host Based Attacks
• 4.4.1 Privilege Escalation with Eternal Blue
• 4.4.2 Log Tampering
• 4.4.3 Pwn a Linux Target from Start to Finish
• 4.5 Web Application Attacks
• 4.5.1 Performing Directory Traversal
• 4.5.2 Grabbing Passwords with SQL Injection
• 4.5.3 SQLi on a Live Website Part 1
• 4.5.4 SQLi on a Live Website Part 2
• 4.5.5 Command Injection
• 4.5.6 Injecting an iFrame with Stored XSS
• 4.5.7 Busting the DOM
• 4.5.8 IDOR Abuse with Burp Suite
• 4.5.9 Web Session Hijacking
• 4.5.10 Parameter Tampering with Burp Suite
• 4.6 Cloud Based Attacks
• 4.6.1 Hacking S3 Buckets
• 4.7 Wireless Attacks
• 4.7.1 WiFi Pumpkin Evil Twin
• 4.7.2 WPA2 Crack Attack
• 4.8 Social Engineering Attacks
• 4.8.1 Phishing for Credentials
• 4.8.2 OMG Cable Baiting
• 4.9 Specialized System Attacks
• 4.9.1 Pwn a Mobile Device
• 4.10 Automated Script Attacks
• 4.11 Attacks and Exploits Review

Module 5 - Post-exploitation and Lateral Movement

• 5.1 Establishing and Maintaining Persistence
• 5.1.1 Creating a Persistent Netcat Back Door
• 5.1.2 Exfiltrating Data with a Scheduled Task
• 5.2 Lateral Movement
• 5.2.1 Preparing to Pivot
• 5.2.2 Lateral Movement through Pivoting
• 5.3 Staging and Exfiltration
• 5.3.1 Hiding Data with Steganography
• 5.3.2 Automatically Exfiltrating Data
• 5.4 Cleanup and Restoration
• 5.5 Post-Exploitation and Lateral Movement Review

Module 6 - Diliverables

• 6.1 Penetration Test Report Components
• 6.2 Report Findings and Recommendations
• 6.2.1 Examining Pentest Reports
• 6.3 Deliverables Review
• 6.4 Course Conclusion

Why should I get a Pentest+ certification?

The Pentest+ exam (CompTIA® Pentest+ certification) is a critical step for professionals aiming to enhance their skills in penetration testing and vulnerability management. Obtaining the CompTIA Pentest+ certification is a globally recognised credential that demonstrates your competence in identifying, exploiting, reporting, and managing vulnerabilities on a network. Preparing for the Pentest+ certification is essential to succeed in this challenging exam, which evaluates your knowledge and hands-on skills in penetration testing. Adequate preparation will empower you to master the necessary techniques and achieve your professional objectives.

Why study online?

Many students prefer online study to conventional classroom-based learning as it provides them with the freedom to learn at their own pace, and in an environment in which they are comfortable.

Online study material can also be viewed and revised as many times as the student needs, which contributes to long-term memory retention. These factors, in addition to the fact that online training courses are often more cost-effective than the on-site alternative, make online study an appealing option to students today.

Anyone with an interest in performing penetration testing on their organisation's IT security systems.

There are no prerequisites, however, it is recommended that you gain your CompTIA Network+ and CompTIA Security+ certifications before studying this course.

• Penetration Tester
• IT Security Manager
• Network Analyst
• Security Analyst
• Security Advisor
• IT Security Specialist