CompTIA PenTest+ (PT1-001)

CompTIA PenTest+ (PT1-001)

by Omar Santos
Released March 2020
Publisher(s): Pearson
ISBN: 0135305288

Watch it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Video description

6+ Hours of Video Instruction  
Overview 
CompTIA PenTest+ (PT1-001) Complete Video Course  is a complete resource to prepare for the CompTIA PenTest+ certification exam. This course covers all the topics on the exam, including planning and scoping a security penetration testing (ethical hacking) assessment, understanding legal and compliance requirements, and performing vulnerability scanning and penetration testing using appropriate tools and techniques. In addition, it guides the student on how to analyze the results and write a comprehensive report including remediation techniques and best practices on how to effectively communicate results to the relevant stakeholders.

The course is presented by a seasoned and active cybersecurity expert with years of field and teaching experience. Omar Santos walks you through the exam objectives and provides tips and scenarios throughout, helping to put the knowledge in context. He provides demonstrations as well as detailed explanations and samples of each topic.

Topics includeModule 1: Introduction to Ethical Hacking and How to Plan a Security Penetration TestModule 2: ReconnaissanceModule 3: Attacks and ExploitsModule 4: Tools and Reporting

Skill Level 
Beginner/Intermediate

Learn How To 
* Prepare for the CompTIA PenTest+ Exam* Plan and scope a security penetration test* Perform reconnaissance on a target* Gain access through vulnerable systems by knowing the various exploits* Restore environments after a pentest has successfully found vulnerabilities within the system* Record and log activities in a manner that is professional, clear, and advantageous to the client for system improvement

Who Should Take This Course 
* Anyone interested in taking the CompTIA PenTest+ exam* Individuals seeking careers in the cybersecurity field

Course Requirements None

Lesson descriptions 
Module 1, "Introduction to Ethical Hacking and How to Plan a Security Penetration Test," introduces the concept of ethical hacking and how the cybersecurity industry goes about implementing field-tested security parameters using penetration testing. It walks through the planning and scoping of a pentesting assessment.

Module 2, "Reconnaissance," covers all things related to the intelligence gathering phase of the pentest, including collecting information, port scanning, and vulnerability scanning. It then discusses how to use this intelligence to plan the pentest itself.

Module 3, "Attacks and Exploits," discusses how to use the intelligence gathered to perform the pentest. It goes over the various kinds of social engineering attacks and how to attack both wired and wireless networks. It then discusses how to exploit application-based vulnerabilities as well as local host and physical security vulnerabilities. Finally, it covers the clean-up and implementation of the post-exploitation techniques.

Module 4, "Tools and Reporting," shows how to find and leverage the various tools that are available for evasion, decompilation, forensics, and software assurance. It also goes into the reporting aspect of the job, including best practices and how to professionally recommend mitigation strategies for the vulnerabilities found.

About Pearson Video Training
Pearson publishes expert-led video tutorials covering a wide selection of technology topics designed to teach you the skills you need to succeed. These professional and personal technology videos feature world-leading author instructors published by your trusted technology brands: Addison-Wesley, Cisco Press, Pearson IT Certification, Prentice Hall, Sams, and Que. Topics include IT Certification, Network Security, Cisco Technology, Programming, Web Development, Mobile Development, and more. Learn more about Pearson Video training at http://www.informit.com/video.

Video Lessons are available for download for offline viewing within the streaming format. Look for the green arrow in each lesson.

Table of contents

  1. Introduction
    1. CompTIA PenTest+ (PT1-001) Complete Video Course: Introduction
  2. Lesson 1: Introduction to Ethical Hacking and Penetration Testing
    1. Learning objectives
    2. 1.1 Understanding Ethical Hacking and Penetration Testing
    3. 1.2 Understanding the Current Threat Landscape
    4. 1.3 Exploring Penetration Testing Methodologies
    5. 1.4 Building Your Own Lab
    6. 1.5 Tips on How to Prepare for the Exam
  3. Lesson 2: Planning and Scoping a Penetration Testing Assessment
    1. Learning objectives
    2. 2.1 Explaining the Importance of the Planning and Preparation Phase
    3. 2.2 Understanding the Legal Concepts of Penetration Testing
    4. 2.3 Learning How to Scope a Penetration Testing Engagement Properly
    5. 2.4 Learning the Key Aspects of Compliance-based Assessments
  4. Module 2: Reconnaissance
    1. Module 2: Introduction
  5. Lesson 3: Information Gathering and Vulnerability Identification
    1. Learning objectives
    2. 3.1 Conducting Information Gathering and Reconnaissance
    3. 3.2 Performing Port Scanning
    4. 3.3 Performing and Analyzing Vulnerability Scans
    5. 3.4 Leveraging Reconnaissance Results to Prepare for the Exploitation Phase
  6. Module 3: Attacks and Exploits
    1. Module 3: Introduction
  7. Lesson 4: Social Engineering Attacks
    1. Learning objectives
    2. 4.1 Understanding Phishing and Spear Phishing Attacks
    3. 4.2 Understanding Pharming, Whaling, Malvertising, SMS Phishing, and Voice Phishing Attacks
    4. 4.3 Describing what is Elicitation, Interrogation, and Impersonation (Pretexting)
    5. 4.4 Understanding What is Social Engineering Motivation Techniques
    6. 4.5 Understanding What is Shoulder Surfing
    7. 4.6 Understanding What is USB Key Drop
  8. Lesson 5: Exploiting Wired and Wireless Networks
    1. Learning objectives
    2. 5.1 Exploiting Windows Name Resolution-based Vulnerabilities
    3. 5.2 Surveying DNS Cache Poisoning Attacks
    4. 5.3 Attacking and Exploiting Server Message Block (SMB) Implementations
    5. 5.4 Understanding Simple Network Management Protocol (SNMP) Vulnerabilities and Exploits
    6. 5.5 Exploiting Simple Mail Transfer Protocol (SMTP) Vulnerabilities
    7. 5.6 Exploiting File Transfer Protocol (FTP) Vulnerabilities
    8. 5.7 Performing Pass-the-Hash, Man-in-the-middle (MiTM), and SSL Striping Attacks
    9. 5.8 Understanding Denial of Service (Dos) and Distributed Denial of Service (DDoS) Attacks
    10. 5.9 Performing Network Access Control (NAC) Bypass and VLAN Hopping Attacks
    11. 5.10 Understanding Rogue Access Points and Evil Twin Attacks
    12. 5.11 Performing Deauthentication Attacks and Attacking the Preferred Network Lists
    13. 5.12 Jamming Wireless Signal, Causing Interference, and War Driving
    14. 5.13 Understanding the WEP Protocol
    15. 5.14 Cracking WEP Implementations
    16. 5.15 Understanding the WPA Protocol
    17. 5.16 Attacking WPA2 Implementations
  9. Lesson 6: Exploiting Application-based Vulnerabilities
    1. Learning objectives
    2. 6.1 Overview of Web Applications for Security Professionals
    3. 6.2 How to Build Your Own Web Application Lab
    4. 6.3 Understanding SQL Injection
    5. 6.4 Understanding Injection Vulnerabilities
    6. 6.5 Exploiting Command Injection Vulnerabilities
    7. 6.6 Understanding Authentication-based Vulnerabilities
    8. 6.7 Exploiting Authorization-based Vulnerabilities
    9. 6.8 Understanding Cross-site Scripting (XSS) Vulnerabilities
    10. 6.9 Understanding Cross-site Request Forgery (CSRF/XSRF)
    11. 6.10 Understanding Clickjacking
    12. 6.11 Exploiting Insecure Direct Object References and Path Traversal
    13. 6.12 Assessing Unsecure Code Practices and APIs
  10. Lesson 7: Exploiting Local Host and Physical Security Vulnerabilities
    1. Learning objectives
    2. 7.1 Understanding How to Exploit Local Host Vulnerabilities
    3. 7.2 Exploiting Insecure Service and Protocol Configurations
    4. 7.3 Understanding Local Privilege Escalation
    5. 7.4 Understanding Linux Permissions
    6. 7.5 Understanding SUID or SGID and Unix Programs
    7. 7.6 Exploiting Insecure SUDO Implementations
    8. 7.7 Understanding Ret2libc Attacks
    9. 7.8 Understanding Windows Privileges
    10. 7.9 Surveying Kerberoasting
    11. 7.10 Exploiting Other Windows-based Vulnerabilities
    12. 7.11 Understanding What Are Key Loggers
    13. 7.12 Understanding What Are Scheduled Tasks
    14. 7.13 Exploring Sandboxes and Virtual Machine Escape Attacks
    15. 7.14 Surveying Mobile Device Security
    16. 7.15 Understanding How to Exploit Physical Security Vulnerabilities
  11. Lesson 8: Performing Post-Exploitation Techniques
    1. Learning objectives
    2. 8.1 Maintaining Persistence After Compromising a System
    3. 8.2 Understanding How to Perform Lateral Movement and Pivoting
    4. 8.3 Understanding How to Cover Your Tracks and Clean up Systems After a Penetration Testing Engagement
  12. Module 4: Tools and Reporting
    1. Module 4: Introduction
  13. Lesson 9: Penetration Testing Tools
    1. Learning objectives
    2. 9.1 Understanding the Different Use Cases of Penetration Testing Tools
    3. 9.2 Exploring Tools for Reconnaissance
    4. 9.3 Exploring Tools for Vulnerability Scanning
    5. 9.4 Exploring Tools for Credential Attacks
    6. 9.5 Exploring Tools for Persistence
    7. 9.6 Exploring Tools for Evasion
    8. 9.7 Exploring Tools for De-compilation
    9. 9.8 Exploring Tools for Forensics
    10. 9.9 Exploring Tools for Software Assurance
    11. 9.10 Leveraging Bash, Python, Ruby, and PowerShell in Penetration Testing Engagements
  14. Lesson 10: Reporting and Communication
    1. Learning objectives
    2. 10.1 Surveying Report Writing and Handling Best Practices
    3. 10.2 Recommending Mitigation Strategies for the Discovered Vulnerabilities
    4. 10.3 Explaining the Importance of Appropriate Communication
  15. Summary
    1. CompTIA PenTest+ (PT1-001) Complete Video Course: Summary

Product information

  • Title: CompTIA PenTest+ (PT1-001)
  • Author(s): Omar Santos
  • Release date: March 2020
  • Publisher(s): Pearson
  • ISBN: 0135305288