This course prepares experienced IT professionals for the CompTIA PenTest+ certification, focusing on penetration testing skills such as planning, information g...
Buy Now
About This Course
The PenTest+ certification targets professionals with over 10 years of general IT experience, including at least five years in IT security and 3 to 4 years specifically in penetration testing roles.
By completing this course, you will be able to:
Course Design
This course follows a learning progression model designed to maximize knowledge acquisition and skill development aligned with job tasks. The model emphasizes contextual understanding, practice with personalized feedback, real-world application, and proof of skill mastery.
Throughout the course, various activities will help you practice and assess your knowledge. The curriculum is organized into modules and lessons, with quizzes at the end of each module to check comprehension. Many modules also include live lab challenges to test your practical skills.
Note:
© 2025 CompTIA, Inc. All rights reserved. References to any products, services, or methods by name or trademark are for educational purposes only and do not imply endorsement by CompTIA or third parties. CompTIA is not affiliated with any mentioned companies, nor are the advertised products or services endorsed by them.
This course prepares experienced IT professionals for the CompTIA PenTest+ certification, focusing on penetration testing skills such as planning, information g...
Flexible online learning tailored to your lifestyle and goals.
One-on-one mentorship from industry professionals to accelerate your growth.
Create portfolio projects that showcase your expertise to potential employers.
Lesson 1.0 Introduction
1.1 Ethics and Engagement: Professional Responsibilities in Penetration Testing
1.1.1 Introduction to Penetration Testing
1.1.2 Penetration Testing
1.1.3 Ethical, Legal, and Compliance Aspects of Penetration Testing
1.1.4 The Role and Significance of Documentation
1.1.5 Scope and Consent in Penetration Testing
1.1.6 The Importance of a Penetration Test Report
1.1.7 Lesson Recap
0:10:01.2 Effective Collaboration and Communication in Penetration Testing
1.2.1 Overview of Collaboration and Communication in Penetration Testing
1.2.2 Roles and Responsibilities Within a Penetration Testing Team
1.2.3 Effective Communication with Clients and Team Members
1.2.4 Importance of Peer Review
1.2.5 Stakeholder Alignment and Timeline Management in Penetration Testing
1.2.6 Root Cause Analysis: Uncovering and Addressing Underlying Security Weaknesses
1.2.7 Escalation Path for Communications in Penetration Testing
1.2.8 Secure Handling and Storage of Penetration Test Reports
1.2.9 Understanding and Communicating Risk, Severity, and Impact
1.2.10 Goal Reprioritization in Penetration Testing
1.2.11 Business Impact Analysis
1.2.12 Client Acceptance in Penetration Testing
1.2.13 Lesson Recap
0:15:01.3 Structured Testing Frameworks and Techniques
1.3.1 Overview of Penetration Testing Frameworks and Methodologies
1.3.2 Open Source Security Testing Methodology Manual (OSSTMM)
1.3.3 Overview of the Council of Registered Ethical Security Testers (CREST)
1.3.4 Understanding PTES: A Process-Based Penetration Testing Framework
1.3.5 MITRE ATT&CK Framework
1.3.5 MITRE ATT&CK Framework
1.3.6 The OWASP Top 10: Enhancing Web Application Security
1.3.7 The OWASP Mobile Application Security Verification Standard (MASVS)
1.3.8 Understanding the Purdue Enterprise Reference Architecture (PERA)
1.3.9 Structured Approaches to Threat Modeling
1.3.9 Structured Approaches to Threat Modeling
1.3.10 Lesson Recap
0:10:01.4 Penetration Testing: An Introduction to Scripting
1.4 Penetration Testing: An Introduction to Scripting
1.4.1 Scripting Languages in Penetration Testing
1.4.2 Bash Shell and Bash Scripting
1.4.3 Python Programming Language
1.4.4 PowerShell
1.4.5 Libraries, Functions, and Classes
1.4.6 Logic Constructs
1.4.6 Lesson Recap
0:10:01.5 Module Quiz
0:30:02.0 Introduction
2.1 Scoping and Planning Pre-Engagement Activities
2.1.1 Regulatory Compliance, Frameworks, and Industry Standards
2.1.2 The Importance of Rules of Engagement
2.1.2 Agreement Types
2.1.4 Target Selection for Penetration Testing
2.1.5 Lesson Recap
0:15:02.2 Comparing Different Assessment Methods
2.2.1 An Overview of Assessment Types
2.2.2 The Importance of Web Assessments
2.2.3 Network Assessments: Evaluating Network Security
2.2.4 Mobile Assessments: Ensuring Security of Mobile Applications
2.2.5 Cloud Assessment: Ensuring Security in Cloud Environments
2.2.6 Importance of Wireless Assessments
2.2.7 Penetration Testing for IoT Devices
2.2.8 Comparing Information Technology and Operational Technology
2.2.9 Lesson Recap
0:10:02.3 Applying the Shared Responsibility Framework
2.3.1 An Overview of the Shared Responsibility Model
2.3.2 The Responsibilities of a Hosting Provider
2.3.3 Customer Responsibilities in Securing Applications and Data
2.3.4 The Role of Penetration Testers
2.3.5 Third-party Vendor Responsibilities
2.3.6 Lesson Recap
0:10:02.4 Identifying Legal and Ethical Challenges
2.4.1 Authorization Letter for Penetration Testing
2.4.2 Mandatory Reporting Requirements
2.4.3 PenTester Risk Factors
2.4.5 Pre-Engagement Activity Documentation
2.4.5 Lesson Recap
0:10:02.5 Module Quiz
0:30:03.0 Introduction
3.1 The Importance of Information Gathering Techniques
3.1.1 Approaches to Active and Passive Reconnaissance
3.1.2 Reconnaissance Tools
3.1.3 Understanding Open-Source Intelligence (OSINT)
3.1.4 Exploring Shodan
3.1.5 Previously Compromised Password Lists
3.1.6 Reconnaissance Phase in Network Penetration Testing
3.1.7 Network Reconnaissance
3.1.8 Network Scanning Basics
3.1.9 Certificate Transparency and Digital Certificate Analysis
3.1.10 Certificate Transparency Logs
3.1.11 Information Disclosure Vulnerabilities
3.1.12 Search Engine Reconnaissance and Enumeration
3.1.13 Sniffing: Understanding Network Traffic
3.1.14 Network Sniffing
3.1.15 Data Manipulation
3.1.16 Lesson Recap
0:15:03.2 Methods for Discovering Hosts and Services
3.2.1 Enumeration in Network Security
3.2.2 Identifying Hosts
3.2.3 Host Discovery
3.2.4 Enhancing Nmap Scans with Scripts
3.2.5 Identifying Services Through Banner Grabbing
3.2.6 Understanding IP Protocols
3.2.7 Discovering Network Services
3.2.8 Service Discovery
3.2.9 DNS Reconnaissance
3.2.10 Operating System Detection
3.2.11 Operating System (OS) Fingerprinting
3.2.12 Lesson Recap
0:10:03.0 Enumeration for Attack Planning
3.3.1 Attack Path Mapping
3.3.2 Manual Enumeration
3.3.3 Simple Network Management Protocol (SNMP)
3.3.4 Recording Enumeration Activities
3.3.5 Lesson Recap
0:10:03.4 Targeted Enumeration of Specific Assets
3.4.1 Directory Enumeration
3.4.2 Directory Enumeration
3.4.3 Techniques for User Account Enumeration
3.4.4 User Enumeration
3.4.5 Discovering Available Wireless Networks
3.4.6 Permission Enumeration
3.4.7 Secrets Enumeration
3.4.8 Network Share Enumeration
3.4.9 Identifying and Analyzing Web Application Firewalls
3.4.10 Assessing Vulnerabilities in Industrial Control Systems
3.4.11 Exploring Web Crawling and HTML Scraping Techniques
3.4.12 Lesson Recap
0:10:03.5 Module Quiz
0:30:04.0 Introduction
4.1 Vulnerability Identification Strategies
4.1.1 Essential Tools for Identifying Vulnerabilities
4.1.2 Classification of Scans
4.1.3 Container Scans
4.1.4 Container Scans
4.1.5 Application Scans
4.1.6 Network Vulnerability Scans
4.1.7 Host-Based Vulnerability Scanning
4.1.8 Host-Based Scans
4.1.9 Secrets Scanning
4.1.10 Wireless Networking Security
4.1.11 Verifying Scan, Reconnaissance, and Enumeration Findings
4.1.12 Lesson Recap
0:20:04.2 Analyzing Reconnaissance, Scanning, and Enumeration Data
4.2.1 Public Exploit Identification and Selection
4.2.2 Utilize Scripting for Results Validation
4.2.3 Lesson Recap
0:10:04.3 Core Concepts in Physical Security
4.3.1 Tailgating
4.3.2 Assessing Physical Security
4.3.3 The Danger of USB Drop Key Attacks
4.3.4 Access Badge Duplication
4.3.5 Understanding Locks in Penetration Testing
4.3.6 Documenting Vulnerability Scanning
4.3.7 Lesson Recap
0:10:04.4 Module Quiz
0:30:05.0 Introduction
5.1 Planning and Prioritizing Targeted Attacks
5.1.1 Strategically Prioritizing Pentest Targets
5.1.2 Identifying High-Value Assets (HVAs)
5.1.3 Understanding Vulnerability Descriptors and Risk Metrics
5.1.4 Identifying and Addressing End-of-Life (EOL) Software and Systems
5.1.5 Risks and Considerations of Default Configurations
5.1.6 Understanding and Assessing Running Services
5.1.7 Common Vulnerable Encryption Methods
5.1.8 Assessing Defensive Capabilities
5.1.9 Selecting the Right Security Capabilities
5.1.10 Exploit Selection and Customization
5.1.11 Exploit Selection and Customization
5.1.12 Pre-Attack Documentation and Planning
5.1.13 Dependency Analysis and Vulnerability Assessment
5.1.14 Understanding and Managing Scope Limitations
5.1.15 Lesson Recap
0:15:05.2 Scripting for Automation in Penetration Testing
5.2.1 Introduction to Scripting
5.2.2 PowerShell Overview
5.2.3 Bash Overview
5.2.4 Python Overview
5.2.5 Breach and Attack Simulation (BAS)
5.3 Module Quiz
0:35:06.0 Introduction
6.1 Web-based Attacks
6.1.2 Common Categories of Web Application Exploits
6.1.3 Essential Tools for Conducting Web Application Attacks
6.1.4 Brute-Force Attack
6.1.5 Understanding Brute-Force Attacks
6.1.6 What Is a Collision Attack?
6.1.7 Understanding Directory Traversal Attacks
6.1.8 What Are Request Forgery Attacks?
6.1.9 Deserialization Attack
6.1.10 What Are Injection Attacks?
6.1.11 Insecure Direct Object Reference (IDOR)
6.1.12 Injection Attacks
6.1.13 Session Hijacking
6.1.14 Arbitrary Code Execution (ACE)
6.1.15 File Inclusion Vulnerabilities
6.1.16 API Abuse
6.1.17 JSON Web Token (JWT) Manipulation
6.1.18 Lesson Recap
0:15:06.2 Cloud-based Attacks
6.2.1 Overview of Cloud-Based Attacks
6.2.2 Common Types of Cloud-Based Attacks
6.2.3 Tools Commonly Used for Cloud-Based Attacks
6.2.4 Attacks Targeting Cloud Metadata Services
6.2.5 Risks of Access Management Misconfigurations in the Cloud
6.2.6 Security Considerations for Third-Party Integrations in Cloud Environments
6.2.7 Risks and Impacts of Resource Misconfiguration in the Cloud
6.2.8 Risks of Sensitive Data Exposure Through Logging
6.2.9 Risks of Image and Artifact Tampering in Software Development
6.2.10 Understanding and Mitigating Supply Chain Attacks
6.2.11 Understanding Workload Runtime Attacks and Their Impact
6.2.12 Container Escape: Breaking Out of Isolation
6.2.13 Trust Relationship Abuse: Exploiting Trusted Connections
6.2.14 Lesson Recap
0:10:06.3 Module Quiz
0:35:07.0 Introductions
7.1 Performing Network Attacks: Understanding the Process
7.1.1 Common Types of Network Attacks
7.1.2 Tools Commonly Used for Performing Network Attacks
7.1.3 Understanding Default Credentials
7.1.4 On-Path Attack (Man-in-the-Middle)
7.1.5 Certificate Services
7.1.6 Exploiting Misconfigured Services
7.1.7 Virtual Local Area Network (VLAN) Hopping
7.1.8 Multihomed Hosts
7.1.9 Relay Attack
7.1.10 Intrusion Detection System (IDS) evasion
7.1 Lesson Recap
0:15:07.2 Conducting Authentication Attacks
7.2.1 Types of Authentication Attacks
7.2.2 Tools Used for Executing Authentication Attacks
7.2.3 Multifactor Authentication (MFA) Fatigue
7.2.4 Pass-the-Hash Attack Techniques
7.2.5 Pass-the-Hash Attacks
7.2.6 Pass-the-Ticket Attack Techniques
7.2.7 Pass-the-Token Attack Techniques
7.2.8 Kerberos-Based Attack Techniques
7.2.9 LDAP Injection Attacks
7.2.10 Dictionary Attack Techniques
7.2.11 Brute-Force Attack Techniques
7.2.12 Mask Attack Techniques
7.2.13 Mask Attacks
7.2.14 Understanding Password Spraying Attacks
7.2.15 Understanding Credential Stuffing Attacks
7.2.16 OpenID Connect (OIDC) Security Risks and Attacks
7.2.17 Security Assertion Markup Language (SAML)
7.2.18 Lesson Recap
0:15:07.3 Perform Host-Based Attacks
7.3.1 Perform Host-Based Attacks
7.3.2 Tools for Performing Host-Based Attacks
7.3.3 Privilege Escalation
7.3.4 Credential Extraction from System Components
7.3.5 Credential Dumping
7.3.6 Evading Detection: Circumventing Security Tools
7.3.7 Improperly Configured Endpoints
7.3.8 Techniques for Payload Obfuscation
7.3.9 Payload Obfuscation
7.3.10 Bypassing User-Controlled Access Restrictions
7.3.11 Breaking Out of Restricted Shell Environments (Shell Escape)
7.3.12 Escaping Kiosk Mode
7.3.13 Injection via Libraries
7.3.14 Process Hollowing and Code Injection
7.3.15 Manipulating and Concealing Log Data
7.3.16 Log Tampering
7.3.17 Exploiting Unquoted Service Paths for Code Injection
7.3.18 Recording and Reporting Enterprise Attacks
7.3.19 Lesson Recap
0:20:07.5 Module Quiz
0:35:08.0 Introductions
8.1 Wireless Attack Techniques and Exam Objectives
8.1.1 Common Wireless Attack Types and Risks
8.1.2 Tools Used to Conduct Wireless Attacks
8.1.3 Wardriving
8.1.4 Bluetooth Attacks
8.1.5 Evil Twin Attack
8.1.6 Signal Jamming
8.1.7 Protocol Fuzzing
8.1.8 Protocol Exploitation Through Packet Crafting
8.1.9 Deauthentication Attacks: Forcing Reconnection to Capture WPA/WPA2 Handshakes
8.1.10 Deauthentication
8.1.11 Captive Portal Exploitation: Bypassing Access Restrictions in Wireless Networks
8.1.12 Exploiting WPS: PIN-Based Attacks on Wi-Fi Networks
8.1.13 Lesson Recap
0:15:08.2 Hacking the Human: Real-World Social Engineering Techniques
8.2.1 Social Engineering Tactics
8.2.2 Tools for Performing Social Engineering Attacks
8.2.3 Tools for Performing Social Engineering Attacks
8.2.4 Phishing, Spear Phishing, Whaling, and Smishing Explained
8.2.5 Social Engineering for Intelligence Collection
8.2.6 Watering Hole Exploits in Social Engineering
8.2.7 Credential Collection Methods
8.2.8 Lesson Recap
0:10:08.3 Specialized System Attacks
8.3.1 Common Threats to Specialized Systems: AI, OT, NFC, RFID & Bluetooth
8.3.2 Tools Used to Exploit Specialized Systems
8.3.3 Mobile Threats and Attack Vectors
8.3.4 Threats and Attacks on Artificial Intelligence Systems
8.3.5 Protecting Operational Technology Systems
8.3.6 Securing RFID and NFC Technologies
8.3.7 Understanding Bluejacking Attacks
8.3.8 Specialized Penetration Testing: Techniques and Execution
8.3.9 Lesson Recap
0:10:08.4 Chapter Review
0:35:09.0 Introductions
9.1 Securing and Preserving Persistent Control
9.1.1 Principles of Gaining and Sustaining Persistence
9.1.2 Using Scheduled Tasks and Cron Jobs for Persistence
9.1.3 Scheduled Tasks/cron Jobs
9.1.4 Creating Services for Persistent Access
9.1.5 Shell Connections: Reverse and Bind Explained
9.1.6 Adding New Accounts to Maintain Access
9.1.7 Gaining Valid Account Credentials
9.1.8 Registry Key Management
9.1.9 Understanding Command and Control Frameworks
9.1.10 Unauthorized Access Backdoors
9.1.11 Rootkit
9.1.12 Vector for Exploits and Persistence
9.1.13 Tampering Security Controls:
9.1.14 Lesson Recap
0:10:09.2 Performing Lateral Movement Across Network Systems
9.2.1 Lateral and Horizontal Movement Techniques
9.2.2 Strategies for Lateral Movement in Network Environments
9.2.3 Tools to Facilitate Lateral Network Movement
9.2.4 Network Pivoting Techniques
9.2.5 Building Relay Connections for Network Access
9.2.6 Enumerating Targets for Vulnerability Assessment
9.2.7 Techniques for Discovering Network Services
9.2.8 WMI in Penetration Testing and System Administration
9.2.9 Windows Remote Management (WinRM): Overview and Uses
9.2.10 Lesson Recap
0:10:09.3 Strategies for Data Staging and Covert Exfiltration
9.3.1 Introduction to Staging and Exfiltration Fundamentals
9.3.2 Accessing Data on the Target
9.3.3 Alternate Data Streams: Concealing and Storing Data
9.3.4 Alternate Data Streams
9.3.5 Lesson Recap
0:10:09.4 Cleanup Procedures and Network Restoration
9.4.1 Cleanup and Restoration Processes
9.4.2 Penetration Testing Task Documentation
9.4.3 Lesson Recap
0:10:09.5 Module Quiz
0:35:010.1 Core Components of a Penetration Testing Report
10.1.1 Developing the Penetration Test Report
10.1.2 Guidelines for Effective Reporting
10.1.3 Breakdown of Report Components and Terms
10.1.4 Documentation Requirements and Format Consistency
10.1.5 Risk Assessment and Scoring
10.1.6 Test Parameters and Assumptions
10.1.7 Lesson Recap
0:10:010.2 Analyzing Results and Suggesting Remediation
10.2.1 Overview of Findings Analysis and Recommendation Development
10.2.2 Analyzing Findings and Developing Recommendations Overview
10.2.3 Implementation of Technical Controls
10.2.4 Administrative Controls
10.2.5 Operational Control
10.2.6 Physical Access Controls
10.2.7 Lesson Recap
0:10:010.3 Module Quiz
0:35:0A.0 Introduction
A1: Get Ready for the CompTIA PenTest+ Certification Exam
A.1.1 What Are the Benefits of Earning a Certification?
A.1.2 PenTest+ (PT0-003) Exam Overview
A.1.3 Certification Exam: How to Get Started
A.1.4 Key Pointers for a Smooth Exam Experience
A.2 Practice Test
A.2.1 Practice Test 1: Managing Engagement
0:35:0A.2.2 Practice Test 2: Reconnaissance & Enumeration Techniques
0:35:0A.2.3 Practice Test 3: Finding and Analyzing Vulnerabilities
0:35:0A.2.4 Practice Test 4: Offensive Techniques and Exploits
0:35:0A.2.5 Practice Test 5: Post-Exploitation Techniques and Lateral Movement
1:0:0A.2.6 PenTest+ PT0-003 Exam Practice
2:45:0FAQ area empty
