CompTIA PenTest+ (PT0-001)

(pearson-PT0-001-complete)/ISBN:978-1-64459-052-2

This course includes
Lessons
TestPrep
Hand-on Lab

Get certified for the CompTIA PenTest+ certification exam with the CompTIA PenTest+ PT0-001 Course and Lab. The lab provides a hands-on learning experience in a safe and online environment. The CompTIA PenTest+ study guide covers the PT0-001 exam objectives and imparts skills on penetration testing topics such as planning and scoping a penetration testing assessment, exploiting wired and wireless networks, performing post-exploitation techniques, and more.

Here's what you will get

The CompTIA PenTest+ certification is an intermediate-level certification that validates the candidates' knowledge and skills in planning, reporting, and scoping an assessment, comprehending legal and compliance requirements, executing penetration testing and vulnerability scanning. The PenTest+ PT0-001 exam evaluates the latest penetration testing, vulnerability assessment, and management skills essential to determine the system's resiliency against assaults.

Lessons

12+ Lessons | 211+ Quizzes | 111+ Flashcards | 111+ Glossary of terms

TestPrep

84+ Pre Assessment Questions | 2+ Full Length Tests | 85+ Post Assessment Questions | 167+ Practice Test Questions

Hand on lab

60+ LiveLab | 60+ Video tutorials | 56+ Minutes

Video Lessons

192+ Videos | 07:26+ Hours

Here's what you will learn

Download Course Outline

Lessons 1: Introduction

Lessons 2: Introduction to Ethical Hacking and Penetration Testing

  • Understanding Ethical Hacking and Penetration Testing
  • Understanding the Current Threat Landscape
  • Exploring Penetration Testing Methodologies
  • Building Your Own Lab
  • Review All Key Topics

Lessons 3: Planning and Scoping a Penetration Testing Assessment

  • Explaining the Importance of the Planning and Preparation Phase
  • Understanding the Legal Concepts of Penetration Testing
  • Learning How to Scope a Penetration Testing Engagement Properly
  • Learning the Key Aspects of Compliance-Based Assessments
  • Review All Key Topics

Lessons 4: Information Gathering and Vulnerability Identification

  • Understanding Information Gathering and Reconnaissance
  • Understanding the Art of Performing Vulnerability Scans
  • Understanding How to Analyze Vulnerability Scan Results
  • Review All Key Topics

Lessons 5: Social Engineering Attacks

  • Understanding Social Engineering Attacks
  • Phishing
  • Pharming
  • Malvertising
  • Spear Phishing
  • SMS Phishing
  • Voice Phishing
  • Whaling
  • Elicitation, Interrogation, and Impersonation (Pretexting)
  • Social Engineering Motivation Techniques
  • Shoulder Surfing
  • USB Key Drop and Social Engineering
  • Review All Key Topics

Lessons 6: Exploiting Wired and Wireless Networks

  • Exploiting Network-Based Vulnerabilities
  • Exploiting Wireless and RF-Based Attacks and Vulnerabilities
  • Review All Key Topics

Lessons 7: Exploiting Application-Based Vulnerabilities

  • Overview of Web Applications for Security Professionals
  • How to Build Your Own Web Application Lab
  • Understanding Injection-Based Vulnerabilities
  • Exploiting Authentication-Based Vulnerabilities
  • Exploiting Authorization-Based Vulnerabilities
  • Understanding Cross-Site Scripting (XSS) Vulnerabilities
  • Understanding Cross-Site Request Forgery Attacks
  • Understanding Clickjacking
  • Exploiting Security Misconfigurations
  • Exploiting File Inclusion Vulnerabilities
  • Exploiting Insecure Code Practices
  • Review All Key Topics

Lessons 8: Exploiting Local Host and Physical Security Vulnerabilities

  • Exploiting Local Host Vulnerabilities
  • Understanding Physical Security Attacks
  • Review All Key Topics

Lessons 9: Performing Post-Exploitation Techniques

  • Maintaining Persistence After Compromising a System
  • Understanding How to Perform Lateral Movement
  • Understanding How to Cover Your Tracks and Clean Up Systems After a Penetration Testing Engagement
  • Review All Key Topics

Lessons 10: Penetration Testing Tools

  • Understanding the Different Use Cases of Penetration Testing Tools and How to Analyze Their Output
  • Leveraging Bash, Python, Ruby, and PowerShell in Penetration Testing Engagements
  • Review All Key Topics

Lessons 11: Understanding How to Finalize a Penetration Test

  • Explaining Post-Engagement Activities
  • Surveying Report Writing Best Practices
  • Understanding Report Handling and Communications Best Practices
  • Review All Key Topics

Appendix: Video Tutorials

Hands-on LAB Activities

Information Gathering and Vulnerability Identification

  • Using dnsrecon to Perform Enumeration
  • Performing Nmap SYN Scan
  • Performing a UDP Scan Using Nmap
  • Performing Nmap FIN Scan
  • Using Nmap for Host Enumeration
  • Using Nmap for User Enumeration
  • Using Nmap for Network Share Enumeration
  • Using Nmap to Perform recon
  • Using Nmap for Web Application Enumeration
  • Using Nmap for Network Enumeration
  • Performing Domain Enumeration
  • Using DNSdumpster
  • Using Recon-ng to Gather Information
  • Performing Zone Transfer Using dig
  • Performing Automated Vulnerability Scanning

Social Engineering Attacks

  • Using the SET Tool

Exploiting Wired and Wireless Networks

  • Exploiting SMB
  • Exploiting SNMP
  • Exploiting SMTP
  • Understanding the Pass-the-hash Attack
  • Searching Exploits Using searchsploit
  • Performing ARP Spoofing
  • Performing the Man-in-the-Middle Attack
  • Performing DHCP Starvation Attack
  • Understanding MAC Bypass
  • Simulating DDoS Attack
  • Using the EternalBlue Exploit in Metasploit

Exploiting Application-Based Vulnerabilities

  • Exploiting SQL Injection Vulnerabilities
  • Exploiting Blind SQL Injection Vulnerabilities
  • Exploit PHP Object Injection
  • Exploiting the Stored (Persistent) XSS Attack
  • Exploiting the DOM-Based XSS Attack
  • Exploiting the Reflected XSS Attack
  • Exploiting the Cross-site Request Forgery (CSRF or XSRF) Attacks
  • Exploiting Command Injection Vulnerabilities
  • Understanding Credential based Brute-force Attack
  • Performing Session Hijacking
  • Exploiting Local File Inclusion Vulnerabilities
  • Exploiting Remote File Inclusion Vulnerabilities
  • Understanding SUID or SGID and Unix Program

Exploiting Local Host and Physical Security Vulnerabilities

  • Understanding Local Privilege Escalation
  • Exploiting SAM Database
  • Using Apktool to Decode and Analyze apk File

Performing Post-Exploitation Techniques

  • Creating Reverse and Bind Shells using Netcat
  • Using the Metasploit RDP Post-Exploitation Module

Penetration Testing Tools

  • Using nslookup
  • Using Dig for Passive Reconnaissance
  • Using ExifTool
  • Using the theHarvester Tool
  • Using Nikto
  • Using OWASP ZAP
  • Using meterpreter
  • Using Bash for Penetration Testing
  • Using Python for Penetration Testing
  • Using PowerShell for Penetration Testing
  • Using Maltego to Gather Information
  • Using the Zenmap Tool
  • Using OpenVAS

Understanding How to Finalize a Penetration Test

  • Using the Dradis Framework CE on Kali Linux
  • Studying the Communication Plan and the Main Elements of a Pen Test Report

Exam FAQs

Network+, Security+ or equivalent knowledge. Minimum of 3-4 years of hands-on information security or related experience. While there is no required prerequisite, PenTest+ is intended to follow CompTIA Security+ or equivalent experience and has a technical, hands-on focus.

USD 370

Performance-based and multiple choice

The exam contains 85 questions.

165 minutes

750

(on a scale of 100-900)

In the event that you fail your first attempt at passing the PenTest+ examination, CompTIA's retake policies are:

  1. If a candidate has passed an exam, he/she cannot take it again without prior consent from CompTIA.
  2. Candidates must pay the exam price each time they attempt the exam. CompTIA does not offer free re-tests or discounts on retakes.
  3. A test result found to be in violation of the retake policy will not be processed, which will result in no credit awarded for the test taken. Repeat violators will be banned from participation in the CompTIA Certification Program.
  4. CompTIA does not require a waiting period between the first and second attempt to pass such examination. However, if you need a third or subsequent attempt to pass the examination, you shall be required to wait for a period of at least 14 calendar days from the date of your last attempt before you can retake the exam.

CompTIA PenTest+ certification expires after three years from the date of issue, after which the certification holder will need to renew their certification via CompTIA's Continuing Education Program.

Customer Review

uCertify is a very cost-effective way of studying for the exam and I was impressed with the quality of the materials. It would be good to be able to download the course book and flash cards so that you could study offline – personally I don’t find it very easy to read long texts on screen but I know this works for other people.

uCertify PenTest+ PT0-001 course is based on the official certification guide from Pearson, in such way that the theory is enough for you to apply for the test. I really liked the number of flashcards and knowledge checks presented in each lecture. However, the differential in this course is the hands-on labs available, very useful to be confident and succeed in the exam.