دورة كومبتيا اختبار الاختراق +PenTest

Overview

• In this course you will learn the latest pen testing techniques, attack surfaces, vulnerability management, post-delivery, and compliance tasks. The CompTIA PenTest+ certification is a vendor-neutral, internationally targeted validation of intermediate-level penetration testing (or pen testing) knowledge and skills.
• The skills covered by CompTIA PenTest+ help companies comply with regulations, such as PCI-DSS and NIST 800-53 Risk Management Framework (RMF), which require pen tests, vulnerability assessments, and reports. CompTIA PenTest+ is approved under the Department of Defense (DoD) Directive 8140/8570.01-M and under ANSI/ISO standard 17024.

Benefits

• Planning and scoping a penetration testing engagement
• Understanding legal and compliance requirements
• Performing vulnerability scanning and penetration testing using appropriate tools and techniques, and then analyzing the results
• Producing a written report containing proposed remediation techniques, effectively communicating results to the management team, and providing practical recommendations

The Main Topic of the Course

• Module 1: Planning and Scoping
• Module 2: Information Gathering and Vulnerability Scanning
• Module 3: Attacks and Exploits
• Module 4: Reporting and Communication
• Module 5: Tools and Code Analysis

Course Requirements

• 3-4 years of hands-on information security or related experience
• Network+, Security+, or equivalent knowledge

LAB Requirement

• It is recommended to have LAB in this course

Exam requirements

• There are no specific prerequisites required to attend the Exam

Course Outlines and Training Plan

Module 1: Planning and Scoping

• Compare and contrast governance, risk, and compliance concepts.
• Explain the importance of scoping and organizational/customer requirements.
• Given a scenario, demonstrate an ethical hacking mindset by maintaining professionalism and integrity

Module 2: Information Gathering and Vulnerability Scanning

• Given a scenario, perform passive reconnaissance
• Given a scenario, perform active reconnaissance
• Given a scenario, analyze the results of a reconnaissance exercise
• Given a scenario, perform vulnerability scanning

Module 3: Attacks and Exploits

• Given a scenario, research attack vectors and perform network attacks.
• Given a scenario, research attack vectors and perform wireless attacks.
• Given a scenario, research attack vectors and perform application-based attacks
• Given a scenario, research attack vectors and perform attacks on cloud technologies.
• Explain common attacks and vulnerabilities against specialized systems
• Given a scenario, perform a social engineering or physical attack.
• Given a scenario, perform post-exploitation techniques.

Module 4: Reporting and Communication

• Compare and contrast important components of written reports.
• Given a scenario, analyze the findings and recommend the appropriate remediation within a report.
• Explain the importance of communication during the penetration testing process.
• Explain post-report delivery activities.

Module 5: Tools and Code Analysis

• Explain the basic concepts of scripting and software development
• Given a scenario, analyze a script or code sample for use in a penetration test.
• Explain the use cases of the following tools during the phases of a penetration test.