CompTIA PenTest+ (PT0-002)
Buy our CompTIA Pentest+ training course to develop strong penetration testing skills and pass the PT0-002 exam to become a certified ethical hacker.
(PT0-002.AE1) / ISBN : 978-1-64459-375-2Über diesen Kurs
Our CompTIA Pentest+ PT0-002 study guide provides the foundational knowledge and practical insights every penetration tester needs to pass the exam, impress employers, and create a personalized portfolio. Learn how to perform vulnerability scans per the legal and regulatory requirements and produce written reports listing remediation strategies against cyber threats.
Fähigkeiten, die Sie erwerben werden
- Define the engagement's goals and limitations.
- Understand legal and ethical considerations for penetration testing.
- Conduct passive and active reconnaissance techniques to gather information about a target system.
- Utilize tools like dig, nslookup, Maltego, and Recon-ng for information gathering.
- Perform network enumeration using tools like Nmap and Zenmap.
- Configure and execute vulnerability scans using tools like Nessus and OpenVAS.
- Analyze and interpret vulnerability scan results to prioritize targets.
- Develop a workflow for vulnerability remediation.
- Conduct network attacks like ARP spoofing, XSS attacks, and DDoS attacks.
- Exploit vulnerabilities in Windows services like RDP, SMB, and SMTP.
- Perform social engineering attacks.
- Exploit vulnerabilities in web applications like SQL injection and Cross-Site Request Forgery (CSRF).
- Attack cloud technologies, mobile devices, IoT systems, and specialized systems.
- Understand the role of scripting in penetration testing.
- Learn basic scripting principles using Python and Bash shells.
- Automate tasks and enhance penetration testing workflows using scripts.
- Maintain persistence on compromised systems to conduct further exploration.
- Communicate technical information to both technical and non-technical audiences.
Holen Sie sich die Unterstützung, die Sie brauchen. Melden Sie sich für unseren Kurs mit Lehrer an.
Unterricht
13+ Unterricht | 401+ Übungen | 232+ Tests | 571+ Karteikarten | 457+ Glossar der Begriffe
Testvorbereitung
80+ Fragen vor der Beurteilung | 2+ Ausführliche Tests | 80+ Fragen nach der Bewertung | 160+ Testfragen zur Praxis
Praktische Übungen
42+ LiveLab | 40+ Videoanleitungen | 01:48+ Hours
Introduction
- CompTIA
- The PenTest+ Exam
- What Does This Course Cover?
- CompTIA PenTest+ Certification Exam Objectives
Penetration Testing
- What Is Penetration Testing?
- Reasons for Penetration Testing
- Who Performs Penetration Tests?
- The CompTIA Penetration Testing Process
- The Cyber Kill Chain
- Tools of the Trade
- Summary
- Exam Essentials
- Lab Exercises
Planning and Scoping Penetration Tests
- Scoping and Planning Engagements
- Penetration Testing Standards and Methodologies
- Key Legal Concepts for Penetration Tests
- Regulatory Compliance Considerations
- Summary
- Exam Essentials
- Lab Exercises
Information Gathering
- Footprinting and Enumeration
- Active Reconnaissance and Enumeration
- Information Gathering and Defenses
- Summary
- Exam Essentials
- Lab Exercises
Vulnerability Scanning
- Identifying Vulnerability Management Requirements
- Configuring and Executing Vulnerability Scans
- Software Security Testing
- Developing a Remediation Workflow
- Overcoming Barriers to Vulnerability Scanning
- Summary
- Exam Essentials
- Lab Exercises
Analyzing Vulnerability Scans
- Reviewing and Interpreting Scan Reports
- Validating Scan Results
- Common Vulnerabilities
- Summary
- Exam Essentials
- Lab Exercises
Exploiting and Pivoting
- Exploits and Attacks
- Exploitation Toolkits
- Exploit Specifics
- Leveraging Exploits
- Persistence and Evasion
- Pivoting
- Covering Your Tracks
- Summary
- Exam Essentials
- Lab Exercises
Exploiting Network Vulnerabilities
- Identifying Exploits
- Conducting Network Exploits
- Exploiting Windows Services
- Identifying and Exploiting Common Services
- Wireless Exploits
- Summary
- Exam Essentials
- Lab Exercises
Exploiting Physical and Social Vulnerabilities
- Physical Facility Penetration Testing
- Social Engineering
- Summary
- Exam Essentials
- Lab Exercises
Exploiting Application Vulnerabilities
- Exploiting Injection Vulnerabilities
- Exploiting Authentication Vulnerabilities
- Exploiting Authorization Vulnerabilities
- Exploiting Web Application Vulnerabilities
- Unsecure Coding Practices
- Steganography
- Application Testing Tools
- Summary
- Exam Essentials
- Lab Exercises
Attacking Hosts, Cloud Technologies, and Specialized Systems
- Attacking Hosts
- Credential Attacks and Testing Tools
- Remote Access
- Attacking Virtual Machines and Containers
- Attacking Cloud Technologies
- Attacking Mobile Devices
- Attacking IoT, ICS, Embedded Systems, and SCADA Devices
- Attacking Data Storage
- Summary
- Exam Essentials
- Lab Exercises
Reporting and Communication
- The Importance of Communication
- Recommending Mitigation Strategies
- Writing a Penetration Testing Report
- Wrapping Up the Engagement
- Summary
- Exam Essentials
- Lab Exercises
Scripting for Penetration Testing
- Scripting and Penetration Testing
- Variables, Arrays, and Substitutions
- Comparison Operations
- String Operations
- Flow Control
- Input and Output (I/O)
- Error Handling
- Advanced Data Structures
- Reusing Code
- The Role of Coding in Penetration Testing
- Summary
- Exam Essentials
- Lab Exercises
Information Gathering
- Verwenden der Befehle dig und nslookup
- Durchführen einer Zonenübertragung mit dig
- Mit Maltego Informationen sammeln
- Verwendung von Recon-ng zum Sammeln von Informationen
- Verwenden von Nmap für die Netzwerkaufzählung
- Aufklärung in einem Netzwerk durchführen
- Durchführen eines intensiven Scans in Zenmap
- Verwenden von Nmap für die Benutzeraufzählung
- Durchführen eines Nmap-UDP-Scans
- Durchführen eines Nmap-SYN-Scans
Vulnerability Scanning
- Durchführen von Schwachstellenscans mit Nessus
Analyzing Vulnerability Scans
- Grundlegendes zur Eskalation lokaler Berechtigungen
Exploiting and Pivoting
- Durchführen von Schwachstellenscans mit OpenVAS
- Suche nach Exploits mithilfe von searchsploit
- Verwendung von Meterpreter
- Verwenden des Taskplaners
- Den Pass-the-Hash-Angriff verstehen
- Verwendung des Metasploit RDP Post-Exploitation-Moduls
Exploiting Network Vulnerabilities
- Durchführen von ARP-Spoofing
- Conducting a Cross Site Scripting (XXS) attack
- Capturing Network Packets Using tcpdump
- Simulation des DDoS-Angriffs
- Verwendung des EternalBlue-Exploits in Metasploit
- SMB ausnutzen
- SMTP ausnutzen
- SNMP ausnutzen
Exploiting Physical and Social Vulnerabilities
- Verwenden des SET-Tools zum Planen eines Angriffs
- Verwendung von BeEF
Exploiting Application Vulnerabilities
- Exploiting Command Injection Vulnerabilities
- Ausnutzen einer Website mithilfe von SQL-Injection
- Durchführung eines Cross-Site-Request-Forgery-Angriffs
- Text mithilfe der Steganographie verbergen
- Mit OWASP ZAP
- Durchführen von Session Hijacking mit Burp Suite
Attacking Hosts, Cloud Technologies, and Specialized Systems
- Passwörter knacken
- Mit John the Ripper ein Linux-Passwort knacken
- Erstellen von Reverse- und Bind-Shells mit Netcat
Scripting for Penetration Testing
- Whitelisting einer IP-Adresse in der Windows-Firewall
- In Perl geschriebene Exploits anzeigen
- Anzeigen der Auswirkungen von feindlichem JavaScript im Browser
- Finden von Live-Hosts mithilfe des Ping-Sweeps in Python
- Schreiben eines Bash-Shell-Skripts
Haben Sie Fragen? Schauen Sie sich die FAQs an
Sie haben noch unbeantwortete Fragen und möchten Kontakt aufnehmen?
Kontaktiere uns jetztPenTest+ refers to the certification itself, offered by CompTIA, a trusted provider of IT certifications. Earning this certification demonstrates your competence in the ethical hacking methodology and the skills to effectively pen-test an environment.
PT0-002 is the current version of the PenTest+ exam. Exam versions are identified by codes, and PT0-002 signifies the latest iteration of the PenTest+ certification program. It focuses on the most up-to-date practices and tools used in penetration testing.
The CompTIA PenTest+ PT0-002 exam is the successor to the PT0-001 exam. While both assess an individual's skills in penetration testing, the PT0-002 focuses on the most up-to-date methodologies and techniques. PT0-002 is considered to be more challenging than PT0-001 due to the inclusion of more advanced topics and performance-based questions.
The cost of CompTIA Pentest+ varies, depending on the country & region. In the US, you can register for USD 404.