CompTIA

CompTIA PenTest+ (PT0-002)

Buy our CompTIA Pentest+ training course to develop strong penetration testing skills and pass the PT0-002 exam to become a certified ethical hacker.

(PT0-002.AE1) / ISBN : 978-1-64459-375-2
Lessons
Lab
TestPrep
AI Tutor (Add-on)
Instructor-Led (Add-on)
Get A Free Trial

About This Course

Our CompTIA Pentest+ PT0-002 study guide provides the foundational knowledge and practical insights every penetration tester needs to pass the exam, impress employers, and create a personalized portfolio. Learn how to perform vulnerability scans per the legal and regulatory requirements and produce written reports listing remediation strategies against cyber threats.

Skills You’ll Get

  • Define the engagement's goals and limitations.
  • Understand legal and ethical considerations for penetration testing.
  • Conduct passive and active reconnaissance techniques to gather information about a target system.
  • Utilize tools like dig, nslookup, Maltego, and Recon-ng for information gathering.
  • Perform network enumeration using tools like Nmap and Zenmap.
  • Configure and execute vulnerability scans using tools like Nessus and OpenVAS.
  • Analyze and interpret vulnerability scan results to prioritize targets.
  • Develop a workflow for vulnerability remediation.
  • Conduct network attacks like ARP spoofing, XSS attacks, and DDoS attacks.
  • Exploit vulnerabilities in Windows services like RDP, SMB, and SMTP.
  • Perform social engineering attacks.
  • Exploit vulnerabilities in web applications like SQL injection and Cross-Site Request Forgery (CSRF).
  • Attack cloud technologies, mobile devices, IoT systems, and specialized systems.
  • Understand the role of scripting in penetration testing.
  • Learn basic scripting principles using Python and Bash shells.
  • Automate tasks and enhance penetration testing workflows using scripts.
  • Maintain persistence on compromised systems to conduct further exploration.
  • Communicate technical information to both technical and non-technical audiences.

Get the support you need. Enroll in our Instructor-Led Course.

Download Course Outline

1

Introduction

  • CompTIA
  • The PenTest+ Exam
  • What Does This Course Cover?
  • CompTIA PenTest+ Certification Exam Objectives
2

Penetration Testing

  • What Is Penetration Testing?
  • Reasons for Penetration Testing
  • Who Performs Penetration Tests?
  • The CompTIA Penetration Testing Process
  • The Cyber Kill Chain
  • Tools of the Trade
  • Summary
  • Exam Essentials
  • Lab Exercises
3

Planning and Scoping Penetration Tests

  • Scoping and Planning Engagements
  • Penetration Testing Standards and Methodologies
  • Key Legal Concepts for Penetration Tests
  • Regulatory Compliance Considerations
  • Summary
  • Exam Essentials
  • Lab Exercises
4

Information Gathering

  • Footprinting and Enumeration
  • Active Reconnaissance and Enumeration
  • Information Gathering and Defenses
  • Summary
  • Exam Essentials
  • Lab Exercises
5

Vulnerability Scanning

  • Identifying Vulnerability Management Requirements
  • Configuring and Executing Vulnerability Scans
  • Software Security Testing
  • Developing a Remediation Workflow
  • Overcoming Barriers to Vulnerability Scanning
  • Summary
  • Exam Essentials
  • Lab Exercises
6

Analyzing Vulnerability Scans

  • Reviewing and Interpreting Scan Reports
  • Validating Scan Results
  • Common Vulnerabilities
  • Summary
  • Exam Essentials
  • Lab Exercises
7

Exploiting and Pivoting

  • Exploits and Attacks
  • Exploitation Toolkits
  • Exploit Specifics
  • Leveraging Exploits
  • Persistence and Evasion
  • Pivoting
  • Covering Your Tracks
  • Summary
  • Exam Essentials
  • Lab Exercises
8

Exploiting Network Vulnerabilities

  • Identifying Exploits
  • Conducting Network Exploits
  • Exploiting Windows Services
  • Identifying and Exploiting Common Services
  • Wireless Exploits
  • Summary
  • Exam Essentials
  • Lab Exercises
9

Exploiting Physical and Social Vulnerabilities

  • Physical Facility Penetration Testing
  • Social Engineering
  • Summary
  • Exam Essentials
  • Lab Exercises
10

Exploiting Application Vulnerabilities

  • Exploiting Injection Vulnerabilities
  • Exploiting Authentication Vulnerabilities
  • Exploiting Authorization Vulnerabilities
  • Exploiting Web Application Vulnerabilities
  • Unsecure Coding Practices
  • Steganography
  • Application Testing Tools
  • Summary
  • Exam Essentials
  • Lab Exercises
11

Attacking Hosts, Cloud Technologies, and Specialized Systems

  • Attacking Hosts
  • Credential Attacks and Testing Tools
  • Remote Access
  • Attacking Virtual Machines and Containers
  • Attacking Cloud Technologies
  • Attacking Mobile Devices
  • Attacking IoT, ICS, Embedded Systems, and SCADA Devices
  • Attacking Data Storage
  • Summary
  • Exam Essentials
  • Lab Exercises
12

Reporting and Communication

  • The Importance of Communication
  • Recommending Mitigation Strategies
  • Writing a Penetration Testing Report
  • Wrapping Up the Engagement
  • Summary
  • Exam Essentials
  • Lab Exercises
13

Scripting for Penetration Testing

  • Scripting and Penetration Testing
  • Variables, Arrays, and Substitutions
  • Comparison Operations
  • String Operations
  • Flow Control
  • Input and Output (I/O)
  • Error Handling
  • Advanced Data Structures
  • Reusing Code
  • The Role of Coding in Penetration Testing
  • Summary
  • Exam Essentials
  • Lab Exercises

1

Information Gathering

  • Using dig and nslookup Commands
  • Performing Zone Transfer Using dig
  • Using Maltego to Gather Information
  • Using Recon-ng to Gather Information
  • Using Nmap for Network Enumeration
  • Performing Reconnaissance on a Network
  • Performing a Scan in Zenmap
  • Using Nmap for User Enumeration
  • Performing a UDP Scan Using Nmap
  • Performing Nmap SYN Scan
2

Vulnerability Scanning

  • Conducting Vulnerability Scanning Using Nessus
3

Analyzing Vulnerability Scans

  • Understanding Local Privilege Escalation
4

Exploiting and Pivoting

  • Performing Vulnerability Scanning Using OpenVAS
  • Searching Exploits Using searchsploit
  • Using Meterpreter to Display the System Information
  • Using the Task Scheduler
  • Understanding the Pass-the-hash Attack
  • Using the Metasploit RDP Post-Exploitation Module
5

Exploiting Network Vulnerabilities

  • Performing ARP Spoofing
  • Conducting a Cross Site Scripting (XXS) attack
  • Capturing Network Packets Using tcpdump
  • Simulating the DDoS Attack
  • Using the EternalBlue Exploit in Metasploit
  • Exploiting SMB
  • Exploiting SMTP
  • Exploiting SNMP
6

Exploiting Physical and Social Vulnerabilities

  • Using SET Tool to Plan an Attack
  • Using BeEF
7

Exploiting Application Vulnerabilities

  • Exploiting Command Injection Vulnerabilities
  • Exploiting a Website Using SQL Injection
  • Conducting a Cross-Site Request Forgery Attack
  • Hiding Text Using Steganography
  • Using OWASP ZAP
  • Performing Session Hijacking Using Burp Suite
8

Attacking Hosts, Cloud Technologies, and Specialized Systems

  • Cracking Passwords
  • Cracking a Linux Password Using John the Ripper
  • Creating Reverse and Bind Shells Using Netcat
9

Scripting for Penetration Testing

  • Whitelisting an IP Address in the Windows Firewall
  • Viewing Exploits Written in Perl
  • Viewing the Effects of Hostile JavaScript in the Browser
  • Finding Live Hosts by Using the Ping Sweep in Python
  • Writing Bash Shell Script

Any questions?
Check out the FAQs

Still have unanswered questions and need to get in touch?

Contact Us Now

PenTest+ refers to the certification itself, offered by CompTIA, a trusted provider of IT certifications. Earning this certification demonstrates your competence in the ethical hacking methodology and the skills to effectively pen-test an environment.

PT0-002 is the current version of the PenTest+ exam. Exam versions are identified by codes, and PT0-002 signifies the latest iteration of the PenTest+ certification program. It focuses on the most up-to-date practices and tools used in penetration testing.

The CompTIA PenTest+ PT0-002 exam is the successor to the PT0-001 exam. While both assess an individual's skills in penetration testing, the PT0-002 focuses on the most up-to-date methodologies and techniques. PT0-002 is considered to be more challenging than PT0-001 due to the inclusion of more advanced topics and performance-based questions.

The cost of CompTIA Pentest+ varies, depending on the country & region. In the US, you can register for USD 404.

Related Courses

All Course