CompTIA PenTest+ PT0-003 Training - OEM Certkit

CompTIA PenTest+ is for cybersecurity professionals tasked with penetration testing and security consulting.
This comprehensive course prepares you for the CompTIA PenTest+ PT0-003 certification exam, focusing on advanced penetration testing, vulnerability assessment, and risk management.
Course outcome

• Engagement Management
  Learn the foundational processes of penetration testing, including planning, scoping, and managing pre-engagement activities. Master communication strategies, stakeholder collaboration, and the creation of detailed, actionable penetration test reports.
• Reconnaissance and Enumeration
  Explore tools and techniques for gathering information actively and passively. Develop skills in OSINT (Open Source Intelligence), network scanning, protocol enumeration, and using advanced tools like Nmap, Maltego, and theHarvester.
• Vulnerability Discovery and Analysis
  Focus on identifying and analyzing vulnerabilities using techniques such as static and dynamic application testing. Gain expertise with tools like Tenable Nessus, TruffleHog, and Nikto to conduct manual and automated assessments.
• Attacks and Exploits
  Dive deep into real-world attack simulations, including network, web application, and cloud-based attacks. Learn authentication, host-based, and social engineering attack methodologies while leveraging tools like Metasploit, Burp Suite, and ZAP.
• Post-exploitation and Lateral Movement
  Understand methods for maintaining access, lateral movement, and cleanup. Use scripting tools and automation frameworks to enhance efficiency and learn critical remediation techniques to mitigate risks.

CertKit content:

E-learning courses:

CompTIA PenTest+ (PT0-003): Governance, Risk, & Compliance

Course: 1 Hour, 20 Minutes

• Course Overview
• Payment Card Industry Data Security Standard (PCI DSS)
• General Data Protection Regulation (GDPR)
• Define Target Lists
• Assessment Types
• Terms of Service (ToS) Agreements
• Service-level Agreements (SLAs)
• Confidentiality and Nondisclosure Agreements
• Statement of Work (SOW)
• Master Service Agreement
• Permission to Attack
• Shared Responsibility Model
• Legal and Ethical Considerations of Penetration Testing
• Course Summary

CompTIA PenTest+ (PT0-003): Collaboration & Communication Activities

Course: 57 Minutes

• Course Overview
• Peer Reviewing
• Stakeholder Alignment
• Root Cause Analysis
• An Escalation Path
• Secure Distribution
• Articulation of Risk
• Goal Reprioritization
• Business Impact Analysis (BIA)
• Client Acceptance and Lessons Learned
• Course Summary

CompTIA PenTest+ (PT0-003): Testing Frameworks & Methodologies

Course: 1 Hour, 12 Minutes

• Course Overview
• Open Source Security Testing Methodology Manual
• MITRE ATT&CK Guidelines
• Open Web Application Security Project Top
• OWASP Mobile Application Security Verification Standard
• The Purdue Model
• Council of Registered Ethical Security Testers
• Penetration Testing Execution Standard
• Information Systems Security Assessment Framework
• DREAD Threat Model Framework
• STRIDE Threat Model Framework
• OCTAVE Threat Model Framework
• Course Summary

CompTIA PenTest+ (PT0-003): Reporting & Remediation

Course: 59 Minutes

• Course Overview
• Report Format Alignment
• Documentation Specifications
• Definitions and Risk Scoring
• Report Components
• Test Limitations, Assumptions, and Considerations
• Technical Controls
• Administrative Controls
• Operational Controls6
• Physical Controls
• Course Summary

CompTIA PenTest+: Reconnaissance & Enumeration

Course: 2 Hours

• Course Overview
• Information Gathering Using Reconnaissance
• Open-source Intelligence (OSINT)
• Network Reconnaissance
• Protocol Scanning
• Performing a Port Scan with Nmap
• Certificate Transparency Logs
• Information Disclosure Vulnerabilities
• Search Engine Analysis
• Using Network Sniffing Techniques
• Performing Banner Grabbing
• Performing Hypertext Markup Language (HTML) Scraping
• Course Summary

CompTIA PenTest+ (PT0-003): CompTIA PenTest+: Applying Enumeration Techniques

Course: 1 Hour, 25 Minutes

• Course Overview
• Operating System (OS) Fingerprinting
• Service Discovery
• Enumeration Techniques
• Performing Host Discovery
• SMB Share Enumeration
• Local User Enumeration
• Email and Permissions Enumeration
• Wireless Enumeration
• Secrets Enumeration Techniques
• Attack Path Mapping Processes
• Enumerating Using Web Application Firewalls (WAFs)
• Web Crawling Processes
• Manual Enumeration
• Course Summary

CompTIA PenTest+ (PT0-003): Using Scripts for Reconnaissance & Enumeration

Course: 1 Hour, 11 Minutes

• Course Overview
• Gather Information Using Scripts
• Data Manipulation Attacks
• Bash Scripting Language
• Python Scripting Language
• PowerShell Scripting Language
• Logic Constructs
• Library Concepts
• Classes in Scripting
• Functions in Scripting
• Course Summary

CompTIA PenTest+ (PT0-003): Enumeration & Reconnaissance Tools

Course: 2 Hours, 9 Minutes

• Course Overview
• Using the Wayback Machine
• Performing Link Analysis Using Maltego
• Using Recon-ng for Reconnaissance
• Utilizing the Shodan Search Engine
• Performing Open-source Reconnaissance Using SpiderFoot
• Implementing Queries Using WHOIS
• Using the nslookup and dig Commands for Queries
• Utilizing Censys for Open-source Intelligence
• Using the Hunter Email Outreach Platform for Enumeration
• Performing Security Assessments Using DNSDumpster
• Executing Open-source Reconnaissance Using Amass
• Writing Scripts with the Nmap Scripting Engine (NSE)
• Gathering Information Using theHarvester
• Identifying Wireless Hotspots Using WiGLE
• Using the inSSIDer Network Scanner Application
• The OSINTframework.com Website
• Using Wireshark to Perform Reconnaissance
• Analyze Wi-Fi Networks Using Aircrack-ng
• Course Summary

CompTIA PenTest+ (PT0-003): Discovering & Analyzing Vulnerabilities

Course: 1 Hour, 9 Minutes

• Course Overview
• Types of Vulnerability Scans
• Industry Control System (ICS) Assessments
• Vulnerability Discovery and Analysis Tools
• Analysis Results and Validation
• Public Exploit Selection
• Using Scripting to Validate Output Results
• Tailgating Attacks
• Site Surveys
• Universal Serial Bus (USB) Drop Attacks
• Security Badge Cloning
• Security Lock Picking
• Course Summary

CompTIA PenTest+ (PT0-003): Prioritize & Prepare for Attacks

Course: 2 Hours, 21 Minutes

• Course Overview
• Target Prioritization
• Capability Selection
• Attack Types
• Identifying Vulnerabilities Using Metasploit
• Using the Netcat Utility
• Performing Network Scans Using Nmap
• Accessing Network Packets Using Impacket
• Using the CrackMapExec Post-Exploitation Tool
• Performing Network Analysis Using Wireshark
• Generating Custom Payloads Using MSFvenom
• Using Hydra to Brute Force Passwords
• Performing Poisoning Attacks Using Responder
• Course Summary

CompTIA PenTest+ (PT0-003): Authentication Attacks

Course: 1 Hour, 23 Minutes

• Course Overview
• Authentication Attack Types
• Cracking NTLM Hashes Using CrackMapExec
• Intercepting Credentials Using Responder
• Cracking Passwords Using Hashcat
• Cracking SSH Key Passwords Using John the Ripper
• Using Hydra to Brute Force Login Pages
• Performing Active Directory Attacks Using BloodHound
• Cracking Passwords Using Medusa
• Performing Broken Authentication Attacks Using Burp Suite
• Course Summary

CompTIA PenTest+ (PT0-003): Cloud-Based & Web Application Attacks

Course: 1 Hour, 53 Minutes

• Course Overview
• Web Application Attacks
• Performing Web Application Attacks Using TruffleHog
• Attacking Web Apps with Burp Suite
• Setting up Zed Attack Proxy (ZAP)
• Performing API Testing Using Postman
• Exploiting SQL Injection Using sqlmap
• Web App Penetration Testing Using DirBuster
• Performing Web Content Discovery Using Wfuzz
• Identifying WordPress Vulnerabilities Using WPScan
• Cloud-Based Attack Types
• Performing an AWS Attack Using Pacu
• Using Docker Bench to Check for Best Practices
• Exploring Security Weaknesses Using Kube-hunter
• Conducting Cloud Security Assessments Using Prowler
• Performing AWS Security Assessments Using ScoutSuite
• Cloud Attacks Using Cloud-native Vendor Tools
• Course Summary

CompTIA PenTest+ (PT0-003): Wireless & Social Engineering Attacks

Course: 1 Hour, 52 Minutes

• Course Overview
• Wireless Attack Types
• Exploiting Windows Proxy Automatic Detection Default Configurations
• Performing a Captive Portal Attack Using WiFi-Pumpkin
• Cracking Wi-Fi Passwords Using Aircrack-ng
• Identifying Network Locations Using Wigle.net
• Finding Rogue Access Points Using inSSIDer
• Detecting and Monitoring Wi-Fi Devices Using Kismet
• Social Engineering Attacks
• Phishing Using the Social Engineering Toolkit (SET)
• Performing Penetration Testing Using Gophish
• Using Evilginx2 for Social Engineering Attacks
• Performing Social Engineering Attacks Using Credential Harvesting
• Utilizing Maltego to Perform Reconnaissance on Targets
• Using Recon-ng to Identify Users on Platforms
• Hacking Web Browsers Using BeEF
• Course Summary

CompTIA PenTest+ (PT0-003): Establishing & Maintaining Persistence

Course: 1 Hour, 25 Minutes

• Course Overview
• Schedule Tasks and Cron Jobs
• Creating New Services
• Creating Persistent Reverse Shells
• Hacking with Bind Shells
• Enabling Domain Persistence
• Internal Persistence Techniques
• Persistence Using Registry Run Keys
• Command and Control (C2) Frameworks
• Backdoor Exploits
• Rootkit Exploits
• Browser Extensions
• Tampering Security Controls
• Course Summary

CompTIA PenTest+ (PT0-003): Moving Laterally Throughout the Environment

Course: 47 Minutes

• Course Overview
• Pivoting Techniques
• Server Message Block (SMB) Relaying
• Enumeration Techniques
• Service Discovery
• Lateral Movement with Windows Management Instrumentation (WMI)
• Lateral Movement with Windows Remote Management (WinRM)
• Tools Used for Lateral Movement
• Course Summary

CompTIA PenTest+ (PT0-003): Staging & Data Exfiltration

Course: 46 Minutes

• Course Overview
• Encryption and Compression
• Data Exfiltration Through Covert Channels
• Email Exfiltration
• Cross-account Resource Access
• Data Exfiltration on Cloud
• Alternate Data Stream Exploitation
• Pastebin Websites
• Virtual Drive Data Exfiltration
• Course Summary

CompTIA PenTest+ (PT0-003): Cleanup & Restoration

Course: 44 Minutes

• Course Overview
• Persistent Mechanism Removal
• Configuration Change Considerations
• User Account and Credential Removal
• Tool Cleanup
• Infrastructure Considerations
• Artifact Preservation
• Destroy Data Securely
• Course Summary

MeasureUp Exam Simulation

Hone your testing skills with MeasureUp Exam Simulation, an advanced tool that gives you a realistic exam experience. Practice with accurately modelled questions that mimic actual exams, allowing you to get used to the structure and pressure. With MeasureUp, you not only prepare for your exam, you also increase your chances of success.

• 221+ questions

Online mentor

The online mentor can answer all your specific technical questions via chat or email related to your studies.
Online Mentor is active for 90 days or 365 days - after activation!

Tips, Tricks & Links

Take advantage of our comprehensive collection of tips, tricks and links designed specifically to support your preparation for certification exams. These resources offer valuable insights and proven strategies to make your studies more effective. Enhance your learning experience and approach your exams with confidence!