Discover Classes. Earn Rewards.
CompTIA PenTest+ is unfortunately unavailable

Thankfully we have 3 other CompTIA Classes for you to choose from. Check our top choices below or see all classes for more options.

CompTIA PenTest+

at Certstaffix Training - Downtown

(113)
Course Details
Price:
$2,800
Start Date:

This class isn't on the schedule at the moment, but save it to your Wish List to find out when it comes back!
If you're enrolled in an upcoming date, this simply means that date has now sold out.

Location:
Downtown, Downtown/Northeast
355 S Grand Ave Ste 2450
Btwn W 3rd & W 4th Streets
Los Angeles, California 90071
(Map)
Share:
Description
Class Level: Intermediate
Age Requirements: 18 and older
Average Class Size: 3

What you'll learn in this comptia training:

The CompTIA PenTest+ certification validates your skills and knowledge surrounding second-generation penetration testing, vulnerability assessment, and vulnerability management on a variety of systems and devices, making it the latest go-to qualification in an increasingly mobile world. This course will prepare you to:
  • Perform security assessments on desktops and mobile devices, as well as cloud, IoT, industrial and embedded systems
  • Identify security weaknesses and manage system vulnerabilities
  • Ensure that existing cybersecurity practices, configurations, and policies conform with current best practices
  • Simulate cyberattacks to pinpoint security weaknesses in operating systems, networks, and applications
Prerequisites:
  • CISSP: Certified Information Systems Security Professional
  • CompTIA Security+ (2017 Objectives)
Course Outline

Chapter 1 Penetration Testing 1
  • What Is Penetration Testing? 2
  • Cybersecurity Goals 2
  • Adopting the Hacker Mind-Set 4
  • Reasons for Penetration Testing 5
  • Benefits of Penetration Testing 5
  • Regulatory Requirements for Penetration Testing 6
  • Who Performs Penetration Tests? 8
  • Internal Penetration Testing Teams 8
  • External Penetration Testing Teams 9
  • Selecting Penetration Testing Teams 9
  • The CompTIA Penetration Testing Process 10
  • Planning and Scoping 11
  • Information Gathering and Vulnerability Identification 11
  • Attacking and Exploiting 12
  • Reporting and Communicating Results 13
  • The Cyber Kill 13
  • Reconnaissance 15
  • Weaponization 15
  • Delivery 16
  • Exploitation 16
  • Installation 16
  • Command and Control 16
  • Actions on Objectives 17
  • Tools of the Trade 17
  • Reconnaissance 19
  • Vulnerability Scanners 20
  • Social Engineering 21
  • Credential-Testing Tools 21
  • Debuggers 21
  • Software Assurance 22
  • Network Testing 22
  • Remote Access 23
  • Exploitation 23
  • Summary 23
  • Exam Essentials 24
  • Lab Exercises 25
  • Activity 1.1: Adopting the Hacker Mind-Set 25
  • Activity 1.2: Using the Cyber Kill 25
  • Review Questions 26
Chapter 2 Planning and Scoping Penetration Tests 31
  • Scoping and Planning Engagements 35
  • Assessment Types 36
  • White Box, Black Box, or Gray Box? 36
  • The Rules of Engagement 38
  • Scoping Considerations: A Deeper Dive 40
  • Support Resources for Penetration Tests 42
  • Key Legal Concepts for Penetration Tests 45
  • Contracts 45
  • Data Ownership and Retention 46
  • Authorization 46
  • Environmental Differences 46
  • Understanding Compliance-Based Assessments 48
  • Summary 50
  • Exam Essentials 51
  • Lab Exercises 52
  • Review Questions 53
Chapter 3 Information Gathering 57
  • Footprinting and Enumeration 60
  • OSINT 61
  • Location and Organizational Data 64
  • Infrastructure and Networks 67
  • Security Search Engines 72
  • Active Reconnaissance and Enumeration 74
  • Hosts 75
  • Services 75
  • Networks, Topologies, and Network Traffic 81
  • Packet Crafting and Inspection 83
  • Enumeration 84
  • Information Gathering and Code 88
  • Information Gathering and Defenses 89
  • Defenses Against Active Reconnaissance 90
  • Preventing Passive Information Gathering 90
  • Summary 90
  • Exam Essentials 91
  • Lab Exercises 92
  • Activity 3.1: Manual OSINT Gathering 92
  • Activity 3.2: Exploring Shodan 93
  • Activity 3.3: Running a Nessus Scan 93
  • Review Questions 94
Chapter 4 Vulnerability Scanning 99
  • Identifying Vulnerability Management Requirements 102
  • Regulatory Environment 102
  • Corporate Policy 106
  • Support for Penetration Testing 106
  • Identifying Scan Targets 106
  • Determining Scan Frequency 107
  • Configuring and Executing Vulnerability Scans 109
  • Scoping Vulnerability Scans 110
  • Configuring Vulnerability Scans 111
  • Scanner Maintenance 117
  • Software Security Testing 119
  • Analyzing and Testing Code 120
  • Web Application Vulnerability Scanning 121
  • Developing a Remediation Workflow 125
  • Prioritizing Remediation 126
  • Testing and Implementing Fixes 127
  • Overcoming Barriers to Vulnerability Scanning 127
  • Summary 129
  • Exam Essentials 129
  • Lab Exercises 130
  • Activity 4.1: Installing a Vulnerability Scanner 130
  • Activity 4.2: Running a Vulnerability Scan 130
  • Activity 4.3: Developing a Penetration Test Vulnerability Scanning Plan 131
  • Review Questions 132
Chapter 5 Analyzing Vulnerability Scans 137
  • Reviewing and Interpreting Scan Reports 138
  • Understanding CVSS 142
  • Validating Scan Results 147
  • False Positives 147
  • Documented Exceptions 147
  • Understanding Informational Results 148
  • Reconciling Scan Results with Other Data Sources 149
  • Trend Analysis 149
  • Common Vulnerabilities 150
  • Server and Endpoint Vulnerabilities 151
  • Network Vulnerabilities 161
  • Virtualization Vulnerabilities 167
  • Internet of Things (IoT) 169
  • Web Application Vulnerabilities 170
  • Summary 172
  • Exam Essentials 173
  • Lab Exercises 174
  • Activity 5.1: Interpreting a Vulnerability Scan 174
  • Activity 5.2: Analyzing a CVSS Vector 174
  • Activity 5.3: Developing a Penetration Testing Plan 175
  • Review Questions 176
Chapter 6 Exploit and Pivot 181
  • Exploits and Attacks 184
  • Choosing Targets 184
  • Identifying the Right Exploit 185
  • Exploit Resources 188
  • Developing Exploits 189
  • Exploitation Toolkits 191
  • Metasploit 192
  • PowerSploit 198
  • Exploit Specifics 199
  • RPC/DCOM 199
  • PsExec 199
  • PS Remoting/WinRM 199
  • WMI 200
  • Scheduled Tasks and cron Jobs 200
  • SMB 201
  • RDP 202
  • Apple Remote Desktop 203
  • VNC 203
  • X-Server Forwarding 203
  • Telnet 203
  • SSH 204
  • Leveraging Exploits 204
  • Common Post-Exploit Attacks 204
  • Privilege Escalation 207
  • Social Engineering 208
  • Persistence and Evasion 209
  • Scheduled Jobs and Scheduled Tasks 209
  • Inetd Modification 210
  • Daemons and Services 210
  • Back Doors and Trojans 210
  • New Users 211
  • Pivoting 211
  • Covering Your Tracks 212
  • Summary 213
  • Exam Essentials 214
  • Lab Exercises 215
  • Activity 6.1: Exploit 215
  • Activity 6.2: Discovery 215
  • Activity 6.3: Pivot 216
  • Review Questions 217
Chapter 7 Exploiting Network Vulnerabilities 223
  • Conducting Network Exploits 226
  • VLAN Hopping 226
  • Network Proxies 228
  • DNS Cache Poisoning 228
  • Man-in-the-Middle 229
  • NAC Bypass 233
  • DoS Attacks and Stress Testing 234
  • Exploiting Windows Services 236
  • NetBIOS Name Resolution Exploits 236
  • SMB Exploits 240
  • Exploiting Common Services 240
  • SNMP Exploits 241
  • SMTP Exploits 242
  • FTP Exploits 243
  • Samba Exploits 244
  • Wireless Exploits 245
  • Evil Twins and Wireless MITM 245
  • Other Wireless Protocols and Systems 247
  • RFID Cloning 248
  • Jamming 249
  • Repeating 249
  • Summary 250
  • Exam Essentials 251
  • Lab Exercises 251
  • Activity 7.1: Capturing Hashes 251
  • Activity 7.2: Brute-Forcing Services 252
  • Activity 7.3: Wireless Testing 253
  • Review Questions 254
Chapter 8 Exploiting Physical and Social Vulnerabilities 259
  • Physical Facility Penetration Testing 262
  • Entering Facilities 262
  • Information Gathering 266
  • Social Engineering 266
  • In-Person Social Engineering 267
  • Phishing Attacks 269
  • Website-Based Attacks 270
  • Using Social Engineering Tools 270
  • Summary 273
  • Exam Essentials 274
  • Lab Exercises 275
  • Activity 8.1: Designing a Physical Penetration Test 275
  • Activity 8.2: Brute-Forcing Services 276
  • Activity 8.3: Using Beef 276
  • Review Questions 278
Chapter 9 Exploiting Application Vulnerabilities 283
  • Exploiting Injection Vulnerabilities 287
  • Input Validation 287
  • Web Application Firewalls 288
  • SQL Injection Attacks 289
  • Code Injection Attacks 292
  • Command Injection Attacks 293
  • Exploiting Authentication Vulnerabilities 293
  • Password Authentication 294
  • Session Attacks 295
  • Kerberos Exploits 298
  • Exploiting Authorization Vulnerabilities 299
  • Insecure Direct Object References 299
  • Directory Traversal 300
  • File Inclusion 301
  • Exploiting Web Application Vulnerabilities 302
  • Cross-Site Scripting (XSS) 302
  • Cross-Site Request Forgery (CSRF/XSRF) 305
  • Clickjacking 305
  • Unsecure Coding Practices 306
  • Source Code Comments 306
  • Error Handling 306
  • Hard-Coded Credentials 307
  • Race Conditions 308
  • Unprotected APIs 308
  • Unsigned Code 308
  • Application Testing Tools 308
  • Static Application Security Testing (SAST) 309
  • Dynamic Application Security Testing (DAST) 310
  • Mobile Tools 313
  • Summary 313
  • Exam Essentials 313
  • Lab Exercises 314
  • Activity 9.1: Application Security Testing Techniques 314
  • Activity 9.2: Using the ZAP Proxy 314
  • Activity 9.3: Creating a Cross-Site Scripting Vulnerability 315
  • Review Questions 316
Chapter 10 Exploiting Host Vulnerabilities 321
  • Attacking Hosts 325
  • Linux 325
  • Windows 331
  • Cross-Platform Exploits 338
  • Remote Access 340
  • SSH 340
  • NETCAT and Ncat 341
  • Proxies 341
  • Metasploit and Remote Access 342
  • Attacking Virtual Machines and Containers 342
  • Virtual Machine Attacks 343
  • Container Attacks 344
  • Physical Device Security 345
  • Cold-Boot Attacks 345
  • Serial Consoles 345
  • JTAG Debug Pins and Ports 346
  • Attacking Mobile Devices 347
  • Credential Attacks 348
  • Credential Acquisition 348
  • Offline Password Cracking 349
  • Credential Testing and Brute-Forcing Tools 350
  • Wordlists and Dictionaries 351
  • Summary 352
  • Exam Essentials 353
  • Lab Exercises 354
  • Activity 10.1: Dumping and Cracking the Windows SAM and Other Credentials 354
  • Activity 10.2: Cracking Passwords Using Hashcat 355
  • Activity 10.3: Setting Up a Reverse Shell and a Bind Shell 356
  • Review Questions 358
Chapter 11 Scripting for Penetration Testing 363
  • Scripting and Penetration Testing 364
  • Bash 365
  • PowerShell 366
  • Ruby 367
  • Python 368
  • Variables, Arrays, and Substitutions 368
  • Bash 370
  • PowerShell 371
  • Ruby 371
  • Python 372
  • Comparison Operations 372
  • String Operations 373
  • Bash 375
  • PowerShell 376
  • Ruby 377
  • Python 378
  • Flow Control 378
  • Conditional Execution 379
  • For Loops 384
  • While Loops 389
  • Input and Output (I/O) 394
  • Redirecting Standard Input and Output 394
  • Error Handling 395
  • Bash 395
  • PowerShell 396
  • Ruby 396
  • Python 396
  • Summary 397
  • Exam Essentials 397
  • Lab Exercises 398
  • Activity 11.1: Reverse DNS Lookups 398
  • Activity 11.2: Nmap Scan 398
  • Review Questions 399
Chapter 12 Reporting and Communication 405
  • The Importance of Communication 408
  • Defining a Communication Path 408
  • Communication Triggers 408
  • Goal Reprioritization 409
  • Recommending Mitigation Strategies 409
  • Finding: Shared Local Administrator Credentials 411
  • Finding: Weak Password Complexity 411
  • Finding: Plain Text Passwords 413
  • Finding: No Multifactor Authentication 413
  • Finding: SQL Injection 414
  • Finding: Unnecessary Open Services 415
  • Writing a Penetration Testing Report 415
  • Structuring the Written Report 415
  • Secure Handling and Disposition of Reports 417
  • Wrapping Up the Engagement 418
  • Post-Engagement Cleanup 418
  • Client Acceptance 419
  • Lessons Learned 419
  • Follow-Up Actions/Retesting 419
  • Attestation of Findings 419
  • Summary 420
  • Exam Essentials 420
  • Lab Exercises 421
  • Activity 12.1: Remediation Strategies 421
  • Activity 12.2: Report Writing 421
  • Review Questions 422
  • Appendix
  • Answers to Review Questions 425
Headsets for free, Guaranteed to Run, Re-Takes for free (Up to 6 months), Interactive Classroom environment.

Registration Note: We can only accept students into our classes whose tuition is being paid by an employer or sponsoring organization. Self-paying individuals cannot enroll.

School Notes:
Important:
Courseware (if a course has a Courseware) will be shipped to the address provided two weeks before the class starts. Make sure that the additional info field is properly and correctly filled out to avoid Courseware being lost in transit. Please also note that P.O. Box addresses are not allowed.


The classes are instructor-led live training you attend in a local classroom or from your home/office. Our instructors teach from a remote location while being able to interact with students as in a traditional classroom setting.

Instructors can view student progress and take control of their PC to provide direct assistance. Students can see the instructor's presentation as well as voice questions directly to the instructor and participate in class discussions.

Still have questions? Ask the community.

Refund Policy
You can cancel or reschedule your registration without penalty or charge provided you give notice of 10 business days (M-F) or more days before the start of my class.

If you request to cancel or reschedule your registration 10 Business Days (M-F) or less days before the class start you will be charged 100% the course fee and will not be entitled to a refund. You have one (1) opportunity to use our Make-Up policy to have those funds applied to a later class date.

You cannot change your class location ten (10) Business days (M-F) or less before the class start because Certified Staffing Solutions has shipped training materials and provisioned resources. Location changes requested prior to that timeframe are subject to availability and may incur an additional charge.

Should Certified Staffing Solutions need to cancel your class due to insufficient enrollment, or postpone it due to events beyond their control, Certified Staffing Solutions will notify you as soon as possible. In such cases, you may reschedule to a future class date at no additional charge or receive a refund for any money on account relating to that registration.

Travel arrangements and costs are the sole responsibility of the student. Certified Staffing Solutions suggests obtaining refundable reservations. Certified Staffing Solutions classes are confirmed approximately 14 days before the start of the class. We cannot guarantee class commitments before that window of time. Certified Staffing Solutions will not be responsible for any cancellation costs incurred, including but not limited to, airline/mass transit tickets, hotel reservations and so on.

Map

Google Map

Certstaffix Training

All classes at this location

Start Dates (0)

This class isn't on the schedule at the moment, but save it to your Wish List to find out when it comes back!

Similar Classes

Benefits of Booking Through CourseHorse

Booking is safe. When you book with us your details are protected by a secure connection.
Lowest price guaranteed. Classes on CourseHorse are never marked up.
This class will earn you 28000 points. Points give you money off your next class!
Questions about this class?
Get help now from a knowledge expert!
Questions & Answers (0)

Get quick answers from CourseHorse and past students.

Reviews of Classes at Certstaffix Training (21)

School: Certstaffix Training

Certstaffix Training

Certified Staffing Solutions specializes in providing computer training and instructors nationwide. Our instructors are professional trainers and utilize hands-on exercises to reinforce lecture. Each averages more than 5 years delivering classes to business professionals.

Our Advantages

  • Our Instructors:...

Read more about Certstaffix Training

CourseHorse Approved

This school has been carefully vetted by CourseHorse and is a verified LA educator.

Want to take this class?

Save to Wish List
Taking this class for work? Get exclusive perks & discounts for free.

3 Top Choices

CompTIA Security+

at Certstaffix Training - Downtown 355 S Grand Ave Ste 2450, Los Angeles, California 90071

This course offers invaluable preparation for Exam SY0-501 and covers 100% of the exam objectives with clear, concise explanation. You'll learn how to handle threats, attacks, and vulnerabilities using industry-standard tools and technologies, while understanding the role of architecture and design. From everyday tasks like identity and access management...

Monday Jul 15th, 7am - 2pm

  (5 sessions)
$2,800

5 sessions

CompTIA A+ Certification

at Certstaffix Training - Downtown 355 S Grand Ave Ste 2450, Los Angeles, California 90071

This course is your complete solution for A+ exam preparation. Covering 100% of Exam 220-901 and Exam 220-902 objectives, this course gives you everything you need to ensure that you not only understand the basics of IT, but that you can demonstrate your understanding effectively. This course has been updated to reflect the exam's new focus. Coverage...

Monday Jul 29th, 7am - 2pm

  (5 sessions)
$2,800

5 sessions

CompTIA Network+

at Certstaffix Training - Downtown 355 S Grand Ave Ste 2450, Los Angeles, California 90071

Knowing how to install, configure, and troubleshoot a computer network is a highly marketable and exciting skill. This course first introduces the fundamental building blocks that form a modern network, such as protocols, topologies, hardware, and network operating systems. It then provides in-depth coverage of the most important concepts in contemporary...

Monday Aug 19th, 7am - 2pm

  (5 sessions)
$2,800

5 sessions

Loading...