CompTIA-PT CompTIA PenTest+ E-Learning (PT0-002)

Volg de CompTIA PenTest+ E-learning bij Master IT! De CompTIA PenTest+ E-learning leert je de nieuwste mogelijkheden omtrent penetratietesten, kwetsbaarheidsbeoordeling en managementvaardigheden die essentieel zijn om systemen tegen aanvallen te beschermen.

Na afronding van deze training kun je onder andere:

• Uitleggen van key aspects van compliance-based assessments
• Uitvoeren van een kwetsbaarheid scan
• Analyseren van de resultaten van de kwetsbaarheidscan

De CompTIA PenTest+ E-learning leert je de nieuwste mogelijkheden omtrent penetratietesten, kwetsbaarheidsbeoordeling en managementvaardigheden die essentieel zijn om systemen tegen aanvallen te beschermen.Jouw CompTIA PenTest+ E-learning bevat: officieel lesmateriaal, Quizzes, een lab waarin je kan oefenen, Assessments, proefexamenvragen en videolessen.De PenTest+ e-learning training omvat alle doelstellingen van het CompTIA PenTest+ PT0-001-examen en leert je de basis van het penetratietesten. Je gaat onder andere in op planning, rapportage en scoping van een penetratietestbeoordeling, het begrijpen van wettelijke en nalevingsvereisten, het uitvoeren van penetratietesten en het scannen van kwetsbaarheden, het interpreteren van gegevens en het adequaat rapporteren van de resultaten.

Lesmethode

Ben je op zoek naar volledige zelfstudie? Wij bieden je de mogelijkheid om deze training volledig in jouw eigen tijd te volgen. Uiteraard met het officiële Engelstalige lesmateriaal waarmee je de juiste kennis opdoet.

Doelgroep

Iedereen die geavanceerde kennis op wil doen in informatiebeveiliging. Carrierekansen na deze training zijn:

• Penetration Tester
• Vulnerability Tester
• Network Security Operations
• Application Security Vulnerability
• Vulnerability Assessment Analyst

Iedereen die geavanceerde kennis op wil doen in informatiebeveiliging. Carrierekansen na deze training zijn:

• Penetration Tester
• Vulnerability Tester
• Network Security Operations
• Application Security Vulnerability
• Vulnerability Assessment Analyst

Voorkennis

Voor deze training heb je:

• Network+, Security+ of gelijkwaardige kennis.
• Minimaal 3-4 jaar hands-on informatiebeveiliging of aanverwante ervaring.

Voor deze training heb je:

• Network+, Security+ of gelijkwaardige kennis.
• Minimaal 3-4 jaar hands-on informatiebeveiliging of aanverwante ervaring.

Onderdelen

Het lesmateriaal van deze CompTIA training is zeer uitgebreid en aangevuld met extra materiaal, zoals een pre-assesment, flashcards en oefenexamens. Dit betekent dat je niet al het materiaal tijdens je lesdagen zult behandelen. Wil je je goed voorbereiden op het examen, dan is er veel extra materiaal beschikbaar zodat je je thuis optimaal kunt klaarmaken voor het examen.  Planning and Scoping - 15%SExplain the importance of planning for an engagement.    

• Understanding the target audience
• Rules of engagement
• Communication escalation path
• Resources and requirements
• Budget
• Impact analysis and remediation timelines
• Disclaimers
• Technical constraints
• Support resources

Explain key legal concepts.        

• Contracts
• Environmental differences
• Written authorization

Explain the importance of scoping an engagement properly.           

• Types of assessment
• Special scoping considerations
• Target selection
• Strategy
• Risk acceptance
• Tolerance to impact
• Scheduling
• Scope creep
• Threat actors

Explain the key aspects of compliance-based assessments.    

• Compliance-based assessments, limitations and caveats
• Clearly defined objectives based on regulations

Information Gathering and Vulnerability Identification - 22%Given a scenario, conduct information gathering using appropriate techniques.             

• Scanning
• Enumeration
• Packet crafting
• Packet inspection
• Fingerprinting
• Cryptography
• Eavesdropping
• Decompilation
• Debugging
• Open Source Intelligence Gathering

Given a scenario, perform a vulnerability scan.

• Credentialed vs. non-credentialed
• Types of scans
• Container securit
• Application scan
• Considerations of vulnerability scanning

Given a scenario, analyze vulnerability scan results.            

• Asset categorization
• Adjudication
• Prioritization of vulnerabilities
• Common themes

Explain the process of leveraging information to prepare for exploitation.           

• Map vulnerabilities to potential exploits
• Prioritize activities in preparation for penetration test
• Describe common techniques to complete attack

Explain weaknesses related to specialized systems.            

• ICS
• SCADA
• Mobile
• IoT
• Embedded
• Point-of-sale system
• Biometrics
• Application containers
• RTOS

Attacks and Exploits - 30%Compare and contrast social engineering attacks.            

• Phishing
• Elicitation
• Interrogation
• Impersonation
• Shoulder surfing
• USB key drop
• Motivation techniques
• Pass the hash
• Man-in-the-middle
• DoS/stress test
• NAC bypass
• VLAN hopping

Given a scenario, exploit wireless and RF-based vulnerabilities. 

• Evil twin
• Deauthentication attacks
• Fragmentation attacks
• Credential harvesting
• WPS implementation weakness
• Bluejacking
• Bluesnarfing
• RFID cloning
• Jamming
• Repeating

Given a scenario, exploit application-based vulnerabilities. 

• Injections
• Authentication
• Authorization
• Cross-site scripting (XSS)
• Cross-site request forgery (CSRF/XSRF)
• Clickjacking
• Security misconfiguration
• File inclusion
• Unsecure code practices

Given a scenario, exploit local host vulnerabilities.            

• OS vulnerabilities
• Unsecure service and protocol configurations
• Privilege escalation
• Default account settings
• Sandbox escape
• Physical device security

Summarize physical security attacks related to facilities.           

• Piggybacking/tailgating
• Fence jumping
• Dumpster diving
• Lock picking
• Lock bypass
• Egress sensor
• Badge cloning

Given a scenario, perform post-exploitation techniques.       

• Lateral movement
• Persistence
• Covering your tracks

Penetration Testing Tools - 17%Given a scenario, use Nmap to conduct information gathering exercises.      

• SYN scan (-sS) vs. full connect scan (-sT)
• Port selection (-p)
• Service identification (-sV)
• OS fingerprinting (-O)
• Disabling ping (-Pn)
• Target input file (-iL)
• Timing (-T)
• Output parameters

Compare and contrast various use cases of tools.            

• Use cases
• Tools

Given a scenario, analyze tool output or data related to a penetration test.   

• Password cracking
• Pass the hash
• Setting up a bind shell
• Getting a reverse shell
• Proxying a connection
• Uploading a web shell
• Injections

Given a scenario, analyze a basic script (limited to Bash, Python, Ruby, and PowerShell).   

• Logic
• I/O
• Substitutions
• Variables
• Common operations
• Error handling
• Arrays
• Encoding/decoding

Reporting and Communication - 16%Given a scenario, use report writing and handling best practices.          

• Normalization of data
• Written report of findings and remediation
• Risk appetite
• Storage time for report
• Secure handling and disposition of reports

Explain post-report delivery activities.  

• Post-engagement cleanup
• Client acceptance
• Lessons learned
• Follow-up actions/retest
• Attestation of findings

Given a scenario, recommend mitigation strategies for discovered vulnerabilities.   

• Solutions
• Findings
• Remediation

Explain the importance of communication during the penetration testing process.      

• Communication path
• Communication triggers
• Reasons for communication
• Goal reprioritization

Het lesmateriaal van deze CompTIA training is zeer uitgebreid en aangevuld met extra materiaal, zoals een pre-assesment, flashcards en oefenexamens. Dit betekent dat je niet al het materiaal tijdens je lesdagen zult behandelen. Wil je je goed voorbereiden op het examen, dan is er veel extra materiaal beschikbaar zodat je je thuis optimaal kunt klaarmaken voor het examen.  Planning and Scoping - 15%SExplain the importance of planning for an engagement.    

• Understanding the target audience
• Rules of engagement
• Communication escalation path
• Resources and requirements
• Budget
• Impact analysis and remediation timelines
• Disclaimers
• Technical constraints
• Support resources

Explain key legal concepts.        

• Contracts
• Environmental differences
• Written authorization

Explain the importance of scoping an engagement properly.           

• Types of assessment
• Special scoping considerations
• Target selection
• Strategy
• Risk acceptance
• Tolerance to impact
• Scheduling
• Scope creep
• Threat actors

Explain the key aspects of compliance-based assessments.    

• Compliance-based assessments, limitations and caveats
• Clearly defined objectives based on regulations

Information Gathering and Vulnerability Identification - 22%Given a scenario, conduct information gathering using appropriate techniques.             

• Scanning
• Enumeration
• Packet crafting
• Packet inspection
• Fingerprinting
• Cryptography
• Eavesdropping
• Decompilation
• Debugging
• Open Source Intelligence Gathering

Given a scenario, perform a vulnerability scan.

• Credentialed vs. non-credentialed
• Types of scans
• Container securit
• Application scan
• Considerations of vulnerability scanning

Given a scenario, analyze vulnerability scan results.            

• Asset categorization
• Adjudication
• Prioritization of vulnerabilities
• Common themes

Explain the process of leveraging information to prepare for exploitation.           

• Map vulnerabilities to potential exploits
• Prioritize activities in preparation for penetration test
• Describe common techniques to complete attack

Explain weaknesses related to specialized systems.            

• ICS
• SCADA
• Mobile
• IoT
• Embedded
• Point-of-sale system
• Biometrics
• Application containers
• RTOS

Attacks and Exploits - 30%Compare and contrast social engineering attacks.            

• Phishing
• Elicitation
• Interrogation
• Impersonation
• Shoulder surfing
• USB key drop
• Motivation techniques
• Pass the hash
• Man-in-the-middle
• DoS/stress test
• NAC bypass
• VLAN hopping

Given a scenario, exploit wireless and RF-based vulnerabilities. 

• Evil twin
• Deauthentication attacks
• Fragmentation attacks
• Credential harvesting
• WPS implementation weakness
• Bluejacking
• Bluesnarfing
• RFID cloning
• Jamming
• Repeating

Given a scenario, exploit application-based vulnerabilities. 

• Injections
• Authentication
• Authorization
• Cross-site scripting (XSS)
• Cross-site request forgery (CSRF/XSRF)
• Clickjacking
• Security misconfiguration
• File inclusion
• Unsecure code practices

Given a scenario, exploit local host vulnerabilities.            

• OS vulnerabilities
• Unsecure service and protocol configurations
• Privilege escalation
• Default account settings
• Sandbox escape
• Physical device security

Summarize physical security attacks related to facilities.           

• Piggybacking/tailgating
• Fence jumping
• Dumpster diving
• Lock picking
• Lock bypass
• Egress sensor
• Badge cloning

Given a scenario, perform post-exploitation techniques.       

• Lateral movement
• Persistence
• Covering your tracks

Penetration Testing Tools - 17%Given a scenario, use Nmap to conduct information gathering exercises.      

• SYN scan (-sS) vs. full connect scan (-sT)
• Port selection (-p)
• Service identification (-sV)
• OS fingerprinting (-O)
• Disabling ping (-Pn)
• Target input file (-iL)
• Timing (-T)
• Output parameters

Compare and contrast various use cases of tools.            

• Use cases
• Tools

Given a scenario, analyze tool output or data related to a penetration test.   

• Password cracking
• Pass the hash
• Setting up a bind shell
• Getting a reverse shell
• Proxying a connection
• Uploading a web shell
• Injections

Given a scenario, analyze a basic script (limited to Bash, Python, Ruby, and PowerShell).   

• Logic
• I/O
• Substitutions
• Variables
• Common operations
• Error handling
• Arrays
• Encoding/decoding

Reporting and Communication - 16%Given a scenario, use report writing and handling best practices.          

• Normalization of data
• Written report of findings and remediation
• Risk appetite
• Storage time for report
• Secure handling and disposition of reports

Explain post-report delivery activities.  

• Post-engagement cleanup
• Client acceptance
• Lessons learned
• Follow-up actions/retest
• Attestation of findings

Given a scenario, recommend mitigation strategies for discovered vulnerabilities.   

• Solutions
• Findings
• Remediation

Explain the importance of communication during the penetration testing process.      

• Communication path
• Communication triggers
• Reasons for communication
• Goal reprioritization