O'Reilly logo
live online training icon Live Online training

CompTIA PenTest+ Crash Course

Omar Santos

This live and interactive training is designed to help you prepare for the new CompTIA PenTest+ exam. In this training we will review the main topics and methodologies that you need to master the PenTest+ exam objectives. You will learn security penetration testing methodologies and concepts by going over step-by-step examples. In this class we will also review several sample questions for each of the topics covered.

Learn how to craft the exploits used by ethical hackers to perform real world penetration testing engagements. Understand the methods for conducting wired and wireless network assessments, hacking web servers, and web applications. You will learn mitigations to the most common attacks and vulnerabilities. You will also learn details about pre-engagement tasks including planning, scoping, compliance-based testing, and more. You will also learn how to write penetration testing reports and include best practices explaining recommended mitigation strategies for the discovered vulnerabilities.

What you'll learn-and how you can apply it

  • Review the main topics covered in the CompTIA PenTest+ exam.
  • Learn through step-by-step demonstrations.
  • Review sample questions and participate in interactive discussions.

This training course is for you because...

  • You have an understanding of cybersecurity fundamentals.
  • Anyone interested in cybersecurity and penetration testing (ethical hacking) will benefit from this training.
  • You want to learn different methodologies and best practices to perform security penetration testing assessments.
  • This training prepares candidates for the CompTIA PenTest+ certification.

Prerequisites

  • Course participants should have a basic understanding of cybersecurity and networking, plus core familiarity with Microsoft Windows and Linux operating systems.
  • The following books and video courses provides a good overview of cybersecurity fundamentals that are pre-requisites for this course: http://sunburn.in/?page=learning-paths/learning-path-cybersecurity/9780135255483/

Course Set-up

Recommended Preparation

Recommended Follow-up

About your instructor

  • Omar Santos is a Principal Engineer in the Cisco Product Security Incident Response Team (PSIRT) within Cisco's Security Research and Operations. He mentors and leads engineers and incident managers during the investigation and resolution of security vulnerabilities in all Cisco products, including cloud services. Omar has been working with information technology and cyber security since the mid-1990s. Omar has designed, implemented, and supported numerous secure networks for Fortune 100 and 500 companies and the U.S. government. He is an active member of the security community, where he leads several industry-wide initiatives and standard bodies. Omar is often delivering technical presentations at many conferences and he is the author of over 15 books and video courses.

Schedule

The timeframes are only estimates and may vary according to how the class is progressing

DAY 1

Section 1: Introduction to Ethical Hacking and to the CompTIA PenTest+ exam 15 minutes

  • A brief introduction to ethical hacking and penetration testing methodologies.
  • Reviewing what’s covered in the CompTIA PenTest+ exam.

Section 2: Planning and Scoping 45 minutes

  • The importance of planning for an engagement
  • The key legal concepts in penetration testing
  • The importance of scoping an engagement properly
  • The key aspects of compliance-based assessments

Break 10 minutes

Section 3: Information Gathering and Vulnerability Identification 50 minutes

  • Conducting information gathering using appropriate techniques.
  • Vulnerability Scanning
  • Analyzing vulnerability scan results
  • The process of leveraging information to prepare for exploitation
  • Weaknesses related to specialized systems

Break 10 minutes

Section 4: Social Engineering 50 minutes

  • Introducing social engineering.
  • Reviewing social engineering tools and methodologies.
  • Reviewing example questions.

Break 10 minutes

Section 5: Exploiting Wired and Wireless Network 50 minutes

  • Attacking wired networks.
  • Attacking Wireless networks.
  • Reviewing example questions.

DAY 2

Section 6: Exploiting Application-based Vulnerabilities 50 minutes

  • Overview of Web Applications for Security Professionals
  • How to Build Your Own Web Application Lab
  • Understanding Injections Based Vulnerabilities
  • Exploiting Authentication-based Vulnerabilities
  • Exploiting Authorization-based Vulnerabilities
  • Understanding Cross-site Scripting (XSS) Vulnerabilities
  • Understanding Cross-site Request forgery (CSRF/XSRF)
  • Understanding Clickjacking
  • Exploiting Security Misconfiguration
  • Exploiting File Inclusion Vulnerabilities
  • Assessing Unsecure Code Practices
  • Reviewing example questions.

Break 10 minutes

Section 7: Exploiting Local Host and Physical Security Vulnerabilities 40 minutes

  • Understanding how to exploit local host vulnerabilities
  • Understanding how to exploit physical security vulnerabilities.
  • Review example questions.

Break 10 minutes

Section 8: Performing Post-Exploitation Techniques 30 minutes

  • Maintaining persistence after compromising a system
  • Understanding how to perform lateral movement and pivoting
  • Understanding how to cover your tracks and cleanup systems after a penetration testing engagement
  • Reviewing example questions.

Section 9: Penetration Testing Tools 60 minutes

  • Understanding the different use cases of penetration testing tools.
  • Analyzing tool output and data related to a penetration testing assessment.
  • Leveraging Bash, Python, Ruby, and PowerShell in Penetration Testing Engagements
  • Reviewing example questions.

Break 10 minutes

Section 10: Reporting and Communication 30 minutes

  • Report writing and handling best practices.
  • Post-report delivery activities.
  • Recommend mitigation strategies for discovered vulnerabilities.