back

CompTIA PenTest + (PT0-002)

Penetration testing and vulnerability management17 H 49 M

Just you? Training a whole team? There's an ITProTV plan that fits.

Start Training Today
This course has a virtual lab
This course has a practice test
Episodes
Episodes
  • Planning and Scoping
    • Overview
    • Regulation and Compliance
    • Common Pentest Restrictions
    • Legal Concepts and Documents
    • Standards and Methodologies
    • Scoping an Engagement
    • Professionalism and Integrity
  • Information Gathering and Vulnerability Scanning
    • DNS Recon
    • Target Recon
    • Host Discovery and Enumeration
    • Web and Cloud Discovery and Enumeration
    • Defense Detection and Avoidance
    • Vulnerability Scanning
    • Nmap
  • Attacks and Exploits
    • Exploit Resources
    • Denial of Service
    • ARP and DNS Poisoning
    • Password Attacks
    • VLAN Hopping
    • MAC Spoofing
    • Wireless Attacks
    • OWASP Top 10 Web App Security Risks
    • SSRF Attacks
    • Business Logic Flaws
    • SQL Injection Attacks
    • Other Injection Attacks
    • XSS Attacks
    • Session Attacks
    • API Attacks
    • Cloud Attacks
    • Mobile Attacks
    • IoT Hacking
    • Data Storage System Vulnerabilities
    • ICS SCADA and IIOT Vulnerabilities
    • Virtual Environment Vulnerabilities
    • Container Vulnerabilities
    • Social Engineering and Physical Attacks
    • Post Exploitation Enumeration and Tools
    • Network Segmentation Testing
    • Privilege Escalation
    • Persistence
    • Detection Avoidance
  • Reporting and Communication
    • Components of Written Reports
    • Recommended Remediations
    • Communication During a Pentest
    • Post Report Delivery Activities
  • Tools and Code Analysis
    • Basic Programming Concepts
    • Analyze Scripts Or Code For Use In A Pentest
    • Opportunities for Automation

Overview

8 M

itprotv course thumbnailitprotv course thumbnailitprotv course thumbnail
  • Episode Description
  • Transcript

PenTest+ assesses the most up-to-date penetration testing, and vulnerability assessment and management skills necessary to determine the resiliency of the network against attacks.

You're watching IT PRO TV. [MUSIC] >> Welcome to the CompTIA Pentest plus show right here on IT PRO TV. That's right. We're about to dive into this, and I'm gonna be your host, Ronnie Wong. And I'll also, of course be joined by our subject matter expert, Mr Daniel Lowrie. Now, this is a chance for us to introduce ourselves. So I'm gonna go ahead and take that chance, and then I'll turn it over to you Daniel. >> Sounds good. >> All right. So let me go ahead and introduce myself. I'm Ronnie Wong one of the educators here at IT PRO TV and I will be your host throughout this entire series on Pentest Plus. And I do have several security certifications that are more blue team focused. And so this actually gives me a chance to go ahead and begin to learn a little bit about the red team side as well. So, with my experience and background that actually allows me to kind of fill that out a little bit more, but as well, hopefully to ask some questions that you might ask as well as actually kind of bring in a little bit more blue team to ask those types of questions as well. Now I'm gonna turn it over to our SME to introduce himself. Mr. Daniel Lowrie, go ahead and introduce yourself to our audience. >> Thank you, Ronnie. I'm Daniel Lowrie. I'll be your SME for this lovely little Pentest plus series that we're putting on for you. Hopefully you enjoy this. A little bit about myself. I've worked in IT for over 20 years now. I can't believe it's been that long. And in that time. >> How old? >> Yes, I am that old. [LAUGH] In that time I've gathered a few search underneath my belt as well, both on the blue team side of things and the red team side, as well as systems administration and network administration, operations, things of that nature. I do have a passion for the red teaming that's out there. Penetration testing, vulnerability assessment and through red teaming things really get me excited. I like that stuff. So, I'm looking forward to getting into this series with you good folks out there and teaching you some of the really cool stuff that goes along with the idea of penetration testing. Pentest plus is a great resource for that. So we're gonna get to look over a lot of interesting topics. >> All right. Now, Daniel, when it comes down to somebody watching this show, is there any background prerequisite knowledge that they might need? And also what are they really gonna get out of this show? >> Okay, good question. Now, I will say, I will be assuming a level of knowledge from you as the learner out there. And that level of knowledge is gonna be someone that is already familiar with operating systems such as Windows, Windows server, Linux and things of that nature, right? So those two are gonna be our two major operating systems. MacOS is there, but it's basically unique. So we'll just call a spade a spade on that one. Other than that, I also need you to know a bit about networking as well. I'm gonna assume that you understand networking basics. So if you have those two prerequisites, you should do rather well throughout this. And then what was your other question running? >> Yeah, the other question here has do with the idea of what will they get out of this course as they watch it. We know it is towards certification, but what else are they actually gonna learn? >> Yeah, so you definitely we'll be preparing for your certification exam, which will be the Pentest plus PT0-002. Specifically, that's what this series is all about. But not only that, you're gonna gain my insights and my experience. I'm gonna hand that over to you as you watch throughout this series on not only the nuts and bolts on how things work when it comes to a penetration test, but also some of those caveats, those intangibles that come from just having to have done it and working with it. I'll be giving you that as well. So, hopefully with those two things combined, not only will you be prepared to sit and succeed in your exam, but also take some real skill sets out and be successful in the business side of things. >> All right, now, Daniel, I know that most people watching something like online training they may go, It's just gonna be a bunch of lecture. But, Daniel, how is our episode gonna be structured out? >> So our episodes will be structured out in a way where we're gonna take specific topics and domains that are called out by CompTIA throughout their objective list. And we're gonna chunk those up into bite size pieces where we can easily adjust those things. So take those different domains of learning how to scope and then the hacking phases of this thing actually doing the hacking stuff, and also talking about mitigations and after action things. So we're gonna kind of take this from soup to nuts. Learn all there is to know about a typical Pentest. I say all there is to know, most of the things, the most common ideas that you'll encounter and procedures that you'll encounter as a Pen tester so that you are equipped to actually go out there and perform this duty as your job role. >> Yeah, I believe that you actually have a whole list of different demonstrations. You're actually using the tools on that will actually help us to cement that knowledge in place as well. So, Daniel, most of the people that are watching this are probably gonna be, of course, focused in on getting that certification. Can you help us out with some of the details? >> Yeah, let's get a few of those certain details. I jumped into CompTIA's PenTest page here and because it gives you some information about it, and that's all great. You're probably already sold on this thing anyway, that's why you're watching. So let's get down to the nitty gritty on this. Which is, what's going on, what skills will you learn, right? The planning and scoping, we have information gathering and excuse me vulnerability scanning, attacks and exploits. Probably why you're here most of the time, right? That's the fun stuff, as I like to call it. Reporting your communication, tools and code analysis as well. So good stuff that we're gonna learn, as well as some of the job roles that you might operate under after obtaining the certification. So penetration testers, security consultant, cloud pen tester, Web App pen tester, cloud security specialist and network, and security specialist. But here are the exam details. Specifically, we're gonna hone in here on the PT0-002 side of things, which was made available on October 28th 2021. The CompTIA PenTest Plus will certify the successful candidate has the knowledge and skills required to plan scope penetration testing engagement including vulnerability scanning, understanding legal and compliance requirements. These are all very important things. Analyzing results and producing a written report with remediation techniques. Very comprehensive exam. We have a maximum of 85 questions. It is performance based and multiple choice. If you ever taken a CompTIA exam before you understand that's A, B, C and D, or put this in the right order, select the correct attack that goes along with this. That's what they mean by performance based. It is 165 minutes long. You need a passing score of 750 out of 900 to get the old win on this one. So that's a little high, but I believe you can do it. It can be done. So aim high. Recommended experience, kind of something we've already talked about. Net Plus, security plus equivalent knowledge, minimum 3 to 4 years of hands-on information security or related experience. It's not required, but it is highly recommended. Otherwise you're gonna have a lot of backfilling to do and it will take you a long time to get through this material. It is available in English and eventually Japanese. And then this is the big one right here, right? You can go to a Pearson VUE testing provider. Either do it online or at a testing center. And it's $360 US. >> 70. >> I'm sorry. Yes, thank you. $370 US. I don't know why my mind said that, but there you go. Not too difficult or expensive for most people out there. I think that's a very reasonable price for this. There you go, some of the details around the exam itself. >> All right. So what makes you excited about this course? >> What makes me excited about this course is getting to talk about hacking stuff. I really enjoy doing that stuff that really twirls Mabini as it were. I enjoy doing that in my free time as well as my professional time, and then giving that to you good folks out there is just fun to be able to talk about that. Having Ronnie here in the studio, we're gonna have some fun conversations. We're gonna hack some stuff. You're gonna see how to hack some stuff. We're gonna talk about the more administrative side of things as well, which is super important, which I'm glad that they bring in. So I think the PenTest plus is one of the better certifications out there for those of you looking to get into the penetration testing field. It will do you well and serve you well as a certification in that space. >> All right, well, there you heard it. And if you are ready to jump into PenTest Plus and have some fun with Daniel and myself as we actually get started, all it takes, of course, is the very next episode in this list. >> Thank you for watching IT PRO TV. [MUSIC]