Search our courses
Training

Security remains one of the hottest topics in IT and other industries. It seems that each week brings news of some new breach of privacy or security. As organizations scramble to protect themselves and their customers, the ability to conduct penetration testing is an emerging skill set that is becoming ever more valuable to the organizations seeking protection, and ever more lucrative for those who possess these skills. In this course, you will be introduced to some general concepts and methodologies related to pen testing, and you will work your way through a simulated pen test for a fictitious company.

This CompTIA PenTest + training course can also assist you if you are pursuing the CompTIA PenTest+ certification, as tested in exam PT0-001. The course is designed to provide content and activities that correlate to the exam objectives, and therefore can be a resource as you prepare for the examination.


Course Objectives:


After you complete this course, you will be able to plan, conduct, analyze, and report on penetration tests.

You will:

  •     Plan and scope penetration tests.
  •     Conduct passive reconnaissance.
  •     Perform non-technical tests to gather information.
  •     Conduct active reconnaissance.
  •     Analyze vulnerabilities.
  •     Penetrate networks.
  •     Exploit host-based vulnerabilities.
  •     Test applications.
  •     Complete post-exploit tasks.
  •     Analyze and report pen test results.

 

Course-specific Technical Requirements

Hardware:

For this course, you will need one Windows Server® 2016 computer and one Kali Linux™ computer for each student and for the instructor. Make sure that each computer meets the classroom hardware specifications:

All Computers

  •     2 gigahertz (GHz) 64-bit processor that supports the VT-x or AMD-V virtualization instruction set and Second Level Address Translation (SLAT).
  •     8 gigabytes (GB) of Random Access Memory (RAM).
  •     80 GB storage device or larger.
  •     Super VGA (SVGA) or higher resolution monitor capable of a screen resolution of at least 1,024 × 768 pixels, at least a 256-color display, and a video adapter with at least 4 MB of memory.
  •     Bootable DVD-ROM or USB drive.
  •     Keyboard and mouse or a compatible pointing device.
  •     Gigabit Ethernet adapter (10/100/1000BaseT) and cabling to connect to the classroom network.
  •     Wireless network adapter for the Kali Linux computer.
  •     IP addresses that do not conflict with other portions of your network.
  •     Internet access (contact your local network administrator).
  •     (Instructor computer only) A display system to project the instructor's computer screen.
  •     At least one removable USB thumb drive for students to share if they do not have their own.
  •     (Optional) A network printer for the class to share.


Additional Hardware

  •  Mobile devices running Android™ version 4.0 or higher.
  • This is required for students to fully key through the optional activity "Exploiting Android Devices" in the "Penetrating Networks" lesson. Ideally, each student would have their own mobile device; if not, consider demonstrating the activity using one device.
  • One wireless access point (WAP) connected to the classroom network.
  • This is required for mobile devices to connect to the classroom network in the same "Exploiting Android Devices" activity. One example scenario is connecting all of the classroom servers to the same gateway router using Ethernet cables. If this router has wireless functionality, and it is activated, students' mobile devices will be able to connect as long as they know the passphrase.


Software:

 Microsoft® Windows Server® 2016 Standard Edition build 14393.693.

 Note : This specific build is required so that students will be able to successfully exploit unpatched vulnerabilities in the course activities. Newer builds will have patched these vulnerabilities, causing the activities not to key as written. The ISO file with the required build is available from the Microsoft Evaluation Center: https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2016 . You can verify the build number by entering winver into a command prompt.

The evaluation period for Windows Server 2016 is 180 days. If the duration of your class will exceed this evaluation period (for example, if you are teaching the class over the course of an academic semester), you should activate the installations at some point before the evaluation period expires. Otherwise, the operating systems may stop working before the class ends.


        Kali Linux™ version 2019.2.

 

  • Miscellaneous software that is not included in the course data files due to licensing restrictions:
  • Arachni Framework version 1.5.1 ( arachni-1.5.1-0.5.12-linux-x86_64.tar.gz).
  • MailEnable Standard version 10.26 ( standard1026.exe).
  • Metasploitable version 2.0.0 ( metasploitable-linux-2.0.0.zip). The steps to download these tools are described in the course setup that follows. Note that the URL paths to these downloads may have changed after this course was written. The activities in this course were written to the versions of the software noted previously. If new versions of these tools have been released when you present this course, make sure to test them with their corresponding activities to note any keying discrepancies.


        Miscellaneous software that is included in the course data files:

  • Oracle® VM VirtualBox version 5.2.10 ( VirtualBox-5.2.10-122406-Win.exe).
  • Node.js version 9.11.1 ( node-v9.11.1-x64.msi).
  • OWASP Juice Shop version 7.0.2 (store.zip ).
  • HttpRequester version 2.2 ( httprequester-2.2-fx.xpi).
  • Waterfox version 56.2.12 (waterfox.zip).

 

 VirtualBox is distributed with the course data files under version 2 of the GNU General Public License (GPL). Node.js and OWASP Juice Shop are distributed with the course data files under the MIT License. HttpRequester is distributed under a Berkeley Software Distribution (BSD) license. Waterfox is distributed under version 2 of the Mozilla Public License (MPL).

  •         If necessary, software for viewing the course slides (instructor machine only).

CompTIA PenTest +

Course Code

GTCPEN

Duration

5 Days

Course Fee

POA

Accreditation

N/A

Target Audience

This course is designed for IT professionals who want to develop penetration testing skills to enable them to identify information-system vulnerabilities and effective remediation techniques for those vulnerabilities. Target students who also need to offer practical recommendations for action to properly protect information systems and their contents will derive those skills from this course.

This course is also designed for individuals who are preparing to take the CompTIA PenTest+ certification exam PT0-001, or who plan to use PenTest+ as the foundation for more advanced security certifications or career roles. Individuals seeking this certification should have three to four years of hands-on experience performing penetration tests, vulnerability assessments, and vulnerability management.

Attendee Requirements

To ensure your success in this course, you should have:

  • Intermediate knowledge of information security concepts, including but not limited to identity and access management (IAM), cryptographic concepts and implementations, computer networking concepts and implementations, and common security technologies.
  • Practical experience in securing various computing environments, including small to medium businesses, as well as enterprise environments.

You can obtain this level of skills and knowledge by taking the CompTIA® Security+® (Exam SY0-501) course or by obtaining the appropriate industry certification.

Expand all

Course Description

Security remains one of the hottest topics in IT and other industries. It seems that each week brings news of some new breach of privacy or security. As organizations scramble to protect themselves and their customers, the ability to conduct penetration testing is an emerging skill set that is becoming ever more valuable to the organizations seeking protection, and ever more lucrative for those who possess these skills. In this course, you will be introduced to some general concepts and methodologies related to pen testing, and you will work your way through a simulated pen test for a fictitious company.

This CompTIA PenTest + training course can also assist you if you are pursuing the CompTIA PenTest+ certification, as tested in exam PT0-001. The course is designed to provide content and activities that correlate to the exam objectives, and therefore can be a resource as you prepare for the examination.


Course Objectives:


After you complete this course, you will be able to plan, conduct, analyze, and report on penetration tests.

You will:

  •     Plan and scope penetration tests.
  •     Conduct passive reconnaissance.
  •     Perform non-technical tests to gather information.
  •     Conduct active reconnaissance.
  •     Analyze vulnerabilities.
  •     Penetrate networks.
  •     Exploit host-based vulnerabilities.
  •     Test applications.
  •     Complete post-exploit tasks.
  •     Analyze and report pen test results.

 

Course-specific Technical Requirements

Hardware:

For this course, you will need one Windows Server® 2016 computer and one Kali Linux™ computer for each student and for the instructor. Make sure that each computer meets the classroom hardware specifications:

All Computers

  •     2 gigahertz (GHz) 64-bit processor that supports the VT-x or AMD-V virtualization instruction set and Second Level Address Translation (SLAT).
  •     8 gigabytes (GB) of Random Access Memory (RAM).
  •     80 GB storage device or larger.
  •     Super VGA (SVGA) or higher resolution monitor capable of a screen resolution of at least 1,024 × 768 pixels, at least a 256-color display, and a video adapter with at least 4 MB of memory.
  •     Bootable DVD-ROM or USB drive.
  •     Keyboard and mouse or a compatible pointing device.
  •     Gigabit Ethernet adapter (10/100/1000BaseT) and cabling to connect to the classroom network.
  •     Wireless network adapter for the Kali Linux computer.
  •     IP addresses that do not conflict with other portions of your network.
  •     Internet access (contact your local network administrator).
  •     (Instructor computer only) A display system to project the instructor's computer screen.
  •     At least one removable USB thumb drive for students to share if they do not have their own.
  •     (Optional) A network printer for the class to share.


Additional Hardware

  •  Mobile devices running Android™ version 4.0 or higher.
  • This is required for students to fully key through the optional activity "Exploiting Android Devices" in the "Penetrating Networks" lesson. Ideally, each student would have their own mobile device; if not, consider demonstrating the activity using one device.
  • One wireless access point (WAP) connected to the classroom network.
  • This is required for mobile devices to connect to the classroom network in the same "Exploiting Android Devices" activity. One example scenario is connecting all of the classroom servers to the same gateway router using Ethernet cables. If this router has wireless functionality, and it is activated, students' mobile devices will be able to connect as long as they know the passphrase.


Software:

 Microsoft® Windows Server® 2016 Standard Edition build 14393.693.

 Note : This specific build is required so that students will be able to successfully exploit unpatched vulnerabilities in the course activities. Newer builds will have patched these vulnerabilities, causing the activities not to key as written. The ISO file with the required build is available from the Microsoft Evaluation Center: https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2016 . You can verify the build number by entering winver into a command prompt.

The evaluation period for Windows Server 2016 is 180 days. If the duration of your class will exceed this evaluation period (for example, if you are teaching the class over the course of an academic semester), you should activate the installations at some point before the evaluation period expires. Otherwise, the operating systems may stop working before the class ends.


        Kali Linux™ version 2019.2.

 

  • Miscellaneous software that is not included in the course data files due to licensing restrictions:
  • Arachni Framework version 1.5.1 ( arachni-1.5.1-0.5.12-linux-x86_64.tar.gz).
  • MailEnable Standard version 10.26 ( standard1026.exe).
  • Metasploitable version 2.0.0 ( metasploitable-linux-2.0.0.zip). The steps to download these tools are described in the course setup that follows. Note that the URL paths to these downloads may have changed after this course was written. The activities in this course were written to the versions of the software noted previously. If new versions of these tools have been released when you present this course, make sure to test them with their corresponding activities to note any keying discrepancies.


        Miscellaneous software that is included in the course data files:

  • Oracle® VM VirtualBox version 5.2.10 ( VirtualBox-5.2.10-122406-Win.exe).
  • Node.js version 9.11.1 ( node-v9.11.1-x64.msi).
  • OWASP Juice Shop version 7.0.2 (store.zip ).
  • HttpRequester version 2.2 ( httprequester-2.2-fx.xpi).
  • Waterfox version 56.2.12 (waterfox.zip).

 

 VirtualBox is distributed with the course data files under version 2 of the GNU General Public License (GPL). Node.js and OWASP Juice Shop are distributed with the course data files under the MIT License. HttpRequester is distributed under a Berkeley Software Distribution (BSD) license. Waterfox is distributed under version 2 of the Mozilla Public License (MPL).

  •         If necessary, software for viewing the course slides (instructor machine only).
Course Outline

Lesson 1: Planning and Scoping Penetration Tests

Topic A: Introduction to Penetration Testing Concepts

Topic B: Plan a Pen Test Engagement

Topic C: Scope and Negotiate a Pen Test Engagement

Topic D: Prepare for a Pen Test Engagement

 

Lesson 2: Conducting Passive Reconnaissance

Topic A: Gather Background Information

Topic B: Prepare Background Findings for Next Steps

 

Lesson 3: Performing Non-Technical Tests

Topic A: Perform Social Engineering Tests

Topic B: Perform Physical Security Tests on Facilities

 

Lesson 4: Conducting Active Reconnaissance

Topic A: Scan Networks

Topic B: Enumerate Targets

Topic C: Scan for Vulnerabilities

Topic D: Analyze Basic Scripts

 

Lesson 5: Analyzing Vulnerabilities

Topic A: Analyze Vulnerability Scan Results

Topic B: Leverage Information to Prepare for Exploitation

 

Lesson 6: Penetrating Networks

Topic A: Exploit Network-Based Vulnerabilities

Topic B: Exploit Wireless and RF-Based Vulnerabilities

Topic C: Exploit Specialized Systems

 

Lesson 7: Exploiting Host-Based Vulnerabilities

Topic A: Exploit Windows-Based Vulnerabilities

Topic B: Exploit *nix-Based Vulnerabilities

 

Lesson 8: Testing Applications

Topic A: Exploit Web Application Vulnerabilities

Topic B: Test Source Code and Compiled Apps

 

Lesson 9: Completing Post-Exploit Tasks

Topic A: Use Lateral Movement Techniques

Topic B: Use Persistence Techniques

Topic C: Use Anti-Forensics Techniques

 

Lesson 10: Analyzing and Reporting Pen Test Results

Topic A: Analyze Pen Test Data

Topic B: Develop Recommendations for Mitigation Strategies

Topic C: Write and Handle Reports

Topic D: Conduct Post-Report-Delivery Activities

 

Appendix A: Taking the Exams

Appendix B: Mapping Course Content to CompTIA® PenTest+® (Exam PT0-001)

Learning Path
  • There are several options that may suit your business needs. Please contact us for further information.
Ways to Attend
  • Attend a public course, if there is one available. Please check our schedule, or register your interest in joining a course in your area.
  • Private onsite Team training also available, please contact us to discuss. We can customise this course to suit your business requirements.

Private Team Training is available for this course

We deliver this course either on or off-site in various regions around the world, and can customise your delivery to suit your exact business needs. Talk to us about how we can fine-tune a course to suit your team's current skillset and ultimate learning objectives.

Private Team Training | Contact us

Technical ICT learning & mentoring services

Private Team Training

Our instructors are specialist consultants with vast real world experience and expertise allowing them to design and deliver client-focused courses for your organisation.

Learn more about our Private Team Training

What Our Clients Say

"Absolutely fantastic training. Thoroughly enjoyed it thanks to our highly enthusiastic tutor.  It wouldn't be an understatement to say that it was the best professional training that I have ever received."

 

Customised Linux with Networking

Live Online -  February 2022

 

"The course content was very good. When needed, the Instructor was extending the content of the course with hints and tips to help us understand different topics that were covered in the course."

 

Kubernetes Administration Certification - GTLFK

Live Online June 2021

 

 

 

“The course was held at the highest possible standards, the instructor was excellent, well prepared, well informed, and clearly an SME. Top marks.”

 

Professional Cloud Service Manager - GTC13

Live Online December 2021

 

“Very engaging and practical course so hope to be able to put the learning into practice.”

 

Being Agile in Business - GTBAB

Live Online September 2021

 

“Great instructor, who encouraged active participation. The breakout groups and exercises kept the group engaged and the content relevant to our own products”.

 

Site Reliability Engineering Foundation - GTDSRE

Live Online January 2022

 

 

 

"Intelligence is the ability to avoid doing work, yet
getting the work done"

Linus Torvalds, creator of Linux and GIT

Technical ICT learning & mentoring services

About GuruTeam

GuruTeam is a high-level ICT Learning, Mentoring and Consultancy services company. We specialise in delivering instructor-led on and off-site training in Blockchain, Linux, Cloud, Big Data, DevOps, Kubernetes, Agile, Software & Web Development technologies. View our Testimonials

Download our eBrochure
Our Accreditation Partners
  •  
  •  
  •  

 

Upcoming Courses

Kubernetes Administration

11th - 14th March 2024

26th - 29th March 2024

Live Online

 

This Kubernetes Administration Certification training course is suitable for anyone who wants to learn the skills necessary to build and administer a Kubernetes cluster

Learn More

RUST

11th - 14th March 2024

26th - 29th March 2024

 Live Online

This course will help you understand what Rust applications look like, how to write Rust applications properly, and how to get the most out of the language and its libraries.

Learn More

Introduction to Python 3 

19th - 21st March 2024

9th - 11th April 2024

7th - 9th May 2024

   4th - 6th June 2024

 

Live Online

This Introduction to Python 3 training course is designed for anyone who needs to learn how to write programs in Python or support/modify existing programs.

 

Learn More

 GO LANG TRAINING

11th - 14th March 2024

26th - 29th March 2024

 

Live Online        

 

This Go language programming training course will help you understand how Go works, and immediately be more productive. If you are building a team using Go, this will be a great opportunity to get your team on the same page and speaking the same language. Innovative lab exercises and code samples are provided to reinforce skills and quickly master the topics.

Learn More

Newsletter

Stay up to date, receive updates on scheduled dates, new courses, offers, and events.

Subscribe to our Newsletter