Special Notices

This course leads to a certification. Contact us for further information on exam vouchers.

This course is designed for IT professionals who want to develop penetration testing skills to enable them to identify information system vulnerabilities and effective remediation techniques for those vulnerabilities. In particular, students who also need practical recommendations for action to properly protect information systems and their contents. This course is also designed for individuals who are preparing to take the CompTIA PenTest+ certification exam PT0-001, or who plan to use the PenTest+ as the foundation for more advanced security certifications or career roles.

Before attending this course, you should have:

  • Network & Security Foundation or equivalent knowledge e.g. QAFCCS, QACYNETSEC
  • A minimum of 2-3 years of hands-on information security or related experience

You Will Learn How To:

  • Plan and scope penetration tests
  • Conduct passive reconnaissance
  • Perform non-technical tests to gather information
  • Conduct active reconnaissance
  • Analyse vulnerabilities
  • Penetrate networks
  • Exploit host-based vulnerabilities
  • Test applications
  • Complete post-exploit tasks

Planning and Scoping

  • Explain the importance of planning for an engagement
  • Explain key legal concepts.
  • Explain the importance of scoping an engagement properly.
  • Explain the key aspects of compliance-based assessments.

Information Gathering and Vulnerability Identification

  • Given a scenario, conduct information gathering using appropriate techniques
  • Given a scenario, perform a vulnerability scan.
  • Given a scenario, analyse vulnerability scan results
  • Explain the process of leveraging information to prepare for exploitation.
  • Explain weaknesses related to specialised systems

Attacks and Exploits

  • Compare and contrast social engineering attacks
  • Given a scenario, exploit network-based vulnerabilities
  • Given a scenario, exploit wireless and RF-based vulnerabilities
  • Given a scenario, exploit application-based vulnerabilities
  • Given a scenario, exploit local host vulnerabilities
  • Summarise physical security attacks related to facilities
  • Given a scenario, perform post-exploitation techniques

Penetration Testing Tools

  • Given a scenario, use Nmap to conduct information gathering exercises
  • Compare and contrast various use cases of tools
  • Given a scenario, analyse tool output or data related to a penetration test
  • Given a scenario, analyse a basic script (limited to Bash, Python, Ruby, and PowerShell)

Reporting and Communication

  • Given a scenario, use report writing and handling best practices
  • Explain post-report delivery activities
  • Given a scenario, recommend mitigation strategies for discovered vulnerabilities
  • Explain the importance of communication during the penetration testing process

Exam (Taken remotely post course)

  • CompTIA PenTest+ Exam
  • Number of Questions: Maximum of 110
  • Type of Questions: Multiple choice and performance based
  • Duration: 165 minutes