Resources for CompTIA PenTest+ (PT0-002) and related topics
PenTest+ is an intermediate-level certification focusing on penetration testing (aka ethical hacking)1. PenTest+ covers risk analysis, threat detection, and penetration testing and ethical hacking tools and methodologies.
-
Planning and scoping
-
Information gathering and vulnerability identification (aka reconnaissance phase)
Passive reconnaissance (OSINT) vs active reconnaissance (DNS, port scan, OS fingerprinting)
-
Attacks and exploits
Types of attacks:
- social engineering attacks
- network attacks
- software attacks (e.g. SQL injection)
- wireless attacks
-
Reporting and communication
- Exam Code: PT0-002
- Launch Date: October 28, 2021
- Number of questions: 85
- Length of test: 165 minutes
- Passing score: 750 on a scale of 100-900
- Type of Questions: Multiple choice and performance-based questions (PBQs)
- Recommended experience:
- CompTIA Network+, Security+ or equivalent knowledge.
- Minimum of 3-4 years of hands-on information security or related experience.
- Languages: English, Japanese
- Retirement: Usually three years after launch
Launch and expiration dates of the PT0-001 and PT0-002 exams
- PT0-001 was released on July 31, 2018 and the English and Japanese versions already expired on April 26, 2022 and January 31, 2023, respectively.
- PT0-002 was released on October 28, 2021. Usually the CompTIA certifications expire three years after launch. Thus probably around October 28, 2024, PT0-002 will expire.
Ref.:2
- Linn, Heather. CompTIA PenTest+ Certification_ All-in-One Exam Guide (Exam PT0-002). 2nd ed., McGraw-Hill, 2022.
- Clarke, Glen E. CompTIA Pentest+ Certification For Dummies. 2nd ed., 2022.
- EC-Council Certified Ethical Hacker) (CEH)
- Official website
- Certified Ethical Hacker (CEH) (Wikipedia)
- GIAC Penetration Tester (GPEN)
- Offensive Security Certified Professional (OSCP)
Comparisons between related certifications:
Image taken from comptia.org
-
"CompTIA PenTest+\: Everything you need to know about the exam | Infosec Edge Webcast" (Infosec). YouTube, Dec 9, 2021.
Join Patrick Lane, Director of Products at CompTIA, to get the inside scoop on the latest PenTest+ changes
- Total Running Time: 57 minutes
-
"CompTIA PenTest+ Full Course - FREE [11 Hours] PT0-002" (Paul Browning). YouTube, Jan 9, 2023.
- Total Running Time: 11 hours 32 minutes
A complete course featuring theory and follow-along labs.
00:00:00 - The CompTIA Pentest+ Exam 00:11:27 - Pentesting
Module 2 - Planning and Scoping
00:37:20 - Explain the Importance of Planning for an Engagement. 01:28:06 - Explain Key Legal Concepts
Module 3 - Information Gathering
01:48:55 - Passive Information Gathering, Reconnaissance and Enumeration 02:07:52 - Passive Information Gathering Tools 02:29:31 - Reconnaissance Tools
Module 4 - Vulnerability Scanning
03:04:28 - Vulnerability Management 03:22:14 - Vulnerability Scan Tools
Module 5 - Vulnerability Analysis
04:11:19 - Interpreting Vulnerabilities Reports
Module 6 - Exploits
04:55:40 - Exploit Types 05:20:37 - Metasploitable and Exploits DBs 05:32:37 - The Metasploit Framework
Module 7 - Exploiting Networks
05:54:22 - Network Exploits 06:27:42 - NetBIOS Exploits 06:38:58 - Wireless Exploits 06:50:38 - Some Network Exploitation Tools
Module 8 - Exploiting People
07:15:41 - Social Engineering 07:34:00 - Social Engineering Toolkit
Module 9 - Exploiting Applications
07:49:27 - Exploiting Applications 08:24:18 - Injection Tools
Module 10 - Exploiting Hosts
08:41:13 - Special Permission Bits in Linux 09:08:11 - Exploiting Windows Hashes and Kernel 09:35:27 - Exploiting Linux Kernels
Module 11 - Using and Writing Pentesting Scripts
10:02:15 - Scripting in Bash, Powershell, Python and Ruby
Module 12 - Reporting
10:53:21 - Reporting and Monitoring
Commands: dig
, hashdump
, nslookup
, etc
- Kali tools:
aireplay-ng
,hashcat
,nikto
, etc - Other tools: Nessus, OpenVAS
Information gathering exercises: ARIN Whois Search, theHarvester
, shodan.io, recon-ng
, dig
, nmap
- Known-environment test (aka white box test)
- Partially known-environment test (aka gray box test)
- Unknown-environment test (aka back box test)
- Advanced Persistent Threat (APT)
- Hacktivist
- Insider threat
- Script kiddies
- Blue team
- Red team
- Official website: CompTIA PenTest+ Certification
- Wikipedia articles
- Kali Linux
-
Get Kali Linux: Installer images or Virtual Machines (e.g. VirtualBox)
Default credentials "kali/kali"
-
- Security assessment methodologies
-
NOTE: A02:2021-Cryptographic Failures was previously known as Sensitive Data Exposure
-
MITRE ATT&CK: is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.
- Penetration Testing Terminology (CompTIA PenTest+ Certification For Dummmies)