Learn from professionals about high-level penetration testing and ethical hacking to get ready for the CompTIA PenTest+ PT0-002 exam
About This Video
In Detail
This …
Learn from professionals about high-level penetration testing and ethical hacking to get ready for the CompTIA PenTest+ PT0-002 exam
About This Video
In Detail
This course covers the five domains required to study for the CompTIA PenTest+ PT0-002 exam. As an ethical hacker, you will be the good guy and be paid to get into networks, so we will start by learning how to plan and scope a penetration test for a client. Then practice your pen-testing techniques by learning how to use tools like Oracle VM manager, Kali Linux, Metasploitable, and DVWA while working in a virtual environment. We will also learn how to locate vulnerabilities, how to break into a network to run exploits, and how to report the client with those flaws so that they can be fixed.
Then, discover how to scan and enumerate (finding) targets in order to acquire intelligence on a network by looking for those targets' weak points. After that, we will examine social engineering techniques, explore network-based vulnerabilities, and learn to intercept traffic using on-path (man-in-the-middle) attacks. The usage of pen-testing tools like Nmap, Nessus, Nslookup, John the Ripper, Immunity Debugger, Aircrack-NG, Wireshark, and others can be learned later on. Lastly, we will cover how to prepare reports, describe post-delivery activities, and suggest remedial measures to your client.
By the end of this course, you will be well prepared for your PenTest+ PT0-002 exam.
Audience
Despite being a CompTIA PenTest+ exam prep, this course is also intended for a larger audience, allowing those with little to no experience with network security to still learn important things like pen testing and ethical hacking, vulnerability testing, network security.
No prerequisites are necessary to enroll in this course or to take the CompTIA PenTest+ exam, however a basic understanding of networks and network security is advised. The knowledge contained in the CompTIA Network+ and Security+ tests is also advised.
Chapter 1 : Introduction
Welcome to the course
Introduction to the CompTIA PenTest+ (PT0-002) Course
About the CompTIA PenTest+ (PT0-002) Exam
Chapter 2 : Planning and Engagement
Planning a Pen Test
Rules of Engagement
Regulatory Compliance
Resources and Budget
Impact and Constraints
Support Resources
Legal Groundwork
Service Provider Agreements
Standards and Methodologies, Part 1
Standards and Methodologies, Part 2
Environmental and Scoping Considerations
Ethical Mindset
Lab Environment Setup
Project Strategy and Risk
Scope Vulnerabilities
Compliance-Based Assessments
Chapter 3 : Information Gathering and Vulnerability Scanning
Scanning and Enumeration
Scanning Demo
Packet Investigation
Packet Inspection Demo
Labtainers Setup
Labtainers Lab (Wireshark)
Application and Open-Source Resources
Passive Reconnaissance
Active Reconnaissance
Vulnerability Scanning
Vulnerability Scanning Demo
Labtainers Lab (Network Basics)
Labtainers Lab (Nmap Discovery)
Target Considerations
Analyzing Scan Output
Nmap Scoping and Output Options
Nmap Timing and Performance Options
Prioritization of Vulnerabilities
Common Attack Techniques
Automating Vulnerability Scans
Credential Attacks
Labtainers Lab (Password Cracking)
Labtainers Lab (Secure Socket Layers)
Labtainers Lab (Routing Basics)
Chapter 4 : Network-Based Attacks
Exploit Resources and Network Attacks
Network-Based Exploits
FTP Exploit Demo
Man-in-the-Middle Exploits
Labtainers Lab (TCP/IP Attacks)
Labtainers Lab (ARP Spoof Attacks)
Labtainers Lab (Local DNS Attacks)
Labtainers Lab (MACs and Hash Functions)
Chapter 5 : Selecting Pen Testing Tools
Wireless Exploits
Wireless Exploits, Part 2
Antennas
Chapter 6 : Reporting and Communication
OWASP Top 10
Application Exploits, Part 1
SQL Injection Demo
Labtainers Lab (SQL Injection)
Application Exploits, Part 2
Application Exploits, Part 3
Cross-Site Scripting Demo
Labtainers Lab (Cross-Site Scripting)
Labtainers Lab (Cross-Site Request Forgery)
Code Vulnerabilities
API Attacks and Attack Resources
Privilege Escalation (Linux)
Privilege Escalation (Windows)
Misc. Privilege Escalation
Misc. Local Host Vulnerabilities
Chapter 7 : Attacking the Cloud
Cloud Attacks, Part 1
Cloud Attacks, Part 2
Chapter 8 : Specialized and Fragile Systems
Mobile Attacks
IoT Attacks
Data Storage and Management Interface Attacks
Virtual and Containerized Environment Attacks
Labtainers Lab (Industrial Control System)
Chapter 9 : Social Engineering and Physical Attacks
Pretext for a Social Engineering Attack
Remote Social Engineering
Spear Phishing Demo
In-Person Social Engineering
Physical Security
Chapter 10 : Post-Exploitation
Post-Exploitation Techniques
Post-Exploitation Tools
Network Segmentation Testing
Persistence and Stealth
Detection Avoidance Techniques
Chapter 11 : Post-Engagement Activities
Report Writing
Important Components of Written Reports
Mitigation Strategies
Technical and Physical Controls
Administrative and Operational Controls
Communication
Presentation of Findings
Post-Report Activities
Data Destruction Process
Chapter 12 : Tools and Programming
Using Scripting in Pen Testing
Bash Scripting Basics
Bash Scripting Techniques
PowerShell Scripts
Ruby Scripts
Python Scripts
Scripting Languages Comparison
Data Structures, Part 1
Data Structures, Part 2
Libraries
Classes
Procedures and Functions
Perl and JavaScript
Chapter 13 : Tools Inventory
Pen Testing Toolbox
Using Kali Linux
Scanners and Credential Tools
Code-Cracking Tools
Open-Source Research Tools
Wireless and Web Pen Testing Tools
Remote Access Tools
Analyzers and Mobile Pen Testing Tools
Other Pen Testing Tools
Labtainers Lab (Metasploit Framework)
Labtainers Lab (Wireshark Packet Inspection)
Labtainers Lab (SSH)
Scanners, Debuggers, and Wireless Tools
Web, Steganography, and Cloud Tools