Résumé du cours
In this course, you'll get the skills you need to identify, exploit, report, and manage vulnerabilities on a network.
This course builds upon skills learnt from CompTIA Security+ certification and provides you with the intermediate skills and best practice for penetration testing.
Your expert instructor will teach you up-to-date penetration testing skills, helping you develop vulnerability assessment techniques and the management skills necessary to determine how resilient a network is to attacks.
Moyens d'évaluation :
- Quiz pré-formation de vérification des connaissances (si applicable)
- Évaluations formatives pendant la formation, à travers les travaux pratiques réalisés sur les labs à l’issue de chaque module, QCM, mises en situation…
- Complétion par chaque participant d’un questionnaire et/ou questionnaire de positionnement en amont et à l’issue de la formation pour validation de l’acquisition des compétences
A qui s'adresse cette formation
If you're an intermediate level cyber security professional tasked with penetration testing, this course is ideal for you.
Pré-requis
Before attending this course, you should have:
- Network+, Security+ or equivalent knowledge
- A minimum of 2-3 years of hands-on information security or related experience
Objectifs
You'll learn to:
- customise assessment frameworks
- report penetration test findings
- communicate recommended strategies
On this course, you'll prepare for the CompTIA PenTest+ exam The performance-based PenTest+ exam involves hands-on simulations, proving you've moved beyond theory and have the practical skills to carry out penetration testing techniques.
Achieving this certification qualifies you for a role as a:
- Penetration Tester
- Vulnerability Tester
- Security Analyst (II)
- Vulnerability Assessment Analyst
- Network Security Operations
- Application Security Vulnerability
Contenu
Planning and Scoping
- Explain the importance of planning for an engagement
- Explain key legal concepts.
- Explain the importance of scoping an engagement properly.
- Explain the key aspects of compliance-based assessments.
Information Gathering and Vulnerability Identification
- Given a scenario, conduct information gathering using appropriate techniques
- Given a scenario, perform a vulnerability scan.
- Given a scenario, analyse vulnerability scan results
- Explain the process of leveraging information to prepare for exploitation.
- Explain weaknesses related to specialised systems
Attacks and Exploits
- Compare and contrast social engineering attacks
- Given a scenario, exploit network-based vulnerabilities
- Given a scenario, exploit wireless and RF-based vulnerabilities
- Given a scenario, exploit application-based vulnerabilities
- Given a scenario, exploit local host vulnerabilities
- Summarise physical security attacks related to facilities
- Given a scenario, perform post-exploitation techniques
Penetration Testing Tools
- Given a scenario, use Nmap to conduct information gathering exercises
- Compare and contrast various use cases of tools
- Given a scenario, analyse tool output or data related to a penetration test
- Given a scenario, analyse a basic script (limited to Bash, Python, Ruby, and PowerShell)
Reporting and Communication
- Given a scenario, use report writing and handling best practices
- Explain post-report delivery activities
- Given a scenario, recommend mitigation strategies for discovered vulnerabilities
- Explain the importance of communication during the penetration testing process
Moyens Pédagogiques :