CompTIA PenTest+: PT0-002: CompTIA PenTest+
Certification Exam:
- 16 Courses | 21h 27m 53s
- 2 Books | 17h 51m
- Includes Lab
- Includes Test Prep
- 10 Courses | 13h 54m 39s
Prepare to become PenTest+ certified by acquiring knowledge in penetration testing and vulnerability management.
GETTING STARTED
CompTIA PenTest+: Governance, Risk, & Compliance
-
1m 9s
-
7m 28s
COURSES INCLUDED
CompTIA PenTest+: Scoping & Engagement
Penetration testing is a coordinated and simulated cyberattack used to evaluate the security of a computer system or computer network. The initial and critical planning phase of penetration testing is key to a successful engagement process. In this course, you'll explore the fundamentals of penetration testing, including a comparison of governance, risk, and compliance concepts. You'll examine legal concepts such as service level agreements, statements of work, non-disclosure agreements, and master service agreements. You'll learn the importance of scoping and organizational and customer requirements, including common standards and methodologies, rules of engagement, environmental considerations, target list definition, and scope of the engagement validation. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
15 videos |
1h 23m
Assessment
Badge
CompTIA PenTest+: Professionalism & Integrity
Penetration testers must be ethical in order to avoid any illegal activities and to best serve clients. In this course, you'll learn how to develop and demonstrate an ethical hacking mindset by maintaining integrity and professionalism during penetration testing exercises. You'll explore the importance of performing background checks on penetration testing team members and adhering to the scope of engagement. You'll then examine how to identify, handle, and report on security breaches and potential findings of a criminal nature. You'll learn how to limit the use of tools for a particular engagement and invasiveness based on scope. Lastly, you'll learn the importance of maintaining data and information confidentiality of data and information and explore risks to penetration testing team members. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
10 videos |
1h 8m
Assessment
Badge
CompTIA PenTest+: Passive Reconnaissance
One of the main responsibilities of a penetration tester is to gather information by way of reconnaissance. Simply put, reconnaissance is the process of collecting as much information as possible about a target. In this course, you'll learn how to gather information using various passive reconnaissance techniques such as DNS lookups, cryptographic flaws, and social media scraping. You'll learn how to differentiate between cloud and self-hosted reconnaissance and examine valuable data found in password dumps, metadata, and public source-code repositories. You'll also explore how to use open source intelligence techniques, tools, and sources to exploit weaknesses and gather intelligence. This course will help prepare learners for the CompTIA PenTest+ PT0-002 certification exam.
11 videos |
1h 18m
Assessment
Badge
CompTIA PenTest+: Active Reconnaissance
Active reconnaissance requires a penetration tester to engage and interact with the targeted system to gather information and identify vulnerabilities. To do this, penetration testers can use several different methods including automated scanning and manual testing techniques. In this course, you'll learn how to use active reconnaissance techniques such as enumeration and web site reconnaissance, which are commonly used to gather intelligence about hosts, services, and web sites. You'll also learn about packet crafting, tokens, wardriving, network traffic, active fingerprinting, and defense detection and avoidance techniques. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
13 videos |
1h 14m
Assessment
Badge
CompTIA PenTest+: Vulnerability Scanning
Vulnerability scanning is a process used to assess systems for known weaknesses. In this course, you'll learn how to configure vulnerability scanner settings and scan targets for vulnerabilities. You'll explore the different types of scanning methods, as well as vulnerability testing tools and common scanning themes. Next, you'll learn how to perform a scan analysis. You'll also examine the Nmap utility, which is designed to discover hosts and services on a computer network. You'll move on to explore Nmap Scripting Engine scripts and the numerous switches included in the Nmap utility that can helpful in penetration testing. Lastly, you'll learn about vulnerability testing tools that can help facilitate automation. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
14 videos |
1h 30m
Assessment
Badge
CompTIA PenTest+: Network Attacks & Exploits
Network attacks are commonly performed to gain unauthorized access to an organization's network, with a goal of performing malicious activity or stealing data. In this course, you'll learn how to research attack vectors and perform network attacks. You'll learn about password attacks such as password spraying, hash cracking, brute force, and dictionary. You'll explore how to perform common network attacks such as ARP poisoning, on-path, kerberoasting, virtual local area network hopping, as well as Link-Local Multicast Name Resolution and NetBIOS Name Service poisoning. Finally, you'll explore common network attack tools such as Metasploit, Netcat, and Nmap. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
19 videos |
2h 6m
Assessment
Badge
CompTIA PenTest+: Wireless Attacks
The goal of a wireless network attack is generally to capture information sent across the network. In this course, you'll learn how to research attack vectors and perform wireless attacks. You'll explore common wireless network attack methods including eavesdropping, data modification, data corruption, relay attacks, spoofing, jamming, on-path, and capture handshakes. You'll then learn about common network attacks such as evil twin, bluejacking, bluesnarfing, radio-frequency identification cloning, amplification attacks, and Wi-Fi protected setup PIN attacks. Lastly, you'll discover how to use aircrack-ng suite and amplified antenna wireless network attack tools. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
13 videos |
1h 4m
Assessment
Badge
CompTIA PenTest+: Application-based Attacks
Application-based attacks are designed to deliberately cause a fault in a computer's operating system or applications. In this course, you'll learn how to research attack vectors and perform application-based attacks. You'll explore the benefits of the OWASP Top 10 standard awareness document, which is used to present the most critical security risks to web applications. You'll examine application-based attacks such as server-side request forgery, business logic flaws, and injection attacks. You'll move on to learn about application vulnerabilities such as race conditions, lack of code signing, and session attacks, as well as the characteristics of API attacks such as Restful, Soap, and Extensible Markup Language-Remote Procedure Call. Lastly, you'll learn about application-based attack tools and resources. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
15 videos |
1h 24m
Assessment
Badge
CompTIA PenTest+: Attacks on Cloud Technologies
Penetration testers need to account for all types of systems available in an environment. In addition to servers and network appliances, this can also include cloud-based systems. In this course, you'll learn how to research attack vectors and perform attacks on cloud technologies. You'll explore common cloud-based attacks, such as credential harvesting, privilege escalation, and account takeovers. You'll learn how to identify misconfigured cloud assets, including identity and access management and containerization technologies. You'll move on to explore how cloud malware injection, denial of service, and side-channel attacks can exploit a system. Lastly, you'll learn about common cloud tools such as the software development kit. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
13 videos |
1h 13m
Assessment
Badge
CompTIA PenTest+: Attacks on Specialized Systems
Specialized systems by nature can be very challenging for penetration testers. They can use proprietary operating systems and file systems, and may require advanced reverse engineering and sandbox analysis. However, specialized systems are also very susceptible when it comes to weaknesses and vulnerabilities. In this course, you'll learn how to identify common attacks and vulnerabilities against specialized systems, including mobile systems and Internet of Things devices. You'll also explore common vulnerabilities, including data storage system vulnerabilities, management interface vulnerabilities, vulnerabilities related to virtual environments, and vulnerabilities related to containerized workloads. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
11 videos |
1h 14m
Assessment
Badge
CompTIA PenTest+: Social Engineering Attacks
Social engineering involves the psychological manipulation of people and it's used to trick them into divulging information or performing certain actions. In this course, you'll learn how social engineering attacks are performed and how they can be used by attackers. You'll explore the pretext for a social engineering approach, as well as various social engineering attacks such as e-mail phishing, vishing, short message service, phishing, universal serial bus drop key, and watering hole. You'll then learn about tailgating, dumpster diving, shoulder surfing, and badge cloning physical attack methods. Lastly, you'll examine social engineering impersonation techniques, methods of influence, and tools. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
15 videos |
1h 50m
Assessment
Badge
CompTIA PenTest+: Post-Exploitation Techniques
Cybercriminals use post-exploitation techniques to maintain a level of access while they attempt to perform other actions during an open session. In this course, you'll learn about post-exploitation techniques and tools. You'll explore common post-exploitation tools such as Empire, Mimikatz, and BloodHound. Next, you'll examine post-exploitation techniques such as lateral movement, privilege escalation, and upgrading a restrictive shell. You'll learn techniques used to maintain foothold and persistence using trojans, backdoors, and daemons. Finally, you'll learn detection avoidance techniques, as well as enumeration techniques used to extract users, groups, forests, sensitive data, and unencrypted files. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
12 videos |
1h 5m
Assessment
Badge
CompTIA PenTest+: Written Reports
A final written report is prepared by a penetration tester or testing team to document all findings and recommendations for the client once the engagement has completed. In this course, you'll learn the critical components of a written report, as well as the importance of communication during the penetration testing process. You'll explore how to analyze and report on findings, and how to securely distribute of the final product. Next, you'll examine common content to include in a written report such as an executive summary, scope details, methodology, findings, and conclusion. Lastly, you'll learn the steps required to properly analyze the findings and recommend the appropriate remediation within a report. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
10 videos |
1h 21m
Assessment
Badge
CompTIA PenTest+: Communication & Post-Report Activities
During penetration testing, tester activities can leave behind remnants that may alter a system. Any action performed during testing should be clearly documented. Upon completion of testing, penetration testers should perform a series of post-report delivery activities that include removing shells, removing tester created credentials, and removing any penetration testing tools. In this course, you'll explore post-report delivery activities such as post-engagement cleanup, client acceptance, lessons learned, attestation of findings, as well as data destruction processes and best practices. You'll also learn the importance of communication during the penetration testing process. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
11 videos |
45m
Assessment
Badge
CompTIA PenTest+: Analyzing Tool & Script Output
Scripting languages can be used by penetration testers to help automate the execution of common tasks and increase the depth and scope of testing coverage. In this course, you'll learn the basic concepts of scripting and software development. Explore logic constructs concepts such as loops and conditionals, as well as the following operators; Boolean, string, and arithmetic. Discover other basic concepts of scripting including data structures, libraries, classes, procedures, and functions. You then explore how to analyze a script or code sample for use in a penetration test. Discover shells, programming languages, and exploit codes, and learn how to identify opportunities for automation. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
12 videos |
1h 9m
Assessment
Badge
CompTIA PenTest+: Penetration Testing Tools
A penetration tester's toolkit should include a wide range of tools and may vary based on the penetration testing engagement requirements. In this course, you'll explore use cases of tools required during the different phases of a penetration test. You'll examine scanner tools such as Nikto, SQLmap, and WPScan, as well as credential testing tools and debuggers. You'll learn about open-source intelligence tools, as well as wireless and networking tools such as Wireshark. Next, you'll explore web application, social engineering, remote access tools, and other miscellaneous tools. Lastly, you'll learn about common steganography tools and cloud tools. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
16 videos |
1h 36m
Assessment
Badge
SHOW MORE
FREE ACCESS
COURSES INCLUDED
CompTIA PenTest+: Governance, Risk, & Compliance
Penetration testing (pen testing) is often a multi-step process involving many parties. It is important for testers to recognize the importance of scoping, as well as the organizational and customer requirements and demands. In this course, you will explore common pre-engagement activities for penetration testers, including scope definition, regulations such as the Payment Card Industry Data Security Standard (PCI DSS) and General Data Protection Regulation (GDPR), frameworks and standards, and rules of engagement. Then you will examine target selection, assessment types, and agreement types, like Terms of Service (ToS), service-level, and confidentiality and nondisclosure. Next, you will discover key elements of the shared responsibility model. Finally, investigate legal and ethical considerations including authorization letters, mandatory reporting requirements, and risk to the penetration tester. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-003) certification exam.
14 videos |
1h 20m
Assessment
Badge
CompTIA PenTest+: Collaboration & Communication Activities
Penetration testers not only have to be technically versed, but they need to be good communicators who can work well with teammates, customers, and stakeholders. In this course, explore the importance of having pre and post-engagement materials peer-reviewed by team members, stakeholder alignment and feedback usefulness, and root cause analysis benefits. Next, discover how an escalation path helps teams mitigate and solve problems and the importance of articulating the potential risks, severity, and impacts of vulnerabilities and testing exercises. Finally, learn about the role of a business impact analysis (BIA) in penetration testing and ways to build client trust and acceptance before, during, and after engagement. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-003) certification exam.
11 videos |
57m
Assessment
Badge
CompTIA PenTest+: Testing Frameworks & Methodologies
Organizations need to be aware of the guidelines and tools for conducting penetration tests. There are many penetration testing (pen testing) frameworks and methodologies that are helpful and, in this course, you'll compare and contrast these different options. First, explore common frameworks including Open Source Security Testing Methodology Manual (OSSTMM), Council of Registered Ethical Security Testers (CREST), Penetration Testing Execution Standard (PTES), MITRE ATT&CK, and OWASP Mobile Application Security Verification Standard (MASVS). Additionally, discover threat modeling frameworks including Damage potential, Reproducibility, Exploitability, Affected users, Discoverability (DREAD), Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege (STRIDE), and Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE). This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-003) certification exam.
13 videos |
1h 11m
Badge
CompTIA PenTest+: Reporting & Remediation
Penetration testing (pen testing) is very technical in nature, and the results often require interpretation and detailed explanation when writing a final penetration testing report. These reports also often offer analysis of findings and appropriate remediation recommendations. In this course, explore the fundamentals of a penetration testing report, including format alignment, definitions, and risk scoring. Next, learn how to articulate test limitations, assumptions, and considerations in a final report and common elements and components to include in a report. Finally, explore technical and administrative remediation solutions, as well as operational and physical control solutions. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-003) certification exam.
11 videos |
59m
Badge
CompTIA PenTest+: Reconnaissance & Enumeration
Information gathering is a crucial phase in penetration testing (pen testing) where testers aim to collect as much data as possible about the target system or organization. This reconnaissance can be accomplished using various tools and techniques. In this course, you'll learn how to perform information gathering using passive and active reconnaissance. Discover how open-source intelligence (OSINT) gathered from social media, job boards, domain name systems, and password dumps can help with reconnaissance and how network reconnaissance is used to identify potential vulnerabilities in a computer network. Explore protocol scanning involving transmission control protocol (TCP) and user datagram protocol (UDP) and discover how to leverage certificate transparency logs during reconnaissance. Lastly, explore how to perform search engine analysis, network sniffing, banner grabbing, and website scraping. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-003) certification exam.
13 videos |
1h 59m
Assessment
Badge
CompTIA PenTest+: Applying Enumeration Techniques
Penetration testing enumeration is a critical phase in the process of assessing the security posture of a system or network. It involves systematically gathering information about the target environment to identify potential vulnerabilities and entry points for exploitation. In this course, explore enumeration techniques such as service discovery and protocol, DNS, and directory enumeration, as well as local user, email, and permission enumeration techniques. Next, learn about secrets enumeration, including cloud access keys, passwords, API keys, and session tokens, and discover how attack path mapping can gather information about a target. Finally, examine enumeration techniques involving web application firewalls (WAFs), web crawling processes, and manual enumeration. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-003) certification exam.
15 videos |
1h 24m
Assessment
Badge
CompTIA PenTest+: Using Scripts for Reconnaissance & Enumeration
Scripting languages can be used by pen testers to help automate the execution of common tasks. It can also be used to increase the depth and scope of testing coverage, while enabling testers to conduct efficient scans and analysis effectively. In this course, you'll learn the basic concepts of scripting and software development. Explore how scripting can play a role in data manipulation and information gathering processes and discover the basic concepts of logic constructs including loops, conditionals, Boolean operators, string operators, and arithmetic operators. Discover other basic concepts of scripting including libraries, classes, and functions. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-003) certification exam.
11 videos |
1h 11m
Assessment
Badge
CompTIA PenTest+: Enumeration & Reconnaissance Tools
For reconnaissance and enumeration during a pen test, you'll want to have a tool kit so you can gather information about the target network or system without raising suspicion. In this course, explore a multitude of tools used to collect, monitor, and analyze target systems, including Nmap, a powerful network scanner that can discover computer network hosts and services. Next, discover open-source tools such as the Wayback Machine, the Shodan search engine, and SpiderFoot, as well as common networking commands such as WHOIS, dig, and nslookup. Finally, learn how to find free resources online using OSINTframework.com and how to use Wireshark and Aircrack-ng when performing network reconnaissance. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-003) certification exam.
20 videos |
2h 9m
Assessment
Badge
CompTIA PenTest+: Prioritize & Prepare for Attacks
Prioritizing and preparing for penetration testing (pen testing) attacks involves several key steps to ensure a thorough and effective assessment of your system's security posture. In this course, explore target prioritization, capability selection steps, and various attack types. Next, learn how to use common tools to perform network attacks, including Metasploit, Netcat, Nmap, and Impacket. Finally, examine how to use the CrackMapExec tool, perform network analysis with Wireshark, generate custom payloads with MSFvenom, brute force passwords using Hydra, and perform poisoning attacks using Responder. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-003) certification exam.
14 videos |
2h 21m
Badge
CompTIA PenTest+: Moving Laterally Throughout the Environment
In a penetration testing (pen testing) context, moving laterally refers to the act of navigating from one system or network segment to another within a target organization's infrastructure after gaining initial access. In this course, explore techniques such as pivoting, SMB relaying, enumeration, and service discovery, as well as how they are used to move laterally once inside a compromised environment. Next, learn how to move laterally using both Windows Management Instrumentation (WMI) and Windows Remote Management (WinRM). Finally, compare the tools used to facilitate lateral movement throughout a compromised network. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-003) certification exam.
9 videos |
47m
Assessment
Badge
CompTIA PenTest+: Cleanup & Restoration
Executing proper cleanup and restoration activities after penetration testing (pen testing) is critical for ensuring that the systems and networks return to a secure and functional state. In this course, you will explore why it is necessary to remove persistence mechanisms, revert changes, and remove user accounts and credentials during post-engagement cleanup. Next, you will discover the importance of removing tools during the cleanup and restoration phase and spinning down infrastructure and resources upon completing testing activities. Finally, you will learn how to ensure the preservation of evidence and the importance of securely destroying data during post-exploitation activities. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-003) certification exam.
9 videos |
43m
Badge
SHOW MORE
FREE ACCESS
EARN A DIGITAL BADGE WHEN YOU COMPLETE THESE COURSES
Skillsoft is providing you the opportunity to earn a digital badge upon successful completion on some of our courses, which can be shared on any social network or business platform.
Digital badges are yours to keep, forever.BOOKS INCLUDED
Book
CompTIA PenTest+ Study Guide: Exam PT0-002, 2nd EditionThis book deliver a comprehensive roadmap to the foundational and advanced skills every pentester (penetration tester) needs to secure their CompTIA PenTest+ certification.
9h 57m
By David Seidl, Mike Chapple
Book
CompTIA PenTest+ Certification All-in-One Exam Guide, Second Edition (Exam PT0-002)Written by expert penetration testers, the book provides learning objectives at the beginning of each chapter, hands-on exercises, exam tips, and practice questions with in-depth explanations.
7h 54m
By Heather Linn, Raymond Nutting
