TOTAL: CompTIA PenTest+ (Ethical Hacking)

What you'll learn

• How to plan and scope a penetration test as a contracted pen tester for a client (as an ethical hacker, you’ll be the good guy and get paid to hack networks!)

• How to work within a virtual environment to practice your pen testing skills, including using Oracle VM manager, Kali Linux, Metasploitable, and DVWA

• Where to find vulnerabilities and how to penetrate a network in order to run exploits, then how to report those vulnerabilities to the client for remediation

• How to gather intel on a network by scanning and enumerating (finding) targets, then searching out the weak points on those targets

• Understand social engineering attacks, exploit network-based vulnerabilities, and intercept traffic via on-path (man-in-the-middle) attacks

• How to use pen testing tools like Nmap, Nessus, Nslookup, John the Ripper, Immunity Debugger, Aircrack-NG, Wireshark, and many more

• How to write reports, explain post-delivery activities, and recommend remediation strategies to your client

• Course Introduction 09:30

  • 1: Introduction to the CompTIA PenTest+ (PT0-002) Course Preview 02:09
  • 2: About the CompTIA PenTest+ (PT0-002) Exam Preview 07:21

• Planning and Engagement 2:50:03

  • 3: Planning a Pen Test Preview 08:21
  • 4: Rules of Engagment Preview 10:28
  • 5: Regulatory Compliance 04:23
  • 6: Resources and Budget 07:07
  • 7: Impact and Constraints 05:06
  • 8: Support Resources 13:14
  • 9: Legal Groundwork 11:42
  • 10: Service Provider Agreements 02:12
  • 11: Standards and Methodologies, Part 1 06:48
  • 12: Standards and Methodologies, Part 2 09:17
  • 13: Environmental and Scoping Considerations 13:38
  • 14: Ethical Mindset 05:36
  • 15: Lab Environment Setup 17:32
  • 16: Project Strategy and Risk 09:12
  • 17: Scope Vulnerabilities 13:19
  • 18: Compliance-Based Assessments 04:08
  • 19: Planning and Engagement Handout 20:00
  • 20: Quiz: Planning and Engagement 08:00

• Information Gathering and Vulnerability Scanning 3:36:44

  • 21: Scanning and Enumeration 04:16
  • 22: Packet Investigation 07:57
  • 23: Packet Inspection Demo 05:48
  • 24: Labtainers Setup 12:09
  • 25: Labtainers Lab (Wireshark) 08:54
  • 26: Application and Open-Source Resources 11:38
  • 27: Passive Reconnaissance 10:07
  • 28: Active Reconnaissance 07:50
  • 29: Vulnerability Scanning 08:41
  • 30: Labtainers Lab (Network Basics) 02:50
  • 31: Labtainers Lab (Nmap Discovery) 03:12
  • 32: Target Considerations 15:36
  • 33: Analysing Scan Output 05:01
  • 34: Nmap Scoping and Output Options 21:04
  • 35: Nmap Timing and Performance Options 06:31
  • 36: Prioritization of Vulnerabilities 09:07
  • 37: Common Attack Techniques 12:05
  • 38: Automating Vulnerability Scans 03:35
  • 39: Credential Attacks 14:31
  • 40: Labtainers Lab (Password Cracking) 02:23
  • 41: Labtainers Lab (Secure Socket Layers) 02:30
  • 42: Labtainers Lab (Routing Basics) 01:59
  • 43: Information Gathering Handout 25:00
  • 44: Quiz: Information Gathering 14:00

• Network-Based Attacks 44:12

  • 45: Exploit Resources and Network Attacks Preview 04:37
  • 46: Network Based Exploits 07:07
  • 47: FTP Exploit Demo 08:14
  • 48: Man-in-the-middle Exploits 07:06
  • 49: Labtainers Lab (TCP/IP Attacks) 02:09
  • 50: Labtainers Lab (ARP Spoof Attacks) 01:53
  • 51: Labtainers Lab (Local DNS Attacks) 01:47
  • 52: Labtainers Lab (MACs and Hash Functions) 01:19
  • 53: Network-Based Attacks Handout 07:00
  • 54: Quiz: Network-Based Attacks 03:00

• Selecting Pen Testing Tools 25:51

  • 55: Wireless Exploits 13:17
  • 56: Wireless Exploits, Part 2 02:46
  • 57: Antennas 03:48
  • 58: Wireless and RF Attacks Handout 04:00
  • 59: Quiz: Wireless and RF Attacks 02:00

• Reporting and Communication 2:03:23

  • 60: OWASP Top 10 08:40
  • 61: Application Exploits, Part 1 05:34
  • 62: SQL Injection Demo 08:41
  • 63: Labtainers Lab (SQL Injection) 02:38
  • 64: Application Exploits, Part 2 09:11
  • 65: Cross -Site Scripting Demo 07:00
  • 66: Labtainers Lab (Cross-Site Scripting) 01:36
  • 67: Labtainers Lab (Cross-Site Request Forgery) 01:14
  • 68: Code Vulnerabilities 16:36
  • 69: API Attacks and Attack Resources 06:28
  • 70: Privilege Escalation (Linux) 09:37
  • 71: Privilege Escalation (Windows) 06:09
  • 72: Misc. Privilege Escalation 07:54
  • 73: Misc. Local Host Vulnerabilities 08:05
  • 74: Application Attacks Handout 16:00
  • 75: Quiz: Web and Database Attacks 08:00

• Attacking the Cloud 14:29

  • 76: Cloud Attacks, Part 1 04:50
  • 77: Cloud Attacks, Part 2 04:39
  • 78: Attacking the Cloud Handout 04:00
  • 79: Quiz: Attacking the Cloud 01:00

• Specialized and Fragile Systems 49:03

  • 80: Mobile Attacks 10:25
  • 81: IoT Attacks 10:18
  • 82: Data Storage and Management Interface Attacks 08:58
  • 83: Virtual and Containerized Environment Attacks 07:31
  • 84: Labtainers Lab (Industrial Control System) 01:51
  • 85: Specialized and Fragile Systems Handout 08:00
  • 86: Quiz: Specialized and Fragile Systems 02:00

• Social Engineering and Physical Attacks 49:52

  • 87: Pretext for a Social Engineering Attack 02:31
  • 88: Remote Social Engineering 06:10
  • 89: Spear Phishing Demo 10:09
  • 90: In-Person Social Engineering 11:45
  • 91: Physical Security 11:17
  • 92: Social Engineering and Physical Attacks Handout 05:00
  • 93: Quiz: Social Engineering and Physical Attacks 03:00

• Post-Exploitation 41:30

  • 94: Post Exploitation Techniques 11:07
  • 95: Post-Exploitation Tools 03:22
  • 96: Network Segmentation Testing 03:00
  • 97: Persistence and Stealth 10:45
  • 98: Detection Avoidance Techniques 06:16
  • 99: Post Exploitation Handout 06:00
  • 100: Quiz: Post-Exploitation 01:00

• Post Engagement Activities 1:07:55

  • 101: Report Writing 14:47
  • 102: Important Components of Written Reports 02:37
  • 103: Mitigation Strategies 05:00
  • 104: Technical and Physical Controls 03:46
  • 105: Administrative and Operational Controls 05:10
  • 106: Communication 08:38
  • 107: Presentation of Findings 02:57
  • 108: Post-Report Activities 05:23
  • 109: Data Destruction Process 01:37
  • 110: Post Engagement Activities Handout 16:00
  • 111: Quiz: Post-Engagement Activities 02:00

• Tools and Programming 2:09:22

  • 112: Using Scripting in Pen Testing 12:32
  • 113: Bash Scripting Basics 14:55
  • 114: Bash Scripting Techniques 10:11
  • 115: PowerShell Scripts 04:02
  • 116: Ruby Scripts 06:32
  • 117: Python Scripts 05:45
  • 118: Scripting Languages Comparison 10:55
  • 119: Data Structures, Part 1 07:41
  • 120: Data Structures, Part 2 08:12
  • 121: Libraries 03:03
  • 122: Classes 08:05
  • 123: Procedures and Functions 05:48
  • 124: Perl and Javascript 05:41
  • 125: Tools and Programming Handout 24:00
  • 126: Quiz: Tools and Programming 02:00

• Tools Inventory 1:36:38

  • 127: Pen Testing Toolbox 04:19
  • 128: Using Kali Linux 06:14
  • 129: Scanners & Credential Tools 09:52
  • 130: Code-Cracking Tools 04:20
  • 131: Open-Source Research Tools 06:21
  • 132: Wireless and Web Pen Testing Tools 10:48
  • 133: Remote Access Tools 06:15
  • 134: Analyzers and Mobile Pen Testing Tools 02:29
  • 135: Other Pen Testing Tools 04:19
  • 136: Labtainers Lab (Metasploit Framework) 02:00
  • 137: Labtainers Lab (Wireshark Packet Inspection) 01:44
  • 138: Labtainers Lab (SSH) 00:58
  • 139: Scanners, Debuggers, and Wireless Tools 09:51
  • 140: Web, Steganography, and Cloud Tools 09:08
  • 141: Tools Inventory Handout 14:00
  • 142: Quiz: Tools Inventory 04:00

Mike Meyers and the Total Seminars Team, your source for best-selling cybersecurity courses, brings you this ethical hacking and penetration testing course with your instructor Michael Solomon, Ph.D., CISSP, PMP, CISM. Prepare for the CompTIA PenTest+ PT0-002 exam.

This is NOT a boring voice over PowerPoint course. Michael speaks to you and presents the material in an engaging interactive style that will keep you interested and make it easier to understand. Check out the free sample lectures and you will see the difference.

With 30+ years of experience in security, privacy, blockchain, and data science, and an energetic presentation style, Michael takes his proficiency in network penetration testing and consolidates it into this informative and engaging course.

Whether you're looking to pass the CompTIA PenTest+ certification exam, take your next step in the CompTIA Cybersecurity Pathway, or you're just looking to learn some awesome ethical hacking skills, you’re in the right place.

Keep in mind there's much more to being an ethical hacker than what's covered here, including how to secure a network, however this course focuses on how to be a pen tester. A pen tester plans and scopes a pen test engagement with a client, finds vulnerabilities, exploits them to get into a network, then reports on those findings to the client.

This course shows you how to:

• Use the tools you’ll need to scan networks, crack passwords, analyze and intercept traffic, discover code vulnerabilities, and compromise resources

• Recognize vulnerabilities within a system, run exploits, and suggest solutions to a client to remediate the weak points

• Work within a virtual environment to practice your pen testing skills, including using Oracle VM manager, Kali Linux, Metasploitable, and DVWA

• Scope, plan, and execute a pen test engagement from start to finish

WHAT'S COVERED?

PenTest+ Exam Domain - Percentage of Exam

1.0 Planning and Scoping - 14%

• Compare and contrast governance, risk, and compliance concepts

• Explain the importance of scoping and organizational/customer requirements

• Given a scenario, demonstrate an ethical hacking mindset by maintaining professionalism and integrity

2.0 Information Gathering and Vulnerability Scannings 22%

• Given a scenario, perform passive reconnaissance

• Given a scenario, perform active reconnaissance

• Given a scenario, analyze the results of a reconnaissance exercise

• Given a scenario, perform vulnerability scanning

3.0 Attacks and Exploits - 30%

• Given a scenario, research attack vectors and perform network attacks

• Given a scenario, research attack vectors and perform wireless attacks

• Given a scenario, research attack vectors and perform application-based attacks

• Given a scenario, research attack vectors and perform attacks on cloud technologies

• Explain common attacks and vulnerabilities against specialized systems

• Given a scenario, perform a social engineering or physical attack

• Given a scenario, perform post-exploitation techniques

4.0 Reporting and Communications 18%

• Compare and contrast important components of written reports

• Given a scenario, analyze the findings and recommend the appropriate remediation within a report

• Explain the importance of communication during the penetration testing process

• Explain post-report delivery activities

5.0 Tools and Code Analysis 16%

• Explain the basic concepts of scripting and software development

• Given a scenario, analyze a script or code sample for use in a penetration test

• Explain use cases of the following tools during the phases of a penetration test

• Anyone interested in ethical hacking, pen testing, vulnerability testing, and network security
• Anyone looking to prepare for the CompTIA PenTest+ (PT0-002) exam
• Security Analysts, Network Security Ops, Application Security Vulnerability Analysts

• There are no requirements to take this course, nor are there any requirements to sit for the CompTIA PenTest+ exam, however, basic familiarity with networks and network security is suggested

• It’s recommended to be familiar with the information in the CompTIA Network+ and Security+ exams

• Although this course is a CompTIA PenTest+ exam prep, it’s also designed for a broader audience, so those without much network security knowledge can still gain valuable information on pen testing and ethical hacking

Currently there are no Q&As for this course. Be the first to ask a question.

Reed Courses Certificate of Completion

Digital certificate - Included