This course prepares experienced IT professionals for the CompTIA PenTest+ certification, focusing on penetration testing skills such as planning, information g...
About This Course
The PenTest+ certification targets professionals with over 10 years of general IT experience, including at least five years in IT security and 3 to 4 years specifically in penetration testing roles.
By completing this course, you will be able to:
Course Design
This course follows a learning progression model designed to maximize knowledge acquisition and skill development aligned with job tasks. The model emphasizes contextual understanding, practice with personalized feedback, real-world application, and proof of skill mastery.
Throughout the course, various activities will help you practice and assess your knowledge. The curriculum is organized into modules and lessons, with quizzes at the end of each module to check comprehension. Many modules also include live lab challenges to test your practical skills.
Note:
© 2025 CompTIA, Inc. All rights reserved. References to any products, services, or methods by name or trademark are for educational purposes only and do not imply endorsement by CompTIA or third parties. CompTIA is not affiliated with any mentioned companies, nor are the advertised products or services endorsed by them.
FAQ area empty
- Lesson 1.0 Introduction
- 1.1 Ethics and Engagement: Professional Responsibilities in Penetration Testing
- 1.1.1 Introduction to Penetration Testing
- 1.1.2 Penetration Testing
- 1.1.3 Ethical, Legal, and Compliance Aspects of Penetration Testing
- 1.1.4 The Role and Significance of Documentation
- 1.1.5 Scope and Consent in Penetration Testing
- 1.1.6 The Importance of a Penetration Test Report
- 1.1.7 Lesson Recap
0:10:0- Mini-Project: Scoping the Rules of Engagement
- 1.2 Effective Collaboration and Communication in Penetration Testing
- 1.2.1 Overview of Collaboration and Communication in Penetration Testing
- 1.2.2 Roles and Responsibilities Within a Penetration Testing Team
- 1.2.3 Effective Communication with Clients and Team Members
- 1.2.4 Importance of Peer Review
- 1.2.5 Stakeholder Alignment and Timeline Management in Penetration Testing
- 1.2.6 Root Cause Analysis: Uncovering and Addressing Underlying Security Weaknesses
- 1.2.7 Escalation Path for Communications in Penetration Testing
- 1.2.8 Secure Handling and Storage of Penetration Test Reports
- 1.2.9 Understanding and Communicating Risk, Severity, and Impact
- 1.2.10 Goal Reprioritization in Penetration Testing
- 1.2.11 Business Impact Analysis
- 1.2.12 Client Acceptance in Penetration Testing
- 1.2.13 Lesson Recap
0:15:0- Mini-Project: Handling a Critical Mid-Test Finding
- 1.3 Structured Testing Frameworks and Techniques
- 1.3.1 Overview of Penetration Testing Frameworks and Methodologies
- 1.3.2 Open Source Security Testing Methodology Manual (OSSTMM)
- 1.3.3 Overview of the Council of Registered Ethical Security Testers (CREST)
- 1.3.4 Understanding PTES: A Process-Based Penetration Testing Framework
- 1.3.5 MITRE ATT&CK Framework
- 1.3.5 MITRE ATT&CK Framework
- 1.3.6 The OWASP Top 10: Enhancing Web Application Security
- 1.3.7 The OWASP Mobile Application Security Verification Standard (MASVS)
- 1.3.8 Understanding the Purdue Enterprise Reference Architecture (PERA)
- 1.3.9 Structured Approaches to Threat Modeling
- 1.3.9 Structured Approaches to Threat Modeling
- Mini-Project: Choosing the Right Framework for the Test
- 1.3.10 Lesson Recap
0:10:0- 1.4 Penetration Testing: An Introduction to Scripting
- 1.4 Penetration Testing: An Introduction to Scripting
- 1.4.1 Scripting Languages in Penetration Testing
- 1.4.2 Bash Shell and Bash Scripting
- 1.4.3 Python Programming Language
- 1.4.4 PowerShell
- 1.4.5 Libraries, Functions, and Classes
- 1.4.6 Logic Constructs
- 1.4.6 Lesson Recap
0:10:0- Mini-Project: Planning Automation Scripts
- 1.5 Module Quiz
0:30:0- 2.0 Introduction
- 2.1 Scoping and Planning Pre-Engagement Activities
- 2.1.1 Regulatory Compliance, Frameworks, and Industry Standards
- 2.1.2 The Importance of Rules of Engagement
- 2.1.2 Agreement Types
- 2.1.4 Target Selection for Penetration Testing
- 2.1.5 Lesson Recap
0:15:0- Mini-Project: Drafting the Rules of Engagement
- 2.2 Comparing Different Assessment Methods
- 2.2.1 An Overview of Assessment Types
- 2.2.2 The Importance of Web Assessments
- 2.2.3 Network Assessments: Evaluating Network Security
- 2.2.4 Mobile Assessments: Ensuring Security of Mobile Applications
- 2.2.5 Cloud Assessment: Ensuring Security in Cloud Environments
- 2.2.6 Importance of Wireless Assessments
- 2.2.7 Penetration Testing for IoT Devices
- 2.2.8 Comparing Information Technology and Operational Technology
- 2.2.9 Lesson Recap
0:10:0- Mini-Project: Matching the Assessment to the Target
- 2.3 Applying the Shared Responsibility Framework
- 2.3.1 An Overview of the Shared Responsibility Model
- 2.3.2 The Responsibilities of a Hosting Provider
- 2.3.3 Customer Responsibilities in Securing Applications and Data
- 2.3.4 The Role of Penetration Testers
- 2.3.5 Third-party Vendor Responsibilities
- 2.3.6 Lesson Recap
0:10:0- Mini-Project: Scoping a Cloud Penetration Test
- 2.4 Identifying Legal and Ethical Challenges
- 2.4.1 Authorization Letter for Penetration Testing
- 2.4.2 Mandatory Reporting Requirements
- 2.4.3 PenTester Risk Factors
- 2.4.5 Pre-Engagement Activity Documentation
- 2.4.5 Lesson Recap
0:10:0- Mini-Project: Handling a High-Stakes Discovery
- 2.5 Module Quiz
0:30:0- 3.0 Introduction
- 3.1 The Importance of Information Gathering Techniques
- 3.1.1 Approaches to Active and Passive Reconnaissance
- 3.1.2 Reconnaissance Tools
- 3.1.3 Understanding Open-Source Intelligence (OSINT)
- 3.1.4 Exploring Shodan
- 3.1.5 Previously Compromised Password Lists
- 3.1.6 Reconnaissance Phase in Network Penetration Testing
- 3.1.7 Network Reconnaissance
- 3.1.8 Network Scanning Basics
- 3.1.9 Certificate Transparency and Digital Certificate Analysis
- 3.1.10 Certificate Transparency Logs
- 3.1.11 Information Disclosure Vulnerabilities
- 3.1.12 Search Engine Reconnaissance and Enumeration
- 3.1.13 Sniffing: Understanding Network Traffic
- 3.1.14 Network Sniffing
- 3.1.15 Data Manipulation
- 3.1.16 Lesson Recap
0:15:0- Mini-Project: Profiling a Target with Reconnaissance
- 3.2 Methods for Discovering Hosts and Services
- 3.2.1 Enumeration in Network Security
- 3.2.2 Identifying Hosts
- 3.2.3 Host Discovery
- 3.2.4 Enhancing Nmap Scans with Scripts
- 3.2.5 Identifying Services Through Banner Grabbing
- 3.2.6 Understanding IP Protocols
- 3.2.7 Discovering Network Services
- 3.2.8 Service Discovery
- 3.2.9 DNS Reconnaissance
- 3.2.10 Operating System Detection
- 3.2.11 Operating System (OS) Fingerprinting
- 3.2.12 Lesson Recap
0:10:0- Mini-Project: Enumerating a Target Network
- 3.0 Enumeration for Attack Planning
- 3.3.1 Attack Path Mapping
- 3.3.2 Manual Enumeration
- 3.3.3 Simple Network Management Protocol (SNMP)
- 3.3.4 Recording Enumeration Activities
- 3.3.5 Lesson Recap
0:10:0- Mini-Project: From Enumeration to Attack Path
- 3.4 Targeted Enumeration of Specific Assets
- 3.4.1 Directory Enumeration
- 3.4.2 Directory Enumeration
- 3.4.3 Techniques for User Account Enumeration
- 3.4.4 User Enumeration
- 3.4.5 Discovering Available Wireless Networks
- 3.4.6 Permission Enumeration
- 3.4.7 Secrets Enumeration
- 3.4.8 Network Share Enumeration
- 3.4.9 Identifying and Analyzing Web Application Firewalls
- 3.4.10 Assessing Vulnerabilities in Industrial Control Systems
- 3.4.11 Exploring Web Crawling and HTML Scraping Techniques
- 3.4.12 Lesson Recap
0:10:0- Mini-Project: Deep-Dive Enumeration of a Web Server
- 3.5 Module Quiz
0:30:0- 4.0 Introduction
- 4.1 Vulnerability Identification Strategies
- 4.1.1 Essential Tools for Identifying Vulnerabilities
- 4.1.2 Classification of Scans
- 4.1.3 Container Scans
- 4.1.4 Container Scans
- 4.1.5 Application Scans
- 4.1.6 Network Vulnerability Scans
- 4.1.7 Host-Based Vulnerability Scanning
- 4.1.8 Host-Based Scans
- 4.1.9 Secrets Scanning
- 4.1.10 Wireless Networking Security
- 4.1.11 Verifying Scan, Reconnaissance, and Enumeration Findings
- 4.1.12 Lesson Recap
0:20:0- Mini-Project: Planning and Verifying a Vulnerability Scan
- 4.2 Analyzing Reconnaissance, Scanning, and Enumeration Data
- 4.2.1 Public Exploit Identification and Selection
- 4.2.2 Utilize Scripting for Results Validation
- 4.2.3 Lesson Recap
0:10:0- Mini-Project: From Vulnerability Scan to Exploit Plan
- 4.3 Core Concepts in Physical Security
- 4.3.1 Tailgating
- 4.3.2 Assessing Physical Security
- 4.3.3 The Danger of USB Drop Key Attacks
- 4.3.4 Access Badge Duplication
- 4.3.5 Understanding Locks in Penetration Testing
- 4.3.6 Documenting Vulnerability Scanning
- 4.3.7 Lesson Recap
0:10:0- Mini-Project: Planning a Physical Penetration Test
- 4.4 Module Quiz
0:30:0- 5.0 Introduction
- 5.1 Planning and Prioritizing Targeted Attacks
- 5.1.1 Strategically Prioritizing Pentest Targets
- 5.1.2 Identifying High-Value Assets (HVAs)
- 5.1.3 Understanding Vulnerability Descriptors and Risk Metrics
- 5.1.4 Identifying and Addressing End-of-Life (EOL) Software and Systems
- 5.1.5 Risks and Considerations of Default Configurations
- 5.1.6 Understanding and Assessing Running Services
- 5.1.7 Common Vulnerable Encryption Methods
- 5.1.8 Assessing Defensive Capabilities
- 5.1.9 Selecting the Right Security Capabilities
- 5.1.10 Exploit Selection and Customization
- 5.1.11 Exploit Selection and Customization
- 5.1.12 Pre-Attack Documentation and Planning
- 5.1.13 Dependency Analysis and Vulnerability Assessment
- 5.1.14 Understanding and Managing Scope Limitations
- 5.1.15 Lesson Recap
0:15:0- Mini-Project: Developing an Exploit Prioritization Plan
- 5.2 Scripting for Automation in Penetration Testing
- 5.2.1 Introduction to Scripting
- 5.2.2 PowerShell Overview
- 5.2.3 Bash Overview
- 5.2.4 Python Overview
- 5.2.5 Breach and Attack Simulation (BAS)
- Mini-Project: Choosing and Modifying an Exploit Script
- 5.3 Module Quiz
0:35:0- 6.0 Introduction
- 6.1 Web-based Attacks
- 6.1.2 Common Categories of Web Application Exploits
- 6.1.3 Essential Tools for Conducting Web Application Attacks
- 6.1.4 Brute-Force Attack
- 6.1.5 Understanding Brute-Force Attacks
- 6.1.6 What Is a Collision Attack?
- 6.1.7 Understanding Directory Traversal Attacks
- 6.1.8 What Are Request Forgery Attacks?
- 6.1.9 Deserialization Attack
- 6.1.10 What Are Injection Attacks?
- 6.1.11 Insecure Direct Object Reference (IDOR)
- 6.1.12 Injection Attacks
- 6.1.13 Session Hijacking
- 6.1.14 Arbitrary Code Execution (ACE)
- 6.1.15 File Inclusion Vulnerabilities
- 6.1.16 API Abuse
- 6.1.17 JSON Web Token (JWT) Manipulation
- 6.1.18 Lesson Recap
0:15:0- Mini-Project: Classifying Web Application Attacks
- 6.2 Cloud-based Attacks
- 6.2.1 Overview of Cloud-Based Attacks
- 6.2.2 Common Types of Cloud-Based Attacks
- 6.2.3 Tools Commonly Used for Cloud-Based Attacks
- 6.2.4 Attacks Targeting Cloud Metadata Services
- 6.2.5 Risks of Access Management Misconfigurations in the Cloud
- 6.2.6 Security Considerations for Third-Party Integrations in Cloud Environments
- 6.2.7 Risks and Impacts of Resource Misconfiguration in the Cloud
- 6.2.8 Risks of Sensitive Data Exposure Through Logging
- 6.2.9 Risks of Image and Artifact Tampering in Software Development
- 6.2.10 Understanding and Mitigating Supply Chain Attacks
- 6.2.11 Understanding Workload Runtime Attacks and Their Impact
- 6.2.12 Container Escape: Breaking Out of Isolation
- 6.2.13 Trust Relationship Abuse: Exploiting Trusted Connections
- 6.2.14 Lesson Recap
0:10:0- Mini-Project: Identifying Cloud Security Vulnerabilities
- 6.3 Module Quiz
0:35:0- 7.0 Introductions
- 7.1 Performing Network Attacks: Understanding the Process
- 7.1.1 Common Types of Network Attacks
- 7.1.2 Tools Commonly Used for Performing Network Attacks
- 7.1.3 Understanding Default Credentials
- 7.1.4 On-Path Attack (Man-in-the-Middle)
- 7.1.5 Certificate Services
- 7.1.6 Exploiting Misconfigured Services
- 7.1.7 Virtual Local Area Network (VLAN) Hopping
- 7.1.8 Multihomed Hosts
- 7.1.9 Relay Attack
- 7.1.10 Intrusion Detection System (IDS) evasion
- 7.1 Lesson Recap
0:15:0- Mini-Project: Identifying Internal Network Attack Vectors
- 7.2 Conducting Authentication Attacks
- 7.2.1 Types of Authentication Attacks
- 7.2.2 Tools Used for Executing Authentication Attacks
- 7.2.3 Multifactor Authentication (MFA) Fatigue
- 7.2.4 Pass-the-Hash Attack Techniques
- 7.2.5 Pass-the-Hash Attacks
- 7.2.6 Pass-the-Ticket Attack Techniques
- 7.2.7 Pass-the-Token Attack Techniques
- 7.2.8 Kerberos-Based Attack Techniques
- 7.2.9 LDAP Injection Attacks
- 7.2.10 Dictionary Attack Techniques
- 7.2.11 Brute-Force Attack Techniques
- 7.2.12 Mask Attack Techniques
- 7.2.13 Mask Attacks
- 7.2.14 Understanding Password Spraying Attacks
- 7.2.15 Understanding Credential Stuffing Attacks
- 7.2.16 OpenID Connect (OIDC) Security Risks and Attacks
- 7.2.17 Security Assertion Markup Language (SAML)
- 7.2.18 Lesson Recap
0:15:0- Mini-Project: Planning Lateral Movement with Authentication Attacks
- 7.3 Perform Host-Based Attacks
- 7.3.1 Perform Host-Based Attacks
- 7.3.2 Tools for Performing Host-Based Attacks
- 7.3.3 Privilege Escalation
- 7.3.4 Credential Extraction from System Components
- 7.3.5 Credential Dumping
- 7.3.6 Evading Detection: Circumventing Security Tools
- 7.3.7 Improperly Configured Endpoints
- 7.3.8 Techniques for Payload Obfuscation
- 7.3.9 Payload Obfuscation
- 7.3.10 Bypassing User-Controlled Access Restrictions
- 7.3.11 Breaking Out of Restricted Shell Environments (Shell Escape)
- 7.3.12 Escaping Kiosk Mode
- 7.3.13 Injection via Libraries
- 7.3.14 Process Hollowing and Code Injection
- 7.3.15 Manipulating and Concealing Log Data
- 7.3.16 Log Tampering
- 7.3.17 Exploiting Unquoted Service Paths for Code Injection
- 7.3.18 Recording and Reporting Enterprise Attacks
- 7.3.19 Lesson Recap
0:20:0- Mini-Project: Planning Post-Exploitation on a Compromised Host
- 7.5 Module Quiz
0:35:0- 8.0 Introductions
- 8.1 Wireless Attack Techniques and Exam Objectives
- 8.1.1 Common Wireless Attack Types and Risks
- 8.1.2 Tools Used to Conduct Wireless Attacks
- 8.1.3 Wardriving
- 8.1.4 Bluetooth Attacks
- 8.1.5 Evil Twin Attack
- 8.1.6 Signal Jamming
- 8.1.7 Protocol Fuzzing
- 8.1.8 Protocol Exploitation Through Packet Crafting
- 8.1.9 Deauthentication Attacks: Forcing Reconnection to Capture WPA/WPA2 Handshakes
- 8.1.10 Deauthentication
- 8.1.11 Captive Portal Exploitation: Bypassing Access Restrictions in Wireless Networks
- 8.1.12 Exploiting WPS: PIN-Based Attacks on Wi-Fi Networks
- 8.1.13 Lesson Recap
0:15:0- Mini-Project: Planning a Wireless Network Penetration Test
- 8.2 Hacking the Human: Real-World Social Engineering Techniques
- 8.2.1 Social Engineering Tactics
- 8.2.2 Tools for Performing Social Engineering Attacks
- 8.2.3 Tools for Performing Social Engineering Attacks
- 8.2.4 Phishing, Spear Phishing, Whaling, and Smishing Explained
- 8.2.5 Social Engineering for Intelligence Collection
- 8.2.6 Watering Hole Exploits in Social Engineering
- 8.2.7 Credential Collection Methods
- 8.2.8 Lesson Recap
0:10:0- Mini-Project: Planning a Social Engineering Campaign
- 8.3 Specialized System Attacks
- 8.3.1 Common Threats to Specialized Systems: AI, OT, NFC, RFID & Bluetooth
- 8.3.2 Tools Used to Exploit Specialized Systems
- 8.3.3 Mobile Threats and Attack Vectors
- 8.3.4 Threats and Attacks on Artificial Intelligence Systems
- 8.3.5 Protecting Operational Technology Systems
- 8.3.6 Securing RFID and NFC Technologies
- 8.3.7 Understanding Bluejacking Attacks
- 8.3.8 Specialized Penetration Testing: Techniques and Execution
- 8.3.9 Lesson Recap
0:10:0- Mini-Project: Threat Modeling for Specialized Systems
- 8.4 Chapter Review
0:35:0- 9.0 Introductions
- 9.1 Securing and Preserving Persistent Control
- 9.1.1 Principles of Gaining and Sustaining Persistence
- 9.1.2 Using Scheduled Tasks and Cron Jobs for Persistence
- 9.1.3 Scheduled Tasks/cron Jobs
- 9.1.4 Creating Services for Persistent Access
- 9.1.5 Shell Connections: Reverse and Bind Explained
- 9.1.6 Adding New Accounts to Maintain Access
- 9.1.7 Gaining Valid Account Credentials
- 9.1.8 Registry Key Management
- 9.1.9 Understanding Command and Control Frameworks
- 9.1.10 Unauthorized Access Backdoors
- 9.1.11 Rootkit
- 9.1.12 Vector for Exploits and Persistence
- 9.1.13 Tampering Security Controls:
- 9.1.14 Lesson Recap
0:10:0- Mini-Project: Planning Post-Exploitation Persistence
- 9.2 Performing Lateral Movement Across Network Systems
- 9.2.1 Lateral and Horizontal Movement Techniques
- 9.2.2 Strategies for Lateral Movement in Network Environments
- 9.2.3 Tools to Facilitate Lateral Network Movement
- 9.2.4 Network Pivoting Techniques
- 9.2.5 Building Relay Connections for Network Access
- 9.2.6 Enumerating Targets for Vulnerability Assessment
- 9.2.7 Techniques for Discovering Network Services
- 9.2.8 WMI in Penetration Testing and System Administration
- 9.2.9 Windows Remote Management (WinRM): Overview and Uses
- 9.2.10 Lesson Recap
0:10:0- Mini-Project: Planning a Lateral Movement Strategy
- 9.3 Strategies for Data Staging and Covert Exfiltration
- 9.3.1 Introduction to Staging and Exfiltration Fundamentals
- 9.3.2 Accessing Data on the Target
- 9.3.3 Alternate Data Streams: Concealing and Storing Data
- 9.3.4 Alternate Data Streams
- 9.3.5 Lesson Recap
0:10:0- Mini-Project: The Final Phase: Exfiltration and Evasion
- 9.4 Cleanup Procedures and Network Restoration
- 9.4.1 Cleanup and Restoration Processes
- 9.4.2 Penetration Testing Task Documentation
- 9.4.3 Lesson Recap
0:10:0- Mini-Project: The Post-Engagement Cleanup Plan
- 9.5 Module Quiz
0:35:0- 10.1 Core Components of a Penetration Testing Report
- 10.1.1 Developing the Penetration Test Report
- 10.1.2 Guidelines for Effective Reporting
- 10.1.3 Breakdown of Report Components and Terms
- 10.1.4 Documentation Requirements and Format Consistency
- 10.1.5 Risk Assessment and Scoring
- 10.1.6 Test Parameters and Assumptions
- 10.1.7 Lesson Recap
0:10:0- Mini-Project: Drafting a Vulnerability Report
- 10.2 Analyzing Results and Suggesting Remediation
- 10.2.1 Overview of Findings Analysis and Recommendation Development
- 10.2.2 Analyzing Findings and Developing Recommendations Overview
- 10.2.3 Implementation of Technical Controls
- 10.2.4 Administrative Controls
- 10.2.5 Operational Control
- 10.2.6 Physical Access Controls
- 10.2.7 Lesson Recap
0:10:0- Mini-Project: Developing a Comprehensive Remediation Plan
- 10.3 Module Quiz
0:35:0
Buy Now
Last Updated
Aug 27, 2025
Students
99+
language
English
Duration
17h 35mLevel
beginner
Expiry period
Lifetime
Certificate
Yes
bigoss
English
Certificate Course
99+ Students
17h 35m
32 Courses
0 Review