CompTIA PenTest+

CompTIA PenTest+ is the only penetration testing exam taken at a Pearson VUE testing center with both hands-on, performance-based questions and multiple-choice, to ensure each candidate possesses the skills, knowledge, and ability to perform tasks on systems. PenTest+ exam also includes management skills used to plan, scope, and manage weaknesses, not just exploit them.

PenTest+ is unique because our certification requires a candidate to demonstrate the hands-on ability and knowledge to test devices in new environments such as the cloud and mobile, in addition to traditional desktops and servers.

About the exam :
- CompTIA PenTest+ assesses the most up-to-date penetration testing, and vulnerability assessment and management skills necessary to determine the resiliency of the network against attacks.
- Successful candidates will have the intermediate skills required to customize assessment frameworks to effectively collaborate on and report findings.
- Candidates will also have the best practices to communicate recommended strategies to improve the overall state of IT security.

CompTIA PenTest+ is compliant with ISO 17024 standards and approved by the US DoD to meet directive 8140/8570.01-M requirements. Regulators and government rely on ANSI accreditation, because it provides confidence and trust in the outputs of an accredited program. Over 2.3 million CompTIA ISO/ANSI-accredited exams have been delivered since January 1, 2011.

Kurikulum Kursus

  • Modul 1

    Planning and Scoping Penetration Tests

    • Introduction to Penetration Testing Concepts
    • Pen Testing Standards and Frameworks
    • Processes Commonly Used for Pen Testing
    • Tools Commonly Used in Pen Testing
    • Communication and the Pen Testing Process
    • Contract Types
    • Legal Restrictions
  • Modul 2

    Plan a Pen Test Engagement

    • Target Audience Types
    • Budget
    • Impact Analysis
  • Modul 3

    Scope and Negotiate a Pen Test Engagement

    • Scoping
    • Compliance-Based Assessments
    • Types of Threat Actors
    • Threat Models
    • Specialized Systems
    • Scheduling
    • Special Considerations for Scoping Engagements
  • Modul 4

    Prepare for a Pen Test Engagement

    • Team Preparation
    • Activity Assignment and Sequencing
    • Go Live
  • Modul 5

    Conducting Passive Reconnaissance

    • Gather Background Information
    • Whois
    • Related Websites
    • Job Boards
    • Online Articles and News
    • SSL/TLS Certificates
    • theHarvester
    • Maltego
  • Modul 6

    Prepare Background Findings for Next Step

    • Findings Analysis and Weaponization
    • External and Third-Party Sites
    • Social Engineering
    • Preparation for Next Steps
  • Modul 7

    Performing Non-Technical Tests

    • Perform Social Engineering Tests
    • Phishing
    • Elicitation
    • Baiting
    • Shoulder Surfing
  • Modul 8

    Perform Physical Security Tests on Facilities

    • Physical Security Controls
    • Lock Picking and Bypassing
    • Badge Cloning
  • Modul 9

    Conducting Active Reconnaissance

    • Network Scanning
    • Nmap Options
    • Discovery Scans
    • Port Scanning
    • Stealth Scans
    • Full Scans
    • Network Mapping
    • Metasploit
    • Guidelines for Scanning Networks
  • Modul 10

    Enumerate Targets

    • Enumeration
    • Windows Host Enumeration
    • Linux Host Enumeration
    • Service and Application Enumeration
    • Network Shares
    • Null Sessions
  • Modul 11

    Scan for Vulnerabilities

    • Vulnerability Scans
    • Credentialed and Non-Credentialed Scans
    • Web Server and Database Vulnerability Scans
    • Network Device Vulnerability Scans
    • Firewall Vulnerability Scans
    • Container Security Issues
  • Modul 12

    Analyze Basic Scripts

    • Scripting and Pen Tests
    • Python
    • Substitution
    • Common Operations
    • Logic, Flow Control, and Looping
    • Input/Output
    • Error Handling
  • Modul 13

    Analyze Vulnerability Scan Results

    • Introduction: Analyze Vulnerability Scan Results
    • Adjudication
  • Modul 14

    Leverage Information to Prepare for Exploitation

    • Vulnerability Mapping
    • Exploits and Payloads
    • Exploit Modification
    • Task Completion Through Social Engineering
    • Rainbow Table Attacks
  • Modul 15

    Exploit Network-Based Vulnerabilities

    • Exploit Network-Based Vulnerabilities
    • ARP Poisoning
    • TCP Session Hijacking
    • Man-in-the-Middle Attacks
    • SNMP Exploits
    • FTP Exploits
    • Name Resolution Exploits
    • Pass the Hash Attacks
    • Stress Testing
    • NAC Bypass Attacks
  • Modul 16

    Exploit Wireless and RF-based Vulnerabilities

    • Commonalities Among Wireless and RF-Based Vulnerabilities
    • Fragmentation Attacks
    • Wireless Sniffing and Eavesdropping
    • WPS Attacks
    • Bluesnarfing
  • Modul 17

    Exploit Specialized Systems

    • Mobile Devices
    • Embedded Systems
    • Point of Sale Systems
  • Modul 18

    Exploit Windows-Based Vulnerabilities

    • Exploit Windows-Based Vulnerabilities
    • Frequently Exploited Windows Features
    • Password Cracking in Windows
    • Password Cracking Options
    • Password Cracking Tools
    • Windows Service and Protocol Configurations
    • Windows File Systems
    • Windows Kernel Vulnerabilities
    • Privilege Escalation in Windows
    • Memory Vulnerabilities
    • Default Accounts in Windows
    • Default Configurations in Windows
    • Sandbox Escapes
  • Modul 19

    Exploit *nix-Based Vulnerabilities

    • Commonalities Among *nix-Based Vulnerabilities
    • Password Cracking in Linux
    • Linux Service and Protocol Configurations
    • Linux Permissions
    • Sensitive Linux Files
    • Default Accounts in Linux
    • Android Vulnerabilities
    • Apple macOS and iOS Vulnerabilities
    • Guidelines for Exploiting *nix-Based Vulnerabilities
  • Modul 20

    Exploit Web Application Vulnerabilities

    • Exploit Web Application Vulnerabilities
    • Authentication Attacks
    • Injection Attacks
    • HTML Injection
    • Cross-Site Request Forgery Attacks
    • File Inclusion Attacks
    • Guidelines for Exploiting Web Application Vulnerabilities
  • Modul 21

    Test Source Code and Compiled Apps

    • Static Code Analysis
    • Reverse Engineering
    • Disassembly and Debugging
  • Modul 22

    Use Lateral Movement Techniques

    • Use Lateral Movement Techniques
    • Lateral Movement with Remote Management Services
    • Tools that Enable Pivoting
  • Modul 23

    Use Persistence Techniques

    • Persistence
    • Backdoors
    • Netcat
    • Services and Daemons
  • Modul 24

    Use Anti-forensic Techniques

    • Anti-Forensics
    • Covering Your Tracks
    • Guidelines for Using Anti-Forensics Techniques
  • Modul 25

    Analyze Pen Test Data

    • Analyze Pen Test Data
  • Modul 26

    Develop Recommendations for Mitigation Strategies

    • Suggested Solutions Regarding People
    • Suggested Solutions Regarding Technology
    • End-User Training
    • Parameterized Queries
    • Secure Software Development
  • Modul 27

    Write and Handle Reports

    • Data Normalization
    • Risk Appetite
    • Report Handling
  • Modul 28

    Conduct Post-Report-Delivery Activities

    • Post-Engagement Cleanup Tasks
    • Client Acceptance
    • Lessons Learned

Level Mahir
B032021 Siswa
6 Sep. 2021 - 30 Sep. 2021

Kategori

PenTesting Security