e 1 - The Pen Test Engagement
Module 1 Notes
1.0 PenTest Plus Introduction
1.1 PenTest Plus Topics
1.2 PenTest Engagement
1.3 Threat Modeling
1.4 Technical Constraints
1.5 PenTest Engagement Review
1.6 Examining PenTest Engagement Documents Act
What you’ll
learn
Planning and Scoping
Information Gathering and Vulnerability Identification
Attacks and Exploits
Penetration Testing Tools
Reporting and Communication
Ethics and Legalities
Total Hours: 34 Training Hours for mastering pentest+
CompTIA PenTest + PT0-001: Your gateway to pentest certification
215 On-demand Videos: Comprehensive coverage of comptia pentesting topics
Closed Caption: Enhanced accessibility with closed captions
e 1 - The Pen Test Engagement
Module 1 Notes
1.0 PenTest Plus Introduction
1.1 PenTest Plus Topics
1.2 PenTest Engagement
1.3 Threat Modeling
1.4 Technical Constraints
1.5 PenTest Engagement Review
1.6 Examining PenTest Engagement Documents Act
Module 2 Notes
2.1 Passive Reconnaissance part1
2.2 WHOIS Act
2.3 Passive Reconnaissance part2
2.4 Google Hacking Act
2.5 Passive Reconnaissance part3
2.6 DNS Querying Act
2.7 Passive Reconnaissance part4
2.8 Email Server Querying Act
2.9 SSL-TLS Cerfificates
2.10 Shodan Act
2.11 The Havester
2.12 TheHarvester Act
2.13 Recon-ng
2.14 Recon-g Act
2.14 Recon-ng-Part-2-API-key Act
2.15 Maltego
2.16 Have I been Pwned
2.17 Punked and Owned Pwned Act
2.18 Fingerprinting Organization with Collected Archives
2.19 FOCA Act
2.20 Findings Analysis Weaponization
2.21 Chp 2 Review
Module 3 Notes
3.1 Active Reconnaissannce
3.2 Discovery Scans Act
3.3 Nmap
3.4 Nmap Scans Types Act
3.5 Nmap Options
3.6 Nmap Options Act
3.7 Stealth Scans
3.8 Nmap Stealth Scans Act
3.9 Full Scans
3.10 Full Scans Act
3.11 Packet Crafting
3.12 Packet Crafting Act
3.13 Network Mapping
3.14 Metasploit
3.15 Scanning with Metasploit Act
3.16 Enumeration
3.17 Banner Grabbing Act
3.18 Windows Host Enumeration
3.19 Winddows Host Enumeration Act
3.20 Linux Host Enumeration
3.21 Linux Host Enumeration Act
3.22 Service Enumeration
3.23 Service Enumeration Act
3.24 Network Shares
3.25 SMB Share Enumeration Act
3.26 NFS Network Share Enumeration
3.27 NFS Share Enumeration Act
3.28 Null Sessions
3.29 Null Sessions Act
3.30 Website Enumeration
3.31 Website Enumeration Act
3.32 Vulnerability Scans
3.33 Compliance Scans Act
3.34 Credentialed Non-credentialed Scans
3.35 Using Credentials in Scans Act
3.36 Server Service Vulnerability Scan
3.37 Vulnerability Scanning Act
3.38 Web Server Database Vulnerability Scan
3.39 SQL Vulnerability Scanning Act
3.40 Vulnerability Scan Part 2 OpenVAS Act
3.41 Web App Vulnerability Scan
3.42 Web App Vulnerability Scanning Act
3.43 Network Device Vulnerability Scan
3.44 Network Device Vuln Scanning Act
3.45 Nmap Scripts
3.46 Using Nmap Scripts for Vuln Scanning Act
3.47 Packet Crafting for Vulnerbility Scans
3.48 Firewall Vulnerability Scans
3.49 Wireless Access Point Vunerability
3.50 Wireless AP Scans Act
3.51 WAP Vulnerability Scans
3.52 Container Security issues
3.53 How to Update Metasploit Pro Expired Trial License
Module 4 Notes
4.1 Physical Security
4.2 Badge Cloning Act
4.3 Physical Security Review
Module 5 Notes
5.1 Social Engineering
5.2 Using Baited USB Stick Act
5.3 Using Social Enginnering to Assist Attacks
5.4 Phishing Act
5.5 Social Engineering Review
Module 6 Notes
6.1 Vulnerbility Scan Analysis
6.2 Validating Vulnerability Scan Results Act
6.3 Vulnerbility Scan Analysis Review
Module 7 Notes
7.1 Password Cracking
7.2 Brute Force Attack Against Network Service Act
7.3 Network Authentication Interception Attack
7.4 Intercepting Network Authentication Act
7.5 Pass the Hash Attacks
7.6 Pass the Hash Act
7.7 Password Cracking Review
Module 8 Notes
8.1 Penetrating Wired Network
8.2 Sniffing Act
8.3 Eavesdropping
8.4 Eavesdropping Act
8.5 ARP Poisoning
8.6 ARP Poisoning Act
8.7 Man In The Middle
8.8 MITM Act
8.9 TCP Session HiJacking
8.10 Server Message Blocks SMB Exploits
8.11 SMB Attack Act
8.12 Web Server Attacks
8.13 FTP Attacks
8.14 Telnet Server Attacks
8.15 SSH Server Attacks
8.16 Simple Network Mgmt Protocol SNMP
8.17 Simple Mail Transfer Protocol SMTP
8.18 Domain Name System DNS Cache Poisoning
8.19 Denail of Service Attack DoS-DDoS
8.20 DoS Attack Act
8.21 VLAN Hopping Review
Module 9 Notes
9.1 Penetrating Wireless Networks
9.2 Jamming Act
9.3 Wireless Sniffing
9.4 Replay Attacks
9.5 WEP Cracking Act
9.6 WPA-WPA2 Cracking
9.7 WAP Cracking Act
9.8 Evil Twin Attacks
9.9 Evil Twin Attack Act
9.10 WiFi Protected Setup
9.11 Bluetooth Attacks
9.12 Penetrating Wireless Networks
Module 10 Notes
10.1 Windows Exploits
10.2 Dumping Stored Passwords Act
10.3 Dictionary Attacks
10.4 Dictionary Attack Against Windows Act
10.5 Rainbow Table Attacks
10.6 Credential Brute Force Attacks
10.7 Keylogging Attack Act
10.8 Windows Kernel
10.9 Kernel Attack Act
10.10 Windows Components
10.11 Memory Vulnerabilities
10.12 Buffer Overflow Attack Act
10.13 Privilegde Escalation in Windows
10.14 Windows Accounts
10.15 Net and WMIC Commands
10.16 Sandboxes
Module 11 Notes
11.1 Linux Exploits
11.2 Exploiting Common Linux Features Act
11.3 Password Cracking in Linux
11.4 Cracking Linux Passwords Act
11.5 Vulnerability Linux
11.6 Priviledge Escalation Linux
11.7 Linux Accounts
11.8 Linux Exploits Review
Module 12 Notes
12.1 Mobile Devices
12.2 Hacking Android Act
12.3 Apple Exploits
12.4 Moblie Devices Review
Module 13 Notes
13.1 Specialized Systems
13.2 Specialized Systems Review
Module 14 Notes
14.1 Scripts
14.2 Powershell
14.3 Python
14.4 Ruby
14.5 Common Scripting Elements
14.6 Scripts Review
14.7 Better Ping Sweep
14.8 Simple Port Scanner2
14.9 Multitarget Port Scanner
14.10 Port Scanner with Nmap
14.11 Scripts Review
Module 15 Notes
15.1 Application Testing
15.2 Reverse Engineering
Module 16 Notes
16.1 Webb App Exploits
16.2 Injection Attacks
16.3 HTML Injection
16.4 SQL Hacking - SQLmap Act
16.5 Cross-Site Attacks
16.6 Cross-Site Request Forgery
16.7 Other Web-based Attacks
16.8 File Inclusion Attacks
16.9 Web Shells
16.10 Web Shells Review
Module 17 Notes
17.1 Lateral Movement
17.2 Lateral Movement with Remote Mgmt Services
17.3 Process Migration Act
17.4 Passing Control Act
17.5 Pivoting
17.6 Tools the Enable Pivoting
17.7 Lateral Movement Review
Module 18 Notes
18.1 Persistence
18.2 Breeding RATS Act
18.3 Bind and Reverse Shells
18.4 Bind Shells Act
18.5 Reverse Shells
18.6 Reverse Shells Act
18.7 Netcat
18.8 Netcat Act
18.9 Scheduled Tasks
18.10 Scheduled Tasks Act
18.11 Services and Domains
18.12 Persistence Review
Module 19 Notes
19.1 Cover Your Tracks
19.2 Cover Your Tracks - Timestomp Files Act
19.3 Cover Your Tracks - Frame the Administrator Act
19.4 Cover Your Tracks - Clear the Event Log Act
19.5 Cover Your Tracks Review
Module 20 Notes
20.1 The Report
20.2 The Report Review
Module 21 Notes
21.1 Post Engagement Cleanup_1
21.3 Post Engagement Cleanup Review
21.4 PenTest Plus Conclusion.mp4
The field of cybersecurity is experiencing rapid growth, driven by the escalating number and complexity of cyber threats. Both public and private sectors are investing heavily in cybersecurity measures to protect sensitive information and secure critical infrastructure. This increased investment has created a substantial demand for cybersecurity professionals, and the job market is teeming with opportunities. By becoming a cybersecurity engineer, you position yourself at the forefront of a booming industry with a multitude of career prospects.
Cybersecurity professionals are highly sought after, and as a result, they enjoy attractive salaries and excellent benefits. The specialized skills and expertise required in this field command a premium in the job market. Furthermore, as you gain experience and demonstrate your capabilities, the potential for career advancement becomes significant. Cybersecurity engineers can progress to leadership positions, such as Chief Information Security Officer (CISO), and take on strategic roles in shaping an organization's security posture.
Cybersecurity is a global concern affecting organizations of all sizes and industries worldwide. The need for cybersecurity professionals extends beyond borders, making it a globally relevant field. By becoming a cybersecurity engineer, you equip yourself with skills that are in demand not only locally but also internationally. Job security in the field of cybersecurity is robust, as the increasing threat landscape ensures a constant need for skilled professionals to protect against attacks and mitigate risks.
The field of UX/UI design is dynamic and ever-evolving. To stay competitive, designers need to keep learning and adapting to new technologies and design trends. This continuous learning keeps the work interesting and provides opportunities for personal and professional growth.
As software testers gain experience and develop their skills, they can take on more challenging roles and responsibilities. This can lead to promotions and career advancement opportunities. Most Manual testers progress to QA automation, Software development, DevOps, or Cloud Engineering.
We connect learners with peers and experts from around the world, facilitating networking and collaboration opportunities.
IBT Training's DevOps course provided a comprehensive and insightful learning experience with valuable hands-on exercises. While the internship placement was beneficial, additional guidance could enhance the overall transition. Overall, IBT Training lays a solid foundation for entering the DevOps field.
Olaniyan Olatunde Kubernetes Admin, MicrosoftEnrolling in this course proved career-defining, offering invaluable knowledge and a guaranteed internship. It set me on a path to success, delivering everything promised—free certification, ongoing learning, and the ability to pass my sec+ on the first try.
Solomon Awuku Cybersecurity Analyst, Tek ComputersUpon completing the class, I felt confident and prepared to embark on a career in cybersecurity. The skills and knowledge I acquired have already proven invaluable, as I find myself better equipped to tackle real-world challenges and contribute to the protection of digital assets.
Raymond A. CYBERSECURITY ANALYST BLUE CROSS"IBT Learning is an outstanding tech school, with experienced teachers. Graduates gain hands-on experience with management tools such as Git, Maven, Nexus, SonarQube, Ansible, Docker for microservices, Kubernetes for container orchestration, and Terraform for Infras as Code"
Landric N DevOps Engineer, Transportation InsightThe CompTIA PenTest+ (PT0-001) Exam costs the same as the core 1 exam, i.e., $226 USD.
If you fail your first attempt to pass any CompTIA certification examination, CompTIA does not require any waiting period between the first and second attempt to pass such examination.
The course outline includes planning & scoping, Windows operating systems, information gathering & vulnerability identification, software troubleshooting, networking, hardware & network troubleshooting.
The passing score for the exam for PenTest certification is 750 points on a scale of 100-900.
The CompTIA PenTest+ certification is designed for cybersecurity professionals, including penetration testers, ethical hackers, security analysts, and vulnerability assessment professionals.
Yes, the CompTIA PenTest+ certification is vendor-neutral, meaning it covers a broad range of cybersecurity concepts and is not tied to a specific technology or product.
CompTIA PenTest+ is unique in its approach, focusing on both hands-on skills and knowledge assessment. It emphasizes real-world scenarios and challenges candidates to perform penetration tests in various environments.