Security remains one of the hottest topics in IT and other industries. It seems that each week brings news of some new breach of privacy or security. As organizations scramble to protect themselves and their customers, the ability to conduct penetration testing is an emerging skill set that is becoming ever more valuable to the organizations seeking protection, and ever more lucrative for those who possess these skills. In this course, you will be introduced to some general concepts and methodologies related to pen testing, and you will work your way through a simulated pen test for a fictitious company.
This CompTIA PenTest + training course can also assist you if you are pursuing the CompTIA PenTest+ certification, as tested in exam PT0-001. The course is designed to provide content and activities that correlate to the exam objectives, and therefore can be a resource as you prepare for the examination.
Course Objectives:
After you complete this course, you will be able to plan, conduct, analyze, and report on penetration tests.
You will:
- Plan and scope penetration tests.
- Conduct passive reconnaissance.
- Perform non-technical tests to gather information.
- Conduct active reconnaissance.
- Analyze vulnerabilities.
- Penetrate networks.
- Exploit host-based vulnerabilities.
- Test applications.
- Complete post-exploit tasks.
- Analyze and report pen test results.
Course-specific Technical Requirements
Hardware:
For this course, you will need one Windows Server® 2016 computer and one Kali Linux™ computer for each student and for the instructor. Make sure that each computer meets the classroom hardware specifications:
All Computers
- 2 gigahertz (GHz) 64-bit processor that supports the VT-x or AMD-V virtualization instruction set and Second Level Address Translation (SLAT).
- 8 gigabytes (GB) of Random Access Memory (RAM).
- 80 GB storage device or larger.
- Super VGA (SVGA) or higher resolution monitor capable of a screen resolution of at least 1,024 × 768 pixels, at least a 256-color display, and a video adapter with at least 4 MB of memory.
- Bootable DVD-ROM or USB drive.
- Keyboard and mouse or a compatible pointing device.
- Gigabit Ethernet adapter (10/100/1000BaseT) and cabling to connect to the classroom network.
- Wireless network adapter for the Kali Linux computer.
- IP addresses that do not conflict with other portions of your network.
- Internet access (contact your local network administrator).
- (Instructor computer only) A display system to project the instructor's computer screen.
- At least one removable USB thumb drive for students to share if they do not have their own.
- (Optional) A network printer for the class to share.
Additional Hardware
- Mobile devices running Android™ version 4.0 or higher.
- This is required for students to fully key through the optional activity "Exploiting Android Devices" in the "Penetrating Networks" lesson. Ideally, each student would have their own mobile device; if not, consider demonstrating the activity using one device.
- One wireless access point (WAP) connected to the classroom network.
- This is required for mobile devices to connect to the classroom network in the same "Exploiting Android Devices" activity. One example scenario is connecting all of the classroom servers to the same gateway router using Ethernet cables. If this router has wireless functionality, and it is activated, students' mobile devices will be able to connect as long as they know the passphrase.
Software:
Microsoft® Windows Server® 2016 Standard Edition build 14393.693.
Note : This specific build is required so that students will be able to successfully exploit unpatched vulnerabilities in the course activities. Newer builds will have patched these vulnerabilities, causing the activities not to key as written. The ISO file with the required build is available from the Microsoft Evaluation Center: https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2016 . You can verify the build number by entering winver into a command prompt.
The evaluation period for Windows Server 2016 is 180 days. If the duration of your class will exceed this evaluation period (for example, if you are teaching the class over the course of an academic semester), you should activate the installations at some point before the evaluation period expires. Otherwise, the operating systems may stop working before the class ends.
Kali Linux™ version 2019.2.
- Miscellaneous software that is not included in the course data files due to licensing restrictions:
- Arachni Framework version 1.5.1 ( arachni-1.5.1-0.5.12-linux-x86_64.tar.gz).
- MailEnable Standard version 10.26 ( standard1026.exe).
- Metasploitable version 2.0.0 ( metasploitable-linux-2.0.0.zip). The steps to download these tools are described in the course setup that follows. Note that the URL paths to these downloads may have changed after this course was written. The activities in this course were written to the versions of the software noted previously. If new versions of these tools have been released when you present this course, make sure to test them with their corresponding activities to note any keying discrepancies.
Miscellaneous software that is included in the course data files:
- Oracle® VM VirtualBox version 5.2.10 ( VirtualBox-5.2.10-122406-Win.exe).
- Node.js version 9.11.1 ( node-v9.11.1-x64.msi).
- OWASP Juice Shop version 7.0.2 (store.zip ).
- HttpRequester version 2.2 ( httprequester-2.2-fx.xpi).
- Waterfox version 56.2.12 (waterfox.zip).
VirtualBox is distributed with the course data files under version 2 of the GNU General Public License (GPL). Node.js and OWASP Juice Shop are distributed with the course data files under the MIT License. HttpRequester is distributed under a Berkeley Software Distribution (BSD) license. Waterfox is distributed under version 2 of the Mozilla Public License (MPL).
- If necessary, software for viewing the course slides (instructor machine only).
Lesson 1: Planning and Scoping Penetration Tests
Topic A: Introduction to Penetration Testing Concepts
Topic B: Plan a Pen Test Engagement
Topic C: Scope and Negotiate a Pen Test Engagement
Topic D: Prepare for a Pen Test Engagement
Lesson 2: Conducting Passive Reconnaissance
Topic A: Gather Background Information
Topic B: Prepare Background Findings for Next Steps
Lesson 3: Performing Non-Technical Tests
Topic A: Perform Social Engineering Tests
Topic B: Perform Physical Security Tests on Facilities
Lesson 4: Conducting Active Reconnaissance
Topic A: Scan Networks
Topic B: Enumerate Targets
Topic C: Scan for Vulnerabilities
Topic D: Analyze Basic Scripts
Lesson 5: Analyzing Vulnerabilities
Topic A: Analyze Vulnerability Scan Results
Topic B: Leverage Information to Prepare for Exploitation
Lesson 6: Penetrating Networks
Topic A: Exploit Network-Based Vulnerabilities
Topic B: Exploit Wireless and RF-Based Vulnerabilities
Topic C: Exploit Specialized Systems
Lesson 7: Exploiting Host-Based Vulnerabilities
Topic A: Exploit Windows-Based Vulnerabilities
Topic B: Exploit *nix-Based Vulnerabilities
Lesson 8: Testing Applications
Topic A: Exploit Web Application Vulnerabilities
Topic B: Test Source Code and Compiled Apps
Lesson 9: Completing Post-Exploit Tasks
Topic A: Use Lateral Movement Techniques
Topic B: Use Persistence Techniques
Topic C: Use Anti-Forensics Techniques
Lesson 10: Analyzing and Reporting Pen Test Results
Topic A: Analyze Pen Test Data
Topic B: Develop Recommendations for Mitigation Strategies
Topic C: Write and Handle Reports
Topic D: Conduct Post-Report-Delivery Activities
Appendix A: Taking the Exams
Appendix B: Mapping Course Content to CompTIA® PenTest+® (Exam PT0-001)