Search our courses
Training

Security remains one of the hottest topics in IT and other industries. It seems that each week brings news of some new breach of privacy or security. As organizations scramble to protect themselves and their customers, the ability to conduct penetration testing is an emerging skill set that is becoming ever more valuable to the organizations seeking protection, and ever more lucrative for those who possess these skills. In this course, you will be introduced to some general concepts and methodologies related to pen testing, and you will work your way through a simulated pen test for a fictitious company.

This CompTIA PenTest + training course can also assist you if you are pursuing the CompTIA PenTest+ certification, as tested in exam PT0-001. The course is designed to provide content and activities that correlate to the exam objectives, and therefore can be a resource as you prepare for the examination.


Course Objectives:


After you complete this course, you will be able to plan, conduct, analyze, and report on penetration tests.

You will:

  •     Plan and scope penetration tests.
  •     Conduct passive reconnaissance.
  •     Perform non-technical tests to gather information.
  •     Conduct active reconnaissance.
  •     Analyze vulnerabilities.
  •     Penetrate networks.
  •     Exploit host-based vulnerabilities.
  •     Test applications.
  •     Complete post-exploit tasks.
  •     Analyze and report pen test results.

 

Course-specific Technical Requirements

Hardware:

For this course, you will need one Windows Server® 2016 computer and one Kali Linux™ computer for each student and for the instructor. Make sure that each computer meets the classroom hardware specifications:

All Computers

  •     2 gigahertz (GHz) 64-bit processor that supports the VT-x or AMD-V virtualization instruction set and Second Level Address Translation (SLAT).
  •     8 gigabytes (GB) of Random Access Memory (RAM).
  •     80 GB storage device or larger.
  •     Super VGA (SVGA) or higher resolution monitor capable of a screen resolution of at least 1,024 × 768 pixels, at least a 256-color display, and a video adapter with at least 4 MB of memory.
  •     Bootable DVD-ROM or USB drive.
  •     Keyboard and mouse or a compatible pointing device.
  •     Gigabit Ethernet adapter (10/100/1000BaseT) and cabling to connect to the classroom network.
  •     Wireless network adapter for the Kali Linux computer.
  •     IP addresses that do not conflict with other portions of your network.
  •     Internet access (contact your local network administrator).
  •     (Instructor computer only) A display system to project the instructor's computer screen.
  •     At least one removable USB thumb drive for students to share if they do not have their own.
  •     (Optional) A network printer for the class to share.


Additional Hardware

  •  Mobile devices running Android™ version 4.0 or higher.
  • This is required for students to fully key through the optional activity "Exploiting Android Devices" in the "Penetrating Networks" lesson. Ideally, each student would have their own mobile device; if not, consider demonstrating the activity using one device.
  • One wireless access point (WAP) connected to the classroom network.
  • This is required for mobile devices to connect to the classroom network in the same "Exploiting Android Devices" activity. One example scenario is connecting all of the classroom servers to the same gateway router using Ethernet cables. If this router has wireless functionality, and it is activated, students' mobile devices will be able to connect as long as they know the passphrase.


Software:

 Microsoft® Windows Server® 2016 Standard Edition build 14393.693.

 Note : This specific build is required so that students will be able to successfully exploit unpatched vulnerabilities in the course activities. Newer builds will have patched these vulnerabilities, causing the activities not to key as written. The ISO file with the required build is available from the Microsoft Evaluation Center: https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2016 . You can verify the build number by entering winver into a command prompt.

The evaluation period for Windows Server 2016 is 180 days. If the duration of your class will exceed this evaluation period (for example, if you are teaching the class over the course of an academic semester), you should activate the installations at some point before the evaluation period expires. Otherwise, the operating systems may stop working before the class ends.


        Kali Linux™ version 2019.2.

 

  • Miscellaneous software that is not included in the course data files due to licensing restrictions:
  • Arachni Framework version 1.5.1 ( arachni-1.5.1-0.5.12-linux-x86_64.tar.gz).
  • MailEnable Standard version 10.26 ( standard1026.exe).
  • Metasploitable version 2.0.0 ( metasploitable-linux-2.0.0.zip). The steps to download these tools are described in the course setup that follows. Note that the URL paths to these downloads may have changed after this course was written. The activities in this course were written to the versions of the software noted previously. If new versions of these tools have been released when you present this course, make sure to test them with their corresponding activities to note any keying discrepancies.


        Miscellaneous software that is included in the course data files:

  • Oracle® VM VirtualBox version 5.2.10 ( VirtualBox-5.2.10-122406-Win.exe).
  • Node.js version 9.11.1 ( node-v9.11.1-x64.msi).
  • OWASP Juice Shop version 7.0.2 (store.zip ).
  • HttpRequester version 2.2 ( httprequester-2.2-fx.xpi).
  • Waterfox version 56.2.12 (waterfox.zip).

 

 VirtualBox is distributed with the course data files under version 2 of the GNU General Public License (GPL). Node.js and OWASP Juice Shop are distributed with the course data files under the MIT License. HttpRequester is distributed under a Berkeley Software Distribution (BSD) license. Waterfox is distributed under version 2 of the Mozilla Public License (MPL).

  •         If necessary, software for viewing the course slides (instructor machine only).

CompTIA PenTest +

Course Code

GTCPEN

Duration

5 Days

Course Fee

POA

Accreditation

N/A

Target Audience

This course is designed for IT professionals who want to develop penetration testing skills to enable them to identify information-system vulnerabilities and effective remediation techniques for those vulnerabilities. Target students who also need to offer practical recommendations for action to properly protect information systems and their contents will derive those skills from this course.

This course is also designed for individuals who are preparing to take the CompTIA PenTest+ certification exam PT0-001, or who plan to use PenTest+ as the foundation for more advanced security certifications or career roles. Individuals seeking this certification should have three to four years of hands-on experience performing penetration tests, vulnerability assessments, and vulnerability management.

Attendee Requirements

To ensure your success in this course, you should have:

  • Intermediate knowledge of information security concepts, including but not limited to identity and access management (IAM), cryptographic concepts and implementations, computer networking concepts and implementations, and common security technologies.
  • Practical experience in securing various computing environments, including small to medium businesses, as well as enterprise environments.

You can obtain this level of skills and knowledge by taking the CompTIA® Security+® (Exam SY0-501) course or by obtaining the appropriate industry certification.

Expand all

Course Description

Security remains one of the hottest topics in IT and other industries. It seems that each week brings news of some new breach of privacy or security. As organizations scramble to protect themselves and their customers, the ability to conduct penetration testing is an emerging skill set that is becoming ever more valuable to the organizations seeking protection, and ever more lucrative for those who possess these skills. In this course, you will be introduced to some general concepts and methodologies related to pen testing, and you will work your way through a simulated pen test for a fictitious company.

This CompTIA PenTest + training course can also assist you if you are pursuing the CompTIA PenTest+ certification, as tested in exam PT0-001. The course is designed to provide content and activities that correlate to the exam objectives, and therefore can be a resource as you prepare for the examination.


Course Objectives:


After you complete this course, you will be able to plan, conduct, analyze, and report on penetration tests.

You will:

  •     Plan and scope penetration tests.
  •     Conduct passive reconnaissance.
  •     Perform non-technical tests to gather information.
  •     Conduct active reconnaissance.
  •     Analyze vulnerabilities.
  •     Penetrate networks.
  •     Exploit host-based vulnerabilities.
  •     Test applications.
  •     Complete post-exploit tasks.
  •     Analyze and report pen test results.

 

Course-specific Technical Requirements

Hardware:

For this course, you will need one Windows Server® 2016 computer and one Kali Linux™ computer for each student and for the instructor. Make sure that each computer meets the classroom hardware specifications:

All Computers

  •     2 gigahertz (GHz) 64-bit processor that supports the VT-x or AMD-V virtualization instruction set and Second Level Address Translation (SLAT).
  •     8 gigabytes (GB) of Random Access Memory (RAM).
  •     80 GB storage device or larger.
  •     Super VGA (SVGA) or higher resolution monitor capable of a screen resolution of at least 1,024 × 768 pixels, at least a 256-color display, and a video adapter with at least 4 MB of memory.
  •     Bootable DVD-ROM or USB drive.
  •     Keyboard and mouse or a compatible pointing device.
  •     Gigabit Ethernet adapter (10/100/1000BaseT) and cabling to connect to the classroom network.
  •     Wireless network adapter for the Kali Linux computer.
  •     IP addresses that do not conflict with other portions of your network.
  •     Internet access (contact your local network administrator).
  •     (Instructor computer only) A display system to project the instructor's computer screen.
  •     At least one removable USB thumb drive for students to share if they do not have their own.
  •     (Optional) A network printer for the class to share.


Additional Hardware

  •  Mobile devices running Android™ version 4.0 or higher.
  • This is required for students to fully key through the optional activity "Exploiting Android Devices" in the "Penetrating Networks" lesson. Ideally, each student would have their own mobile device; if not, consider demonstrating the activity using one device.
  • One wireless access point (WAP) connected to the classroom network.
  • This is required for mobile devices to connect to the classroom network in the same "Exploiting Android Devices" activity. One example scenario is connecting all of the classroom servers to the same gateway router using Ethernet cables. If this router has wireless functionality, and it is activated, students' mobile devices will be able to connect as long as they know the passphrase.


Software:

 Microsoft® Windows Server® 2016 Standard Edition build 14393.693.

 Note : This specific build is required so that students will be able to successfully exploit unpatched vulnerabilities in the course activities. Newer builds will have patched these vulnerabilities, causing the activities not to key as written. The ISO file with the required build is available from the Microsoft Evaluation Center: https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2016 . You can verify the build number by entering winver into a command prompt.

The evaluation period for Windows Server 2016 is 180 days. If the duration of your class will exceed this evaluation period (for example, if you are teaching the class over the course of an academic semester), you should activate the installations at some point before the evaluation period expires. Otherwise, the operating systems may stop working before the class ends.


        Kali Linux™ version 2019.2.

 

  • Miscellaneous software that is not included in the course data files due to licensing restrictions:
  • Arachni Framework version 1.5.1 ( arachni-1.5.1-0.5.12-linux-x86_64.tar.gz).
  • MailEnable Standard version 10.26 ( standard1026.exe).
  • Metasploitable version 2.0.0 ( metasploitable-linux-2.0.0.zip). The steps to download these tools are described in the course setup that follows. Note that the URL paths to these downloads may have changed after this course was written. The activities in this course were written to the versions of the software noted previously. If new versions of these tools have been released when you present this course, make sure to test them with their corresponding activities to note any keying discrepancies.


        Miscellaneous software that is included in the course data files:

  • Oracle® VM VirtualBox version 5.2.10 ( VirtualBox-5.2.10-122406-Win.exe).
  • Node.js version 9.11.1 ( node-v9.11.1-x64.msi).
  • OWASP Juice Shop version 7.0.2 (store.zip ).
  • HttpRequester version 2.2 ( httprequester-2.2-fx.xpi).
  • Waterfox version 56.2.12 (waterfox.zip).

 

 VirtualBox is distributed with the course data files under version 2 of the GNU General Public License (GPL). Node.js and OWASP Juice Shop are distributed with the course data files under the MIT License. HttpRequester is distributed under a Berkeley Software Distribution (BSD) license. Waterfox is distributed under version 2 of the Mozilla Public License (MPL).

  •         If necessary, software for viewing the course slides (instructor machine only).
Course Outline

Lesson 1: Planning and Scoping Penetration Tests

Topic A: Introduction to Penetration Testing Concepts

Topic B: Plan a Pen Test Engagement

Topic C: Scope and Negotiate a Pen Test Engagement

Topic D: Prepare for a Pen Test Engagement

 

Lesson 2: Conducting Passive Reconnaissance

Topic A: Gather Background Information

Topic B: Prepare Background Findings for Next Steps

 

Lesson 3: Performing Non-Technical Tests

Topic A: Perform Social Engineering Tests

Topic B: Perform Physical Security Tests on Facilities

 

Lesson 4: Conducting Active Reconnaissance

Topic A: Scan Networks

Topic B: Enumerate Targets

Topic C: Scan for Vulnerabilities

Topic D: Analyze Basic Scripts

 

Lesson 5: Analyzing Vulnerabilities

Topic A: Analyze Vulnerability Scan Results

Topic B: Leverage Information to Prepare for Exploitation

 

Lesson 6: Penetrating Networks

Topic A: Exploit Network-Based Vulnerabilities

Topic B: Exploit Wireless and RF-Based Vulnerabilities

Topic C: Exploit Specialized Systems

 

Lesson 7: Exploiting Host-Based Vulnerabilities

Topic A: Exploit Windows-Based Vulnerabilities

Topic B: Exploit *nix-Based Vulnerabilities

 

Lesson 8: Testing Applications

Topic A: Exploit Web Application Vulnerabilities

Topic B: Test Source Code and Compiled Apps

 

Lesson 9: Completing Post-Exploit Tasks

Topic A: Use Lateral Movement Techniques

Topic B: Use Persistence Techniques

Topic C: Use Anti-Forensics Techniques

 

Lesson 10: Analyzing and Reporting Pen Test Results

Topic A: Analyze Pen Test Data

Topic B: Develop Recommendations for Mitigation Strategies

Topic C: Write and Handle Reports

Topic D: Conduct Post-Report-Delivery Activities

 

Appendix A: Taking the Exams

Appendix B: Mapping Course Content to CompTIA® PenTest+® (Exam PT0-001)

Learning Path
  • There are several options that may suit your business needs. Please contact us for further information.
Ways to Attend
  • Attend a public course, if there is one available. Please check our schedule, or register your interest in joining a course in your area.
  • Private onsite Team training also available, please contact us to discuss. We can customise this course to suit your business requirements.

Private Team Training is available for this course

We deliver this course either on or off-site in various regions around the world, and can customise your delivery to suit your exact business needs. Talk to us about how we can fine-tune a course to suit your team's current skillset and ultimate learning objectives.

Private Team Training | Contact us

Technical ICT learning & mentoring services

Private Team Training

Our instructors are specialist consultants with vast real world experience and expertise allowing them to design and deliver client-focused courses for your organisation.

Learn more about our Private Team Training

What Our Clients Say

“I particularly liked the heavy hands on sessions that went on with the training. Other than that, really liked Mark's training style. His experience in the field really shines through.”

 

Docker - GTDK1

Feb ‘19

“Instructor's ability to demonstrate new features that are not part of the course help show his mastery as well as prepare us for changes in the technology. Great work.

 

Using Docker & Kubernetes in Production - GTK8SG

Oct ‘18


“This course was an excellent insight into the Cloud Service Management world and equips me with the tools to go back to my company and build upon it.”

 

Cloud Service Manager - GTC13

Jan ‘19

 

''Fantastic course, looking forward to applying this in my work and home life. Excellent, practical approach, very motivational. I think the entire company should attend training.''

 

Being Agile in Business - GTBAB

Sept '19

“Excellent instructor. You can tell he really understands the concepts he's presenting and is very passionate about his work. He answered every question we asked and presented the course in an interesting and involving manner.”

 

Spring Boot Development - GTIT40

Nov ‘18

"Intelligence is the ability to avoid doing work, yet
getting the work done"

Linus Torvalds, creator of Linux and GIT

Technical ICT learning & mentoring services

About GuruTeam

GuruTeam is a high-level ICT Learning, Mentoring and Consultancy services company. We specialise in delivering instructor-led on and off-site training in Blockchain, Linux, Cloud, Big Data, DevOps, Kubernetes, Agile, Software & Web Development technologies. View our Testimonials

Download our eBrochure
Our Accreditation Partners
  •  
  •  
  •  
  •  

 

Upcoming Courses

Kubernetes Administration

18th - 21st August - Live Online

12th - 15th October - Live Online

This Kubernetes Administration Certification training course is suitable for anyone who wants to learn the skills necessary to build and administer a Kubernetes cluster

Learn More

CompTIA Network+ FastTrack

Coming Soon

This fast-paced course teaches the essentials of networking and helps to prepare the student for the CompTIA Network+ certification.

Learn More

Applied Data Science and Big Data Analytics

Coming Soon

Learn about the theoretical and practical aspects of using Python in the realm of Data Science, Business Analytics, and Data Logistics

Learn More

Introduction to Python 3

8th - 10th September - Live Online

29th September - 1st October-  Live Online

20th - 22nd October  -  Live Online

  10th - 12th November -  Live Online

                                                                                        24th - 26th November -  Live Online

                                                                                         15th - 17th December -  Live Online

Python is a powerful and popular object-oriented programming/scripting language with many high quality libraries.

Learn More

Newsletter

Stay up to date, receive updates on scheduled dates, new courses, offers, and events.

Subscribe to our Newsletter