English | MP4 | AVC 1280×720 | AAC 44KHz 2ch | 241 lectures (32h 13m) | 11.4 GB
Pass the CompTIA Pentest+ (PT0-002) exam on your 1st attempt, includes one full-length Pentest+ practice exam!
Taught by a Best Selling Certification Instructor
This course provides everything you need in order to study for the CompTIA Pentest+ (PT0-002) exam, including a downloadable PDF study guide to follow along with as you progress through the videos and to review before test day!
Taught by an expert in information technology and cybersecurity with over 20 years of experience, this course is a fun way to learn what you need to know to pass the CompTIA Pentest+ (PT0-002) exam or to better prepare yourself to serve on your organization’s cyber defense team or as an independent penetration tester.
The CompTIA Pentest+ (PT0-002) certification is an intermediate-level, vendor-neutral certification that validates your knowledge and ability to plan/scope an assessment, understand the legal/compliance requirements, perform vulnerability scanning/penetration tests, and analyze/report on your findings. This certification was released by CompTIA to fill a gap between the foundational-level CompTIA Security+ exam (for those with about 1 year in the field) and the advanced-level CompTIA Advanced Security Practitioner (for those with at least 5 years in the field). The CompTIA Pentest+ (PT0-002) exam is focused on the technical, hands-on details of the cybersecurity field, including how to emulate a cyber threat, infiltrate a secure network architecture, and conduct a penetration test against your organizational networks (with permission, of course).
This course is designed for penetration testers, IT Security analysts, vulnerability analysts and testers, network security operations personnel, or anyone who is trying to get a better understanding of the concepts involved in conducting a penetration test and its associated toolsets.
The CompTIA Pentest+ (PT0-002) exam covers FIVE domains:
- 14%: Planning and Scoping
- 22%: Information Gathering and Vulnerability Identification
- 30%: Attacks and Exploits
- 18%: Reporting and Communication
- 16%: Tools and Code Analysis
What you’ll learn
- Take and pass the CompTIA PenTest+ (PT0-002) certification exam
- Understand the penetration testing methodology
- Understand how to plan and scope a penetration test
- Understand how to conduct information gathering and enumeration
- Understand how to exploit networks and systems during a pentest
- Understand how to prepare a report and communicate your findings
Table of Contents
Welcome to the Course (PT0-002)
1 Welcome
2 Download Your Free Study Guide
3 Exam Tips
Planning an Engagement (PT0-002)
4 Planning an Engagement (OBJ 1.1, 1.2, and 1.3)
5 Risk (OBJ 1.2)
6 Risk Handling (OBJ 1.2)
7 Controls (OBJ 1.2)
8 PenTest Methodologies (OBJ 1.2)
9 PenTest Standards (OBJ 1.2)
10 Planning a Test (OBJ 1.2)
11 Legal Concepts (OBJ 1.1)
12 Regulatory Compliance (OBJ 1.1)
13 Professionalism (OBJ 1.3)
Scoping an Engagement (PT0-002)
14 Scoping an Engagement (OBJ 1.1, 1.2, and 1.3)
15 Defining the Scope (OBJ 1.2)
16 Adversary Emulation (OBJ 1.2)
17 Target List (OBJ 1.2)
18 Identifying Restrictions (OBJ 1.1)
19 Rules of Engagement (OBJ 1.2)
20 Assessment Types (OBJ 1.3)
21 Validating the Scope (OBJ 1.2)
22 Limitations and Permission (OBJ 1.1 and 1.3)
23 Build a Virtual Lab
Passive Reconnaissance (PT0-002)
24 Passive Reconnaissance (OBJ 2.1)
25 Information Gathering (OBJ 2.1)
26 Open-Source Intelligence (OSINT) (OBJ 2.1)
27 Social Media Scraping (OBJ 2.1)
28 OSINT Tools (OBJ 2.1)
29 Using OSINT Tools (OBJ 2.1)
30 DNS Information (OBJ 2.1)
31 Reconnaissance with CentralOps (OBJ 2.1)
32 Public Repositories (OBJ2.1)
33 Search Engine Analysis (OBJ 2.1)
34 URL Analysis (OBJ 2.1)
35 Cryptographic Flaws (OBJ 2.1)
36 CWE & CVE (OBJ 2.1)
Active Reconnaissance (PT0-002)
37 Active Reconnaissance (OBJ 2.2 and 2.3)
38 Scanning and Enumeration (OBJ 2.2 and 2.3)
39 Conducting Enumeration (OBJ 2.3)
40 Other Enumeration (OBJ 2.2 and 2.3)
41 Website Reconnaissance (OBJ 2.3)
42 Detecting and Evading Defenses (OBJ 2.2)
43 Packet Crafting (OBJ 2.2)
44 Eavesdropping (OBJ 2.2)
45 Wardriving (OBJ 2.2)
46 DNS and ARP Analysis (OBJ 2.3)
47 Network Traffic Analysis (OBJ 2.3)
Vulnerability Scanning (PT0-002)
48 Vulnerability Scanning (OBJ 2.3 and 2.4)
49 Vulnerability Lifecycle (OBJ 2.3 and 2.4)
50 Vulnerability Scans (OBJ 2.3 and 2.4)
51 Scanning Considerations (OBJ 2.3 and 2.4)
52 Nessus Scanning (OBJ 2.3 and 2.4)
53 OpenVas Scanning (OBJ 2.3 and 2.4)
54 Nikto Scanning (OBJ 2.3 and 2.4)
Nmap (PT0-002)
55 Nmap (OBJ 2.3 and 2.4)
56 Nmap Discovery Scans (OBJ 2.3 and 2.4)
57 Nmap Port Scans (OBJ 2.3 and 2.4)
58 Nmap Fingerprinting (OBJ 2.3 and 2.4)
59 Using Nmap (OBJ 2.3 and 2.4)
60 Nmap Scripting Engine (OBJ 2.3 and 2.4)
Social Engineering and Physical Attacks (PT0-002)
61 Social Engineering and Physical Attacks (OBJ 3.6)
62 Methods of Influence (OBJ 3.6)
63 Social Engineering (OBJ 3.6)
64 Phishing Campaigns (OBJ 3.6)
65 Social Engineering Toolkit (OBJ 3.6)
66 Pretexting (OBJ 3.6)
67 Baiting Victims (OBJ 3.6)
68 Impersonation (OBJ 3.6)
69 Physical Security (OBJ 3.6)
70 Lock Picking (OBJ 3.6)
71 Physical Attacks (OBJ 3.6)
72 Social Engineering Tools (OBJ 3.6)
Wireless Attacks (PT0-002)
73 Wireless Attacks (OBJ 3.2)
74 Wireless Security (OBJ 3.2)
75 Bypassing MAC Filtering (OBJ 3.2)
76 Signal Exploitation (OBJ 3.2)
77 WEP Hacking (OBJ 3.2)
78 WPAWPA2 Hacking (OBJ 3.2)
79 WPS PIN Attacks (OBJ 3.2)
80 Evil Twins (OBJ 3.2)
81 On-path and Relay Attacks (OBJ 3.2)
82 Bluetooth Attacks (OBJ 3.2)
83 RFID and NFC Attacks (OBJ 3.2)
Network Attacks (PT0-002)
84 Network Attacks (OBJ 3.1)
85 Stress Testing (OBJ 3.1)
86 Exploit Resources (OBJ 3.1)
87 ARP Poisoning (OBJ 3.1)
88 DNS Cache Poisoning (OBJ 3.1)
89 LLMNRNBT-NS Poisoning (OBJ 3.1)
90 MAC Spoofing (OBJ 3.1)
91 VLAN Hopping (OBJ 3.1)
92 NAC Bypass (OBJ 3.1)
93 On-path Attack (OBJ 3.1)
94 Password Attacks (OBJ 3.1)
95 Pass the Hash (OBJ 3.1)
96 Intro to Metasploit (OBJ 3.1)
97 Netcat (OBJ 3.1)
98 Using Netcat (OBJ 3.1)
Application Vulnerabilities (PT0-002)
99 Application Vulnerabilities (OBJ 3.3)
100 Race Conditions (OBJ 3.3)
101 Buffer Overflows (OBJ 3.3)
102 Buffer Overflow Attacks (OBJ 3.3)
103 Authentication and References (OBJ 3.3)
104 Improper Error Handling (OBJ 3.3)
105 Improper Headers (OBJ 3.3)
106 Code Signing (OBJ 3.3)
107 Vulnerable Components (OBJ 3.3)
108 Software Composition (OBJ 3.3)
109 Privilege Escalation (OBJ 3.3)
110 Conducting Privilege Escalation (OBJ 3.3)
Application Attacks (PT0-002)
111 Application Attacks (OBJ 3.3)
112 Directory Traversals (OBJ 3.3)
113 Dirbuster (OBJ 3.3)
114 Cross-Site Scripting (XSS) (OBJ 3.3)
115 Cross-Site Request Forgery (CSRF) (OBJ 3.3)
116 SQL Injections (OBJ 3.3)
117 Conducting SQL Injections (OBJ 3.3)
118 Burp Suite and SQLmap (OBJ 3.3)
119 OWASP ZAP (OBJ 3.3)
120 XML Injections (OBJ 3.3)
121 Other Injection Attacks (OBJ 3.3)
122 Attacking Web Applications (OBJ 3.3)
Cloud Attacks (PT0-002)
123 Cloud Attacks (OBJ 3.4)
124 Attacking the Cloud (OBJ 3.4)
125 Credential Harvesting (OBJ 3.4)
126 Misconfigured Assets (OBJ 3.4)
127 Metadata Service Attack (OBJ 3.4)
128 Software Development Kit (SDK) (OBJ 3.4)
129 Auditing the Cloud (OBJ 3.4)
130 Conducting Cloud Audits (OBJ 3.4)
Attacks on Mobile Devices (PT0-002)
131 Attacks on Mobile Devices (OBJ 3.5)
132 Enterprise Mobility Management (OBJ 3.5)
133 Deployment Options (OBJ 3.5)
134 Mobile Reconnaissance Concerns (OBJ 3.5)
135 Mobile Device Insecurity (OBJ 3.5)
136 Multifactor Authentication (OBJ 3.5)
137 Mobile Device Attacks (OBJ 3.5)
138 Malware Analysis (OBJ 3.5)
139 Conducting Malware Analysis (OBJ 3.5)
140 Mobile Device Tools (OBJ 3.5)
Attacks on Specialized Systems (PT0-002)
141 Attacks on Specialized Systems (OBJ 3.5)
142 Internet of Things (IoT) Devices (OBJ 3.5)
143 Internet of Things (IoT) Vulnerabilities (OBJ 3.5)
144 Embedded Systems (OBJ 3.5)
145 ICS and SCADA Devices (OBJ 3.5)
146 ICS Protocols and Vulnerabilities (OBJ 3.5)
147 Data Storage Vulnerabilities (OBJ 3.5)
148 Virtual Environments (OBJ 3.5)
149 Virtual Machine Attacks (OBJ 3.5)
150 Containerization (OBJ 3.5)
Post-exploitation (PT0-002)
151 Post-exploitation (OBJ 3.7)
152 Enumerating the Network (OBJ 3.7)
153 Network Segmentation Testing (OBJ 3.7)
154 Lateral Movement and Pivoting (OBJ 3.7)
155 Pass the Hash (OBJ 3.7)
156 Golden Ticket (OBJ 3.7)
157 Lateral Movement (OBJ 3.7)
158 Pivoting (3.7)
159 Escalating Privileges (OBJ 3.7)
160 Upgrading Restrictive Shells (OBJ 3.7)
Detection Avoidance (PT0-002)
161 Detection Avoidance (OBJ 3.7)
162 Trojans and Backdoors (OBJ 3.7)
163 Creating Persistence (OBJ 3.7)
164 Living Off the Land (OBJ 3.7)
165 Data Exfiltration (OBJ 3.7)
166 Covert Channels (OBJ 3.7)
167 Steganography (3.7)
168 Covering Your Tracks (OBJ 3.7)
169 Persistence and Covering Your Tracks (OBJ 3.7)
170 Post-Exploitation Tools (OBJ 3.7)
Communication and Reports (PT0-002)
171 Communication and Reports (OBJ 4.3)
172 Communication Paths (OBJ 4.3)
173 Communication Triggers (OBJ 4.3)
174 Reasons for Communication (OBJ 4.3)
175 Presentation of Findings (4.1 & OBJ 4.3)
176 Report Data Gathering (OBJ 4.1)
177 Written Reports (OBJ 4.1)
178 Common Themes (OBJ 4.1)
179 Securing and Storing Reports (OBJ 4.1)
Findings and Remediations (PT0-002)
180 Findings and Remediations (OBJ 4.2)
181 Security Control Categories (OBJ 4.2)
182 Selecting Security Controls (OBJ 4.2)
183 Physical Controls (OBJ 4.2)
184 Operational Controls (OBJ 4.2)
185 Administrative Controls (OBJ 4.2)
186 System Hardening (OBJ 4.2)
187 Secure Coding (OBJ 4.2)
188 Implementing MFA (OBJ 4.2)
189 Digital Certificates (OBJ 4.2)
190 Other Technical Controls (OBJ 4.2)
191 Mitigation Strategies (OBJ 4.2)
Post-report Activities (PT0-002)
192 Post-report Activities (OBJ 4.2)
193 Removing Shells and Tools (OBJ 4.2)
194 Deleting Test Credentials (OBJ 4.2)
195 Destroy Test Data (OBJ 4.2)
196 Client Acceptance (OBJ 4.2)
197 Attestation of Findings (OBJ 4.2)
198 Lessons Learned (OBJ 4.2)
199 Retesting (OBJ 4.2)
Scripting Basics (PT0-002)
200 Scripting Basics (OBJ 5.1 & OBJ 5.2)
201 Scripting Tools (OBJ 5.2)
202 Variables (OBJ 5.1)
203 Loops (OBJ 5.1)
204 Logic Control (OBJ 5.1)
205 Data Structures (OBJ 5.1)
206 Object Oriented Programming (OBJ 5.1)
Analyzing Scripts (PT0-002)
207 Analyzing Scripts (OBJ 5.2)
208 Coding in Bash (OBJ 5.2)
209 Bash Example (OBJ 5.2)
210 Coding in PowerShell (OBJ 5.2)
211 PowerShell Example (OBJ 5.2)
212 Coding in Python (OBJ 5.2)
213 Python Example (OBJ 5.2)
214 Coding in Perl (OBJ 5.2)
215 Perl Example (OBJ 5.2)
216 Coding in JavaScript (OBJ 5.2)
217 JavaScript Example (OBJ 5.2)
218 Coding in Ruby (OBJ 5.2)
219 Ruby Example (OBJ 5.2)
Exploits and Automation (PT0-002)
220 Exploits and Automation (OBJ 5.2)
221 Exploits to Download Files (OBJ 5.2)
222 Exploits for Remote Access (OBJ 5.2)
223 Exploits for Enumerating Users (OBJ 5.2)
224 Exploits for Enumerating Assets (OBJ 5.2)
225 Automation in Engagements (OBJ 5.2)
226 Automation with Nmap Scripts (OBJ 5.2)
Tool Round-up (PT0-002)
227 Tool Round-up (OBJ 5.3)
228 OSINT Tools (OBJ 5.3)
229 Scanning Tools (OBJ 5.3)
230 Networking Tools (OBJ 5.3)
231 Wireless Tools (OBJ 5.3)
232 Social Engineering Tools (OBJ 5.3)
233 Remote Access Tools (OBJ 5.3)
234 Credential Testing Tools (OBJ 5.3)
235 Web Application Tools (OBJ 5.3)
236 Cloud Tools (OBJ 5.3)
237 Steganography Tools (OBJ 5.3)
238 Debuggers (OBJ 5.3)
239 Miscellaneous Tools (OBJ 5.3)
Conclusion (PT0-002)
240 Conclusion
241 BONUS Where to go from here
Resolve the captcha to access the links!