CompTIA PenTest+ (Exam: PT0-003) Courseware

Module 1: Scoping and Planning a Penetration Test

Domain Covered: 1.0 Engagement Management

Subdomain Covered: 1.1 Summarize pre-engagement activities

Lessons

• Scope Definition
• Agreement Types
• Target Selection
• Assessment Types
• Shared Responsibility Model
• Legal and Ethical Considerations

Module 2: Frameworks, Methodologies, and Communication

Domain Covered: 1.0 Engagement Management

Subdomains Covered:

1.2 Explain collaboration and communication activities

1.3 Compare and contrast testing frameworks and methodologies

1.4 Explain the components of a penetration test report

1.5 Given a scenario, analyze the findings and recommend the appropriate remediation within a report.

Lessons

• Collaboration and Communication
• Testing Frameworks and Methodologies
• Threat Modeling Frameworks
• Penetration Test Report Components
• Remediation Recommendations

Module 3: Reconnaissance Fundamentals

Domain Covered: 2.0 Reconnaissance and Enumeration

Subdomains Covered:

              2.1 Given a scenario, apply information gathering techniques

              2.4 Given a scenario, use the appropriate tools for reconnaissance and enumeration

Lessons

• Information Gathering
• Reconnaissance Tools

Module 4: Enumeration and Recon Scripting

Domain Covered: 2.0 Reconnaissance and Enumeration

Subdomains Covered:

              2.2 Given a scenario, apply enumeration techniques

              2.3 Given a scenario, modify scripts for reconnaissance and enumeration

Lessons

• Enumeration Techniques
• Reconnaissance Scripting

Module 5: Vulnerability Discovery and Scanning

Domain Covered: 3.0 Vulnerability Discovery and Analysis

Subdomains Covered:

             3.1 Given a scenario, conduct vulnerability discovery using various techniques

3.2 Given a scenario, analyze output from reconnaissance, scanning, and enumeration phases

            3.3 Explain physical security concepts

Lessons

• Scanning Techniques
• Industrial Control Systems (ICS) Vulnerability Assessment Tools
• Scan Output Analysis
• Physical Security Concepts

Module 6: Attack Planning and Prioritization

Domain Covered: 4.0 Attacks and Exploits

Subdomain Covered: 4.1 Given a scenario, analyze output to prioritize and prepare attacks

Lessons

• Target Prioritization
• Capability Selection

Module 7: Network, Host, and Application Exploits

Domain Covered: 4.0 Attacks and Exploits

Subdomains Covered:

              4.2 Given a scenario, perform network attacks using the appropriate tools

              4.3 Given a scenario, perform authentication attacks using the appropriate tools

4.4 Given a scenario, perform host-based attacks using the appropriate tools

4.5 Given a scenario, perform web application attacks using the appropriate tools

4.6 Given a scenario, perform cloud-based attacks using the appropriate tools

Lessons

• Network Attacks
• Authentication Attacks
• Host-Based Attacks
• Web Application Attacks
• Cloud Attacks

Module 8: Wireless, Social Engineering, and Specialized Attacks

Domain Covered: 4.0 Attacks and Exploits

Subdomains Covered:

              4.7 Given a scenario, perform wireless attacks using the appropriate tools

              4.8 Given a scenario, perform social engineering attacks using the appropriate tools

              4.9 Explain common attacks against specialized systems

              4.10 Given a scenario, use scripting to automate attacks

Lessons

• Wireless Attacks
• Social Engineering Attacks
• Specialized System Attacks
• Attack Automation

Module 9: Post-Exploitation, Lateral Movement, and Cleanup

Domain Covered: 5.0 Post-exploitation and Lateral Movement

Subdomains Covered:

              5.1 Given a scenario, perform tasks to establish and maintain persistence

              5.2 Given a scenario, perform tasks to move laterally throughout the environment

              5.3 Summarize concepts related to staging and exfiltration

              5.4 Explain cleanup and restoration activities

Lessons

• Establish and Maintain Persistence
• Lateral Movement
• Staging and Exfiltration
• Cleanup and Restoration