CompTIA PenTest+ (PTO-001)

Paths

CompTIA PenTest+ (PTO-001)

Author: Dale Meredith

In this series, you will learn penetration testing methodology to conduct information gathering and vulnerability analysis as well as the management skills necessary to determine... Read more

What you will learn:

  • How to plan and scope penetration tests
  • How to conduct passive reconnaissance
  • How to perform non-technical tests to gather information
  • How to conduct active reconnaissance
  • How to analyze vulnerabilities
  • How to penetrate networks
  • How to exploit host-based vulnerabilities
  • How to test applications
  • How to complete post-exploit tasks
  • How to analyze and report penetration test results

Pre-requisites

CompTIA recommends PenTest+ candidates have a minimum of 3-4 years of hands-on information security or related experience. While there is no required prerequisite, PenTest+ is intended to follow CompTIA Security+ or equivalent experience and has a technical, hands-on focus. It recommends experience in Network+, Security+ or equivalent knowledge.

CompTIA PenTest+ (PT0-001)

In this series, you will learn penetration testing methodology to conduct information gathering and vulnerability analysis as well as the management skills necessary to determine the resilience of a network against attacks. You will learn the management skills used to plan, scope, and manage weaknesses, not just exploit them. These courses will also help you prepare for the CompTIA PenTest+ (exam code PT0-001).

For 10% discount when you sign up for your next CompTIA exam, use the code "PLURAL10"

Laying the Foundation for Penetration Testing for CompTIA PenTest+

by Dale Meredith

Mar 7, 2019 / 4h 35m

4h 35m

Start Course
Description

So, you’re worried about how your network and your resources will withstand a cyber attack? That’s where a penetration test (often referred to as a pentest) comes into play. In this course, Laying the Foundation for Penetration Testing for CompTIA PenTest+, you’ll learn the basics of the types of pentests that are performed. First, you’ll learn the goals you’re trying to achieve. Next, you'll explore setting up a lab environment for pentesting. Finally, to protect you and your environment from accidental damage to your production network, you’ll discover how to set up the parameters within your new lab environment. By the end of this course, you'll gain a foundational understanding of the importance, and implementation, of pentesting.

Table of contents
  1. Course Overview
  2. Penetration Testing Foundations
  3. Setting up a Lab Environment to Pentest
  4. Adding Virtual Targets (Servers)
  5. Adding Your PenTest Workstation
  6. Planning Your Engagement
  7. Setting Your Limits with a Scope
  8. The “Just Us League”

Conducting Passive Reconnaissance for CompTIA PenTest+

by Dale Meredith

May 6, 2019 / 3h 1m

3h 1m

Start Course
Description

Attackers spend 70-80 percent of their time gathering information about their target. Doing so answers tons of questions that save them time while becoming active. It only makes sense that you as a security professional do the same. In this course, Conducting Passive Reconnaissance for CompTIA PenTest+, you will learn about effective untraceable information gathering, referred to as reconnaissance. First, you will see what information can be discovered about your target using public and open source information. Next, you will discover what WHOIS, nslookup, and even Google can expose about your target. Finally, you will explore some applications that are designed to help automate this phase of reconnaissance. When you’re finished with this course, you will have the skills and knowledge of passive reconnaissance needed to conduct a penetration test.

Table of contents
  1. Course Overview
  2. Gathering Information
  3. Where to Start Your Reconnaissance
  4. Getting Our Google Hacking On
  5. DNS and Certificates as a Resource
  6. Apps to Make Recon Easier (The Big Bad Boys)
  7. Weaponizing the Data

Performing Non-Technical Tests for CompTIA PenTest+

by Dale Meredith

Jul 30, 2019 / 1h 25m

1h 25m

Start Course
Description

Security professionals tend to focus on the technical aspects of attacks and forget that infrastructures can be compromised by the non-technical hacks. If non-technical attacks such as social engineering and physical security testing are within the scope of your pen-testing engagement, you will want to hold off on moving into active reconnaissance. In this course, Performing Non-Technical Tests for CompTIA PenTest+, you will gain the ability to truly evaluate the non-technical (digital) aspects of a penetration test. First, you will learn how social engineering can manipulate users into doing things they normally wouldn't do. Next, you will discover how easy it is to implement a USB drop and how effective it still is today. Finally, you will explore how to circumvent the physical security controls in place. When you’re finished with this course, you will increase your skills and knowledge as a security professional needed to perform non-technical penetration tests.

Table of contents
  1. Course Overview
  2. Social Engineering Attacks
  3. The USB Drop – A Hybrid Attack
  4. Gone Phishing
  5. Physical Attacks – Truly Breaking In

Conducting Active Reconnaissance for CompTIA PenTest+

by Dale Meredith

Sep 30, 2019 / 3h 46m

3h 46m

Start Course
Description

Up until now, we have been "quiet" as far as reconnaissance goes. But the downside is that many times we won't see every single system through passive methods. This is were Active Reconnaissance comes in to play.

In this course, Conducting Active Reconnaissance for CompTIA PenTest+, you will gain the ability to discover more network nodes and collect system information during your penetration tests. First, you will learn how to discover all the targets on a given network. Next, you will discover how to use enumeration to find services and even accounts on the targets. Then, you will see how to scan each one for vulnerabilities which might allow someone to gain unauthorized access to protected digital or electronic materials, and may go around routers or even firewalls to get in. Finally, you will explore how to look at different types of scripts and some cool tools to help automate your tasks.

When you’re finished with this course, you will have the skills and knowledge of discovering as many nodes, services accounts, and even some vulnerabilities needed to cover every aspect of the active reconnaissance step within any pentest engagement.

Table of contents
  1. Course Overview
  2. Scanning the Network
  3. Mapping the Network and Using Metasploit
  4. The Basics of Enumerating
  5. Linux and Other Items to Enumerate
  6. Now Scan for Vulnerabilities
  7. Automating with Scripts

Information Gathering and Vulnerability Identification for CompTIA PenTest+

by Dale Meredith

Dec 11, 2019 / 1h 25m

1h 25m

Start Course
Description

Now that you have finished identifying, enumerating, and uncovering vulnerabilities through your active and passive reconnaissance efforts, you have to now figure out what do with this data.

In this course, Information Gathering and Vulnerability Identification for CompTIA PenTest+, you will learn foundational knowledge of and gain the ability to analyze the vulnerabilities you've discovered. First, you will learn how to choose the right vulnerability scanner, be it open-source or commercial, on-prem or cloud-based. Next, you will discover how to organize said data by categorizing the assets, identifying false-positives and preparing for adjudication. Finally, you will explore how to transform this data into actionable exploits. When you’re finished with this course, you will have the skills and knowledge of analyzing the vulnerabilities or order to prepare for the next stage of the penetration testing lifecycle.

Table of contents
  1. Course Overview
  2. Comparing Different Vulnerability Scanners
  3. Interpreting What You Have Found
  4. Explaining How to Utilize the Data for Exploitation

Penetrating Networks for CompTIA PenTest+

by Dale Meredith

Jan 28, 2020 / 2h 9m

2h 9m

Start Course
Description

Connecting computing devices together to share files and other resources is certainly an essential part of today's computing landscape; however, the very act of connecting to networks introduces risk to the devices and the data stored on them. In this course, Penetrating Networks for CompTIA PenTest+, you will gain the ability to review all aspects of given network infrastructure to discover any weaknesses during a penetration test. First, you will learn about the similarities that all networks have in common that create different attack surfaces. Next, you will discover how different networking services can create possible entry points into a network or, at the least, the ability to enumerate systems for more data. Finally, you will explore how to look within the realm of wireless technologies whether it's basic WiFi or Bluetooth, or even some of the flaws of WPS. When you are finished with this course, you will have the skills and knowledge to thoroughly test networks and their devices during a penetration testing engagement. .

Table of contents
  1. Course Overview
  2. Analyzing the Commonalities Among Every Network
  3. Exploiting Vulnerable Services on the Network
  4. Attacking Wireless Based Vulnerabilities
  5. Targeting Specialized Systems Vulnerabilities

Exploiting Host-based Vulnerabilities for CompTIA PenTest+

by Dale Meredith

Mar 20, 2020 / 2h 20m

2h 20m

Start Course
Description

Network services aren't the only source of vulnerability for an organization. In this course, Exploiting Hosts-based Vulnerabilities for CompTIA PenTest+, you will gain the ability to engage and exploit different host targets during an engagement. First, you will learn the commonalities that all Windows hosts have with each other as well as a different distrobution of Linux hold in common. Once you understand this, you'll be able to utilize this knowledge to your advantage. Next, you will discover that similar OS also offers up services, protocols and even some built-in account that make them extremely attractive to attack. Finally, you will explore how default configurations and setting can haunt an organization when it comes to attackers gaining access to resources that are in some cases mission critical. When you are finished with this course, you will have the skills and knowledge of penetration tester needed to exploit hosts on any engagement.

Table of contents
  1. Course Overview
  2. Describing the Commonalities among Every Windows System
  3. Describing the Commonalities among *nix-based Hosts
  4. Exploiting the Protocols, Services, and Default Configurations of Windows and Linux Based Hosts
  5. Examining the Permissions and Files of Windows and Linux Hosts
  6. Targeting Kernels, Accounts, and Memory
  7. Exposing Android, iOS, and macOS Hosts
  8. Examining the Physical Security of Hosts

Testing Applications for CompTIA PenTest+

by Dale Meredith

Apr 23, 2020 / 1h 13m

1h 13m

Start Course
Description

There are many different ways software can be flawed by both design and implementation, so you will need to accurately execute a wide variety of tests to assess each application that the business is responsible. In this course, Testing Applications for CompTIA PenTest+, you will learn how to exploit the vulnerabilities in web-based applications during an engagement. First, you will learn the commonalities among web-apps. Once you understand this, you will be able to utilize this knowledge to your advantage. Next, you will explore the different types of authentication, injection, and web shell attacks you can use to exploit these apps. Finally, you will use specific analysis techniques on compiled software to see if you can compromise these types of applications. When you are finished with this course, you will have the skills and knowledge of penetration tester needed to exploit most any app on any engagement.

Software required: [software required.] *

  • Setting up the Lab environment from the "Laying the Foundation for Penetration Testing for CompTIA PenTest+" course.

Table of contents
  1. Course Overview
  2. Examining Common Web-application Vulnerabilities
  3. Executing Authentication and Authorization Attacks
  4. Exploring the Injection Attacks
  5. Showing Further Attack Methods
  6. Examining Source Code and Compiled Apps

Post-Exploit Tasks for CompTIA PenTest+

by Dale Meredith

Jun 5, 2020 / 1h 17m

1h 17m

Start Course
Description

You have identified the big computing assets that an enterprise wants to keep protected — networks, hosts, and applications — and have done what you can to exploit their vulnerability. This is the core phase of any penetration testing engagement, but you are not done. You need to engage in post-exploitation activities to escape security countermeasures and maintain a foothold in the organization, long though the main actions have been accomplished.

In this course, Post Exploit Tasks for CompTIA PenTest+, you will gain understanding of the steps and techniques that you can use during this phase and the engagement. First, you will learn different lateral movement techniques that allow you make the most impact of the exploits you have already discovered. Once you understand this, you will learn about pivoting through port forwarding, VPNs, SSH, and others. Next, you will explore the different ways you can maintain persistence within the target network without drawing much attention to your self. Finally, you will use specific anti-forensics techniques to avoid software that is designed to catch you and your activities

When you are finished with this course, you will have the skills and knowledge of penetration tester needed to complete your post-exploit tasks on any any engagement.

Software required: [software required.] *

  • Setting up the Lab environment from the "Laying the Foundation for Penetration Testing for CompTIA PenTest+" course.

Table of contents
  1. Course Overview
  2. Examining Lateral Movements and Pivoting Techniques
  3. Exploring Persistence Techniques
  4. Examining Anti-forensic Techniques

Results and Reporting for CompTIA PenTest+

by Dale Meredith

Jun 26, 2020 / 1h 16m

1h 16m

Start Course
Description

You have completed your penetration test. Congratulations! No time to relax, though, because the next step is to analyze the data you collected and create reports based on that data. Your reports need to put both information about the data you collected and recommended strategies to mitigate the vulnerabilities that you've identified.

In this course, Results and Reporting for CompTIA PenTest+, you will learn how to handle all the information you have collected by the target. First, you will explore how to make sure you have gathered all the data needed for your report. Once you understand this, you will have a better idea of how to organize and present the information that is valuable to the client. Next, you will learn about how to develop different mitigation strategies to help the client gain better control over their vulnerabilities. Then, you will see how to write a report, categorize the data, and how to work with the client to determine their “risk appetite.” Finally, you will discover all the cleanup tasks every security professional should make sure they run through to make sure they don’t leave the client vulnerable to outside attacks. When you are finished with this course, you will have the skills and knowledge required of penetration testers to complete any engagement and make sense of all the issues you’ve encountered.

Table of contents
  1. Course Overview
  2. Writing and Handling Reports
  3. Developing Recommendations for Mitigation Tactics
  4. Conducting Post-report-delivery Activities

Knowledge is power

A Professional or Enterprise Pluralsight account is required to access Kaplan®* practice exams. Sign in below or sign up for a free team trial.