Course Details
Price:
$3,160 4 seats left
Start Date:

Mon, Jan 13, 10:00am - Jan 17, 5:00pm (5 sessions)

Next start dates (1)

Location:
Largo
1300 Caraway Ct Ste 200
Btwn McCormick & Arena Drives
Largo, Maryland 20774
(Map)
Share:
Purchase Options
Description
Class Level: Intermediate
Age Requirements: 18 and older
Average Class Size: 3

What you'll learn in this cybersecurity training:

The CompTIA PenTest+ certification validates your skills and knowledge surrounding second-generation penetration testing, vulnerability assessment, and vulnerability management on a variety of systems and devices, making it the latest go-to qualification in an increasingly mobile world. This course will prepare you to:
  • Perform security assessments on desktops and mobile devices, as well as cloud, IoT, industrial and embedded systems
  • Identify security weaknesses and manage system vulnerabilities
  • Ensure that existing cybersecurity practices, configurations, and policies conform with current best practices
  • Simulate cyberattacks to pinpoint security weaknesses in operating systems, networks, and applications
Prerequisites:
  • CISSP: Certified Information Systems Security Professional
  • CompTIA Security+ (2017 Objectives)
Course Outline

Penetration Testing
  • What Is Penetration Testing?
  • Cybersecurity Goals
  • Adopting the Hacker Mind-Set
  • Reasons for Penetration Testing
  • Benefits of Penetration Testing
  • Regulatory Requirements for Penetration Testing
  • Who Performs Penetration Tests?
  • Internal Penetration Testing Teams
  • External Penetration Testing Teams
  • Selecting Penetration Testing Teams
  • The CompTIA Penetration Testing Process
  • Planning and Scoping
  • Information Gathering and Vulnerability Identification
  • Attacking and Exploiting
  • Reporting and Communicating Results
  • The Cyber Kill
  • Reconnaissance
  • Weaponization
  • Delivery
  • Exploitation
  • Installation
  • Command and Control
  • Actions on Objectives
  • Tools of the Trade
  • Reconnaissance
  • Vulnerability Scanners
  • Social Engineering
  • Credential-Testing Tools
  • Debuggers
  • Software Assurance
  • Network Testing
  • Remote Access
  • Exploitation
  • Summary
  • Exam Essentials
  • Lab Exercises
  • Activity .: Adopting the Hacker Mind-Set
  • Activity .: Using the Cyber Kill
  • Review Questions
Planning and Scoping Penetration Tests
  • Scoping and Planning Engagements
  • Assessment Types
  • White Box, Black Box, or Gray Box?
  • The Rules of Engagement
  • Scoping Considerations: A Deeper Dive
  • Support Resources for Penetration Tests
  • Key Legal Concepts for Penetration Tests
  • Contracts
  • Data Ownership and Retention
  • Authorization
  • Environmental Differences
  • Understanding Compliance-Based Assessments
  • Summary
  • Exam Essentials
  • Lab Exercises
  • Review Questions
Information Gathering
  • Footprinting and Enumeration
  • OSINT
  • Location and Organizational Data
  • Infrastructure and Networks
  • Security Search Engines
  • Active Reconnaissance and Enumeration
  • Hosts
  • Services
  • Networks, Topologies, and Network Traffic
  • Packet Crafting and Inspection
  • Enumeration
  • Information Gathering and Code
  • Information Gathering and Defenses
  • Defenses Against Active Reconnaissance
  • Preventing Passive Information Gathering
  • Summary
  • Exam Essentials
  • Lab Exercises
  • Activity .: Manual OSINT Gathering
  • Activity .: Exploring Shodan
  • Activity .: Running a Nessus Scan
  • Review Questions
Vulnerability Scanning
  • Identifying Vulnerability Management Requirements
  • Regulatory Environment
  • Corporate Policy
  • Support for Penetration Testing
  • Identifying Scan Targets
  • Determining Scan Frequency
  • Configuring and Executing Vulnerability Scans
  • Scoping Vulnerability Scans
  • Configuring Vulnerability Scans
  • Scanner Maintenance
  • Software Security Testing
  • Analyzing and Testing Code
  • Web Application Vulnerability Scanning
  • Developing a Remediation Workflow
  • Prioritizing Remediation
  • Testing and Implementing Fixes
  • Overcoming Barriers to Vulnerability Scanning
  • Summary
  • Exam Essentials
  • Lab Exercises
  • Activity .: Installing a Vulnerability Scanner
  • Activity .: Running a Vulnerability Scan
  • Activity .: Developing a Penetration Test Vulnerability Scanning Plan
  • Review Questions
Analyzing Vulnerability Scans
  • Reviewing and Interpreting Scan Reports
  • Understanding CVSS
  • Validating Scan Results
  • False Positives
  • Documented Exceptions
  • Understanding Informational Results
  • Reconciling Scan Results with Other Data Sources
  • Trend Analysis
  • Common Vulnerabilities
  • Server and Endpoint Vulnerabilities
  • Network Vulnerabilities
  • Virtualization Vulnerabilities
  • Internet of Things (IoT)
  • Web Application Vulnerabilities
  • Summary
  • Exam Essentials
  • Lab Exercises
  • Activity .: Interpreting a Vulnerability Scan
  • Activity .: Analyzing a CVSS Vector
  • Activity .: Developing a Penetration Testing Plan
  • Review Questions
Exploit and Pivot
  • Exploits and Attacks
  • Choosing Targets
  • Identifying the Right Exploit
  • Exploit Resources
  • Developing Exploits
  • Exploitation Toolkits
  • Metasploit
  • PowerSploit
  • Exploit Specifics
  • RPC/DCOM
  • PsExec
  • PS Remoting/WinRM
  • WMI
  • Scheduled Tasks and cron Jobs
  • SMB
  • RDP
  • Apple Remote Desktop
  • VNC
  • X-Server Forwarding
  • Telnet
  • SSH
  • Leveraging Exploits
  • Common Post-Exploit Attacks
  • Privilege Escalation
  • Social Engineering
  • Persistence and Evasion
  • Scheduled Jobs and Scheduled Tasks
  • Inetd Modification
  • Daemons and Services
  • Back Doors and Trojans
  • New Users
  • Pivoting
  • Covering Your Tracks
  • Summary
  • Exam Essentials
  • Lab Exercises
  • Activity .: Exploit
  • Activity .: Discovery
  • Activity .: Pivot
  • Review Questions
Exploiting Network Vulnerabilities
  • Conducting Network Exploits
  • VLAN Hopping
  • Network Proxies
  • DNS Cache Poisoning
  • Man-in-the-Middle
  • NAC Bypass
  • DoS Attacks and Stress Testing
  • Exploiting Windows Services
  • NetBIOS Name Resolution Exploits
  • SMB Exploits
  • Exploiting Common Services
  • SNMP Exploits
  • SMTP Exploits
  • FTP Exploits
  • Samba Exploits
  • Wireless Exploits
  • Evil Twins and Wireless MITM
  • Other Wireless Protocols and Systems
  • RFID Cloning
  • Jamming
  • Repeating
  • Summary
  • Exam Essentials
  • Lab Exercises
  • Activity .: Capturing Hashes
  • Activity .: Brute-Forcing Services
  • Activity .: Wireless Testing
  • Review Questions
Exploiting Physical and Social Vulnerabilities
  • Physical Facility Penetration Testing
  • Entering Facilities
  • Information Gathering
  • Social Engineering
  • In-Person Social Engineering
  • Phishing Attacks
  • Website-Based Attacks
  • Using Social Engineering Tools
  • Summary
  • Exam Essentials
  • Lab Exercises
  • Activity .: Designing a Physical Penetration Test
  • Activity .: Brute-Forcing Services
  • Activity .: Using Beef
  • Review Questions
Exploiting Application Vulnerabilities
  • Exploiting Injection Vulnerabilities
  • Input Validation
  • Web Application Firewalls
  • SQL Injection Attacks
  • Code Injection Attacks
  • Command Injection Attacks
  • Exploiting Authentication Vulnerabilities
  • Password Authentication
  • Session Attacks
  • Kerberos Exploits
  • Exploiting Authorization Vulnerabilities
  • Insecure Direct Object References
  • Directory Traversal
  • File Inclusion
  • Exploiting Web Application Vulnerabilities
  • Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF/XSRF)
  • Clickjacking
  • Unsecure Coding Practices
  • Source Code Comments
  • Error Handling
  • Hard-Coded Credentials
  • Race Conditions
  • Unprotected APIs
  • Unsigned Code
  • Application Testing Tools
  • Static Application Security Testing (SAST)
  • Dynamic Application Security Testing (DAST)
  • Mobile Tools
  • Summary
  • Exam Essentials
  • Lab Exercises
  • Activity .: Application Security Testing Techniques
  • Activity .: Using the ZAP Proxy
  • Activity .: Creating a Cross-Site Scripting Vulnerability
  • Review Questions
Exploiting Host Vulnerabilities
  • Attacking Hosts
  • Linux
  • Windows
  • Cross-Platform Exploits
  • Remote Access
  • SSH
  • NETCAT and Ncat
  • Proxies
  • Metasploit and Remote Access
  • Attacking Virtual Machines and Containers
  • Virtual Machine Attacks
  • Container Attacks
  • Physical Device Security
  • Cold-Boot Attacks
  • Serial Consoles
  • JTAG Debug Pins and Ports
  • Attacking Mobile Devices
  • Credential Attacks
  • Credential Acquisition
  • Offline Password Cracking
  • Credential Testing and Brute-Forcing Tools
  • Wordlists and Dictionaries
  • Summary
  • Exam Essentials
  • Lab Exercises
  • Activity .: Dumping and Cracking the Windows SAM and Other Credentials
  • Activity .: Cracking Passwords Using Hashcat
  • Activity .: Setting Up a Reverse Shell and a Bind Shell
  • Review Questions
Scripting for Penetration Testing
  • Scripting and Penetration Testing
  • Bash
  • PowerShell
  • Ruby
  • Python
  • Variables, Arrays, and Substitutions
  • Bash
  • PowerShell
  • Ruby
  • Python
  • Comparison Operations
  • String Operations
  • Bash
  • PowerShell
  • Ruby
  • Python
  • Flow Control
  • Conditional Execution
  • For Loops
  • While Loops
  • Input and Output (I/O)
  • Redirecting Standard Input and Output
  • Error Handling
  • Bash
  • PowerShell
  • Ruby
  • Python
  • Summary
  • Exam Essentials
  • Lab Exercises
  • Activity .: Reverse DNS Lookups
  • Activity .: Nmap Scan
  • Review Questions
Reporting and Communication
  • The Importance of Communication
  • Defining a Communication Path
  • Communication Triggers
  • Goal Reprioritization
  • Recommending Mitigation Strategies
  • Finding: Shared Local Administrator Credentials
  • Finding: Weak Password Complexity
  • Finding: Plain Text Passwords
  • Finding: No Multifactor Authentication
  • Finding: SQL Injection
  • Finding: Unnecessary Open Services
  • Writing a Penetration Testing Report
  • Structuring the Written Report
  • Secure Handling and Disposition of Reports
  • Wrapping Up the Engagement
  • Post-Engagement Cleanup
  • Client Acceptance
  • Lessons Learned
  • Follow-Up Actions/Retesting
  • Attestation of Findings
  • Summary
  • Exam Essentials
  • Lab Exercises
  • Activity .: Remediation Strategies
  • Activity .: Report Writing
  • Review Questions
  • Appendix
  • Answers to Review Questions
Headsets for free, Guaranteed to Run, Re-Takes for free (Up to 6 months), Interactive Classroom environment.

Registration Note: We can only accept students into our classes whose tuition is being paid by an employer or sponsoring organization. Self-paying individuals cannot enroll.

School Notes:
Important:
Courseware (if a course has a Courseware) will be shipped to the address provided two weeks before the class starts. Make sure that the additional info field is properly and correctly filled out to avoid Courseware being lost in transit. Please also note that P.O. Box addresses are not allowed.


The classes are instructor-led live training you attend in a local classroom or from your home/office. Our instructors teach from a remote location while being able to interact with students as in a traditional classroom setting.

Instructors can view student progress and take control of their PC to provide direct assistance. Students can see the instructor's presentation as well as voice questions directly to the instructor and participate in class discussions.

Still have questions? Ask the community.

Refund Policy
You can cancel or reschedule your registration without penalty or charge provided you give notice of 10 business days (M-F) or more days before the start of my class.

If you request to cancel or reschedule your registration 10 Business Days (M-F) or less days before the class start you will be charged 100% the course fee and will not be entitled to a refund. You have one (1) opportunity to use our Make-Up policy to have those funds applied to a later class date.

You cannot change your class location ten (10) Business days (M-F) or less before the class start because Certified Staffing Solutions has shipped training materials and provisioned resources. Location changes requested prior to that timeframe are subject to availability and may incur an additional charge.

Should Certified Staffing Solutions need to cancel your class due to insufficient enrollment, or postpone it due to events beyond their control, Certified Staffing Solutions will notify you as soon as possible. In such cases, you may reschedule to a future class date at no additional charge or receive a refund for any money on account relating to that registration.

Travel arrangements and costs are the sole responsibility of the student. Certified Staffing Solutions suggests obtaining refundable reservations. Certified Staffing Solutions classes are confirmed approximately 14 days before the start of the class. We cannot guarantee class commitments before that window of time. Certified Staffing Solutions will not be responsible for any cancellation costs incurred, including but not limited to, airline/mass transit tickets, hotel reservations and so on.

Map

Google Map

Certstaffix Training

All classes at this location

Start Dates (2)
Start Date Time Teacher # Sessions Price
10:00am - 5:00pm Remote Instructor 5 $3,160
This course consists of multiple sessions, view schedule for sessions.
Tue, Jan 14 10:00am - 5:00pm Remote Instructor
Wed, Jan 15 10:00am - 5:00pm Remote Instructor
Thu, Jan 16 10:00am - 5:00pm Remote Instructor
Fri, Jan 17 10:00am - 5:00pm Remote Instructor
10:00am - 5:00pm Remote Instructor 5 $3,160
This course consists of multiple sessions, view schedule for sessions.
Tue, Mar 10 10:00am - 5:00pm Remote Instructor
Wed, Mar 11 10:00am - 5:00pm Remote Instructor
Thu, Mar 12 10:00am - 5:00pm Remote Instructor
Fri, Mar 13 10:00am - 5:00pm Remote Instructor

Benefits of Booking Through CourseHorse

Booking is safe. When you book with us your details are protected by a secure connection.
Lowest price guaranteed. Classes on CourseHorse are never marked up.
This class will earn you 31600 points. Points give you money off your next class!
Questions about this class?
Get help now from a knowledge expert!
Questions & Answers (0)

Get quick answers from CourseHorse and past students.

Reviews of Classes at Certstaffix Training (24)

Similar Classes

School: Certstaffix Training

Certstaffix Training

Certified Staffing Solutions specializes in providing computer training and instructors nationwide. Our instructors are professional trainers and utilize hands-on exercises to reinforce lecture. Each averages more than 5 years delivering classes to business professionals.

Our Advantages

  • Our Instructors:...

Read more about Certstaffix Training

CourseHorse Approved

This school has been carefully vetted by CourseHorse and is a verified DC educator.

Ready to take this class?
BOOK NOW
Taking this class for work? Get exclusive perks & discounts for free.