CompTIA PenTest+ PT0-001
NuxSoftware Training & Certification Solutions in Coimbatore is your go-to destination for the finest CompTIA PenTest+ PT0-001 training courses. Our cutting-edge training programs are crafted to enhance your performance and provide hands-on experience. Industry experts with a diverse range of skills and extensive experience in their specialized areas lead our training sessions.
Our training center offers an exceptional environment suitable for professionals, individuals, corporate entities, and those seeking live project or industrial training. The advanced lab infrastructure is well-managed, ensuring 24/7 access from any location. The international expert trainers at our center bring excellent knowledge and real-time industry experience to the table.
At Nuxsoftware, we integrate various innovative learning methods and delivery models into our training programs. We prioritize understanding your needs to guarantee a 100% growth trajectory for your career. Our cost-effective training programs are designed with flexibility to cater to the unique requirements of our trainees.
The only credential with performance-based items to prove pros can think on their feet to perform critical IT support tasks in the moment.
Globally recognized by employers, our certification is the hallmark for identifying experts in endpoint management and technical support roles. Continuously revamped by IT professionals, it remains at the forefront, validating essential skills and abilities demanded in today’s workplace.
Course Syllabus
CompTIA PenTest+ PT0-001 Syllabus
Chapters
Planning and Scoping - 15%
1. Understanding the target audience, 2. Rules of engagement, 3. Communication escalation path, 4. Resources and requirements, Confidentiality of findings, Known vs. unknown, 5. Budget, 6. Impact analysis and remediation timelines, 7. Disclaimers, Point-in-time assessment, Comprehensiveness, 8. Technical constraints, 9. Support resources, WSDL/WADL, SOAP project file, SDK documentation, Swagger document, XSD, Sample application requests, Architectural diagrams,
1. Contracts, SOW, MSA, NDA, 2. Environmental differences, Export restrictions, Local and national government restrictions, Corporate policies, 3. Written authorization, Obtain signature from proper signing authority, Third-party provider authorization when necessary,
1. Types of assessment, Goals-based/objectives-based, Compliance-based, Red team, 2. Special scoping considerations, Premerger, Supply chain, 3. Target selection, Targets, Internal, On-site vs. off-site, External, First-party vs. third-party hosted, Physical, Users, SSIDs, Applications, Considerations, White-listed vs. black-listed, Security exceptions, IPS/WAF whitelist, NAC, Certificate pinning, Company’s policies, 4. Strategy, Black box vs. white box vs. gray box, 5. Risk acceptance, 6. Tolerance to impact, 7. Scheduling, 8. Scope creep, 9. Threat actors, Adversary tier, APT, Script kiddies, Hacktivist, Insider threat, Capabilities, Intent, Threat models,
1. Compliance-based assessments, limitations and caveats, Rules to complete assessment, Password policies, Data isolation, Key management, Limitations, Limited network access, Limited storage access, 2. Clearly defined objectives based on regulations,
Information Gathering and Vulnerability Identification - 22%
1. Scanning, 2. Enumeration, Hosts, Networks, Domains, Users, Groups, Network shares, Web pages, Applications, Services, Tokens, Social networking sites, 3. Packet crafting, 4. Packet inspection, 5. Fingerprinting, 6. Cryptography, Certificate inspection, 7. Eavesdropping, RF communication monitoring, Sniffing, Wired, Wireless, 8. Decompilation, 9. Debugging, 10. Open Source Intelligence Gathering, Sources of research, CERT, NIST, JPCERT, CAPEC, Full disclosure, CVE, CWE,
1. Credentialed vs. non-credentialed, 2. Types of scans, Discovery scan, Full scan, Stealth scan, Compliance scan, 3. Container securit, 4. Application scan, Dynamic vs. static analysis, 5. Considerations of vulnerability scanning, Time to run scans, Protocols used, Network topology, Bandwidth limitations, Query throttling, Fragile systems/non-traditional assets,
1. Asset categorization, 2. Adjudication, False positives, 3. Prioritization of vulnerabilities, 4. Common themes, Vulnerabilities, Observations, Lack of best practices,
1. Map vulnerabilities to potential exploits, 2. Prioritize activities in preparation for penetration test, 3. Describe common techniques to complete attack, Cross-compiling code, Exploit modification, Exploit chaining, Proof-of-concept development (exploit development), Social engineering, Credential brute forcing, Dictionary attacks, Rainbow tables, Deception,
1. ICS, 2. SCADA, 3. Mobile, 4. IoT, 5. Embedded, 6. Point-of-sale system, 7. Biometrics, 8. Application containers, 9. RTOS,
Attacks and Exploits - 30%
1. Phishing, Spear phishing, SMS phishing, Voice phishing, Whaling, 2. Elicitation, Business email compromise, 3. Interrogation, 4. Impersonation, 5. Shoulder surfing, 6. USB key drop, 7. Motivation techniques, Authority, Scarcity, Social proof, Urgency, Likeness, Fear,
1. Name resolution exploits, NETBIOS name service, LLMNR, 2. SMB exploits, 3. SNMP exploits, 4. SMTP exploits, 5. FTP exploits, 6. DNS cache poisoning, 7. Pass the hash, 8. Man-in-the-middle, ARP spoofing, Replay, Relay, SSL stripping, Downgrade, 9. DoS/stress test, 10. NAC bypass, 11. VLAN hopping,
1. Evil twin, Karma attack, Downgrade attack, 2. Deauthentication attacks, 3. Fragmentation attacks, 4. Credential harvesting, 5. WPS implementation weakness, 6. Bluejacking, 7. Bluesnarfing, 8. RFID cloning, 9. Jamming, 10. Repeating,
1. Injections, SQL, HTML, Command, Code, 2. Authentication, Credential brute forcing, Session hijacking, Redirect, Default credentials, Weak credentials, Kerberos exploits, 3. Authorization, Parameter pollution, Insecure direct object reference, 4. Cross-site scripting (XSS), Stored/persistent, Reflected, DOM, 5. Cross-site request forgery (CSRF/XSRF), 6. Clickjacking, 7. Security misconfiguration, Directory traversal, Cookie manipulation, 8. File inclusion, Local, Remote, 9. Unsecure code practices, Comments in source code, Lack of error handling, Overly verbose error handling, Hard-coded credentials, Race conditions, Unauthorized use of functions/unprotected APIs, Hidden elements, Lack of code signing,
1. OS vulnerabilities, Windows, Mac OS, Linux, Android, iOS, 2. Unsecure service and protocol configurations, 3. Privilege escalation, Linux-specific, SUID/SGID programs, Unsecure SUDO, Ret2libc, Sticky bits, Windows-specific, Cpassword, Clear text credentials in LDAP, Kerberoasting, Credentials in LSASS, Unattended installation, SAM database, DLL hijacking, Exploitable services, Unquoted service paths, Writable services, Unsecure file/folder permissions, Keylogger, Scheduled tasks, Kernel exploits, 4. Default account settings, 5. Sandbox escape, Shell upgrade, VM, Container, 6. Physical device security, Cold boot attack, JTAG debug, Serial console,
1. Piggybacking/tailgating, 2. Fence jumping, 3. Dumpster diving, 4. Lock picking, 5. Lock bypass, 6. Egress sensor, 7. Badge cloning,
1. Lateral movement, RPC/DCOM, PsExec, WMI, Scheduled tasks, PS remoting/WinRM, SMB, RDP, Apple Remote Desktop, VNC, X-server forwarding, Telnet, SSH, RSH/Rlogin, 2. Persistence, Scheduled jobs, Scheduled tasks, Daemons, Back doors, Trojan, New user creation, 3. Covering your tracks,
Penetration Testing Tools - 17%
1. SYN scan (-sS) vs. full connect scan (-sT), 2. Port selection (-p), 3. Service identification (-sV), 4. OS fingerprinting (-O), 5. Disabling ping (-Pn), 6. Target input file (-iL), 7. Timing (-T), 8. Output parameters, oA, oN, oG, oX,
1. Use cases, Reconnaissance, Enumeration, Vulnerability scanning, Credential attacks, Offline password cracking, Brute-forcing services, Persistence, Configuration compliance, Evasion, Decompilation, Forensics, Debugging, Software assurance, Fuzzing, SAST, DAST, 2. Tools, Scanners, Nikto, OpenVAS, SQLmap, Nessus, Credential testing tools, Hashcat, Medusa, Hydra, Cewl, John the Ripper, Cain and Abel, Mimikatz, Patator, Dirbuster, W3AF, Debuggers, OLLYDBG, Immunity debugger, GDB, WinDBG, IDA, Software assurance, Findbugs/findsecbugs, Peach, AFL, SonarQube, YASCA, OSINT, Whois, Nslookup, Foca, Theharvester, Shodan, Maltego, Recon-NG, Censys, Wireless, Aircrack-NG, Kismet, WiFite, Web proxies, OWASP ZAP, Burp Suite, Social engineering tools, SET, BeEF, Remote access tools, SSH, NCAT, NETCAT, Proxychains, Networking tools, Wireshark, Hping, Mobile tools, Drozer, APKX, APK studio, MISC, Searchsploit, Powersploit, Responder, Impacket, Empire, Metasploit framework,
1. Password cracking, 2. Pass the hash, 3. Setting up a bind shell, 4. Getting a reverse shell, 5. Proxying a connection, 6. Uploading a web shell, 7. Injections,
1. Logic, Looping, Flow control, 2. I/O, File vs. terminal vs. network, 3. Substitutions, 4. Variables, 5. Common operations, String operations, Comparisons, 6. Error handling, 7. Arrays, 8. Encoding/decoding,
Reporting and Communication - 16%
1. Normalization of data, 2. Written report of findings and remediation, Executive summary, Methodology, Findings and remediation, Metrics and measures, Risk rating, Conclusion, 3. Risk appetite, 4. Storage time for report, 5. Secure handling and disposition of reports,
1. Post-engagement cleanup, Removing shells, Removing tester-created credentials, Removing tools, 2. Client acceptance, 3. Lessons learned, 4. Follow-up actions/retest, 5. Attestation of findings,
1. Communication path, 2. Communication triggers, Critical findings, Stages, Indicators of prior compromise, 3. Reasons for communication, Situational awareness, De-escalation, De-confliction, 4. Goal reprioritization,