Musa Formazione
Programma Didattico Corso Penetration Test e Hacking Etico | Certificato CompTIA PenTest+
MODULO B: Corso Penetration Test e Hacking Etico | Certificato CompTIA PenTest+
1.1: Professional Conduct and Penetration Testing
Exam Objectives Covered:
- Summarize pre-engagement
Topics:
- Professional Conduct and Penetration Testing
- What Is Penetration Testing?
- Ethics, Legal, and Compliance Considerations of Penetration Testing
- Importance and Examples of Documentation
- Scoping and Authorization
- Overview of the PenTest Report
- Live Lab: Exploring the Lab Environment
1.2: Collaboration and Communication
Exam Objectives Covered:
- Explain collaboration and communication
Topics:
- Collaboration and Communication
- Collaboration and Communication Overview
- PenTest Team Roles and Responsibilities
- Communicating with Clients and Team Members
- Peer Review
- Stakeholder Alignment
- Root Cause Analysis
- Escalation Path
- Secure Distribution
- Articulation of Risk, Severity, and Impact
- Goal Reprioritization
- Business Impact Analysis
- Client Acceptance
1.3: Testing Frameworks and Methodologies
Exam Objectives Covered:
- Compare and contrast testing frameworks and
Topics:
- Testing Frameworks and Methodologies
- Testing Frameworks and Methodologies Overview
- Open Source Security Testing Methodology Manual (OSSTMM)
- Council of Registered Ethical Security Testers (CREST)
- Penetration Testing Execution Standard (PTES)
- MITRE ATT&CK
- Open Web Application Security Project (OWASP) Top 10
- OWASP Mobile Application Security Verification Standard (MASVS)
- Purdue Model
- Threat Modeling Frameworks
1.4: Introduction to Scripting for Penetration Testing
Exam Objectives Covered:
- Summarize pre-engagement 1.2 Given a scenario, modify scripts for reconnaissance and enumeration.
Topics:
- Introduction to Scripting for Penetration Testing
- Scripting Languages
- Bash Shell and Bash Script
- Python
- Powershell
- Use of Libraries, Functions, and Classes
- Logic Constructs
- Create Logic Constructs
2.1: Define the Scope
Exam Objectives Covered:
- Summarize pre-engagement
Topics:
- Define the Scope
- Regulations, Frameworks, and Standards
- Rules of Engagement
- Agreement Types
- Target Selection
2.2: Compare Types of Assessments
Exam Objectives Covered:
- Summarize pre-engagement
Topics:
- Compare Types of Assessments
- Types of Assessments Overview
- Web and Application Assessments
- Network Assessments
- Activity: Assess Environmental Considerations
- Mobile Assessments
- Cloud Assessments
- Wireless Assessments
- IoT Devices and Penetration Testing
- Information Technology Versus Operational Technology
2.3: Utilize the Shared Responsibility Model
Exam Objectives Covered:
- Summarize pre-engagement
Topics:
- Utilize the Shared Responsibility Model
- The Shared Responsibility Model Overview
- Hosting Provider Responsibilities
- Customer Responsibilities
- Penetration Tester Responsibilities
- Third-Party Responsibilities
2.4: Identify Legal and Ethical Considerations
Exam Objectives Covered:
- Summarize pre-engagement
Topics:
- Identify Legal and Ethical Considerations
- Authorization Letters
- Mandatory Reporting Requirements
- Risk to the Penetration Tester
- Documenting Pre-Engagement Activities
3.1: Information Gathering Techniques
Exam Objectives Covered:
- Given a scenario, apply information gathering 2.3 Given a scenario, modify scripts for reconnaissance and enumeration.
Topics:
- Information Gathering Techniques
- Active and Passive Reconnaissance
- Tools for Reconnaissance
- Open-Source Intelligence (OSINT)
- Using Shodan
- Previously Breached Password Lists
- Network Reconnaissance
- Basics of Scanning
- Perform Recon with Nmap
- Certificate Transparency Logs
- Information Disclosure
- Search Engine Analysis/Enumeration
- Network Sniffing
- Data Manipulation
3.2: Host and Service Discovery Techniques
Exam Objectives Covered:
2.1 Given a scenario, apply information gathering techniques.2.2 Given a scenario, apply enumeration techniques.2.3 Given a scenario, modify scripts for reconnaissance and enumeration.2.4 Given a scenario, use the appropriate tools for reconnaissance and enumeration.
Topics:
- Host and Service Discovery Techniques
- What Is Enumeration?
- Host Discovery
- Scripting with Nmap
- Activity: Scripting with Nmap
- Banner Grabbing
- Protocol Enumeration
- Service Discovery
- DNS Enumeration
- Operating System (OS) Fingerprinting
- Perform Enumeration with Nmap
- Live Lab: DNS Enumeration and Reconnaissance
3.3: Enumeration for Attack Planning
Exam Objectives Covered:
- Given a scenario, apply enumeration 2.4 Given a scenario, use the appropriate tools for reconnaissance and enumeration.
Topics:
- Enumeration for Attack Planning
- Attack Path Mapping
- Manual Enumeration
- Simple Network Management Protocol
- Documenting Enumeration Activities
- Activity: Document Enumeration Activities
3.4: Enumeration for Specific Assets
Exam Objectives Covered:
- Given a scenario, apply enumeration 2.4 Given a scenario, use the appropriate tools for reconnaissance and enumeration.3.1 Given a scenario, conduct vulnerability discovery using various techniques.
Topics:
- Enumeration for Specific Assets
- Directory Enumeration
- User Enumeration
- Wireless Enumeration
- Permission Enumeration
- Secrets Enumeration
- Share Enumeration
- Web Application Firewall (WAF) Enumeration
- Perform a Decoy Scan
- Industrial Control Systems (ICS) Vulnerability Assessment
- Web Crawling/HTML Scraping
4.1: Vulnerability Discovery Techniques
Exam Objectives Covered:
- Given a scenario, conduct vulnerability discovery using various 3.2 Given a scenario, analyze output from reconnaissance, scanning, and enumeration phases.
Topics:
- Vulnerability Discovery Techniques
- Tools for Vulnerability Discovery
- Types of Scans
- Container Scans
- Application Scans
- Scan for Cleartext Vulnerabilities
- Network Scans
- Activity: Scan Identified Targets
- Host-Based Scans
- Live Lab: Using Metasploit
- Secrets Scanning
- Wireless Scans
- Use aircrack-ng to Discover Hidden Networks
- Locate a Rogue Wireless Access Point
- Validate Scan, Reconnaissance, and Enumeration Results
- Applied Live Lab: Network Reconnaissance
- Scan for Linux Vulnerabilities
4.2: Analyzing Reconnaissance Scanning and Enumeration
Exam Objectives Covered:
- Given a scenario, analyze output from reconnaissance, scanning, and enumeration
Topics:
- Analyzing Reconnaissance Scanning and Enumeration
- Public Exploit Selection
- Use Scripting to Validate Results
4.3: Physical Security Concepts
Exam Objectives Covered:
- Explain physical security
Topics:
- Physical Security Concepts
- Tailgating
- Site Surveys
- Universal Serial Bus (USB) Drops
- Badge Cloning
- Lock Picking
- Documenting Scanning and Identifying Vulnerabilities Activities
- Activity: Identify Physical Security Concepts
5.1: Prepare and Prioritize Attacks
Exam Objectives Covered:
- Given a scenario, analyze output to prioritize and prepare
Topics:
- Prepare and Prioritize Attacks
- Target Prioritization
- High-Value Asset Identification
- Descriptors and Metrics
- End-of-Life Software and Systems
- Default Configurations
- Running Services
- Vulnerable Encryption Methods
- Defensive Capabilities
- Capability Selection
- Exploit Selection and Customization
- Documentation Procedures for Attacks
- Dependencies
- Consideration of Scope Limitations
- Activity: Customize Exploits
- Live Lab: Evaluate EOL Software & Systems
- Applied Live Lab: Exploiting Default Configurations with Responder
5.2: Scripting Automation
Exam Objectives Covered:
4.10 Given a scenario, use scripting to automate attacks.
Topics:
- Scripting Automation
- Types of Scripting Automation
- PowerShell
- Bash
- Python
- Breach and Attack Simulation (BAS)
- Live Lab: Executing Scripts to Automate Tasks
6.1: Web-based Attacks
Exam Objectives Covered:
- Given a scenario, perform web application attacks using the appropriate
Topics:
- Web-based Attacks
- Web Application Attacks Overview
- Types of Web Application Attacks
- Tools for Performing Web Application Attacks
- Brute-Force Attack
- Collision Attack
- Directory Traversal
- Request Forgery Attacks
- Deserialization Attack
- Injection Attacks
- Activity: Injection Attacks
- Insecure Direct Object Reference
- Session Hijacking
- Arbitrary Code Execution
- File Inclusions
- API Abuse
- JSON Web Token (JWT) Manipulation
- Live Lab: Evaluating a Database Using SQLMap
- Live Lab: Exploiting Directory Traversal
- Live Lab: Performing XSS
- Live Lab: Abusing Insecure Direct Object References
- Live Lab: Performing Lateral Movement
- Live Lab: Performing RFI and LFI Exploitation
6.2: Cloud-Based Attacks
Exam Objectives Covered:
- Given a scenario, perform cloud-based attacks using the appropriate
Topics:
- Cloud-Based Attacks
- Cloud-Based Attacks Overview
- Types of Cloud-Based Attacks
- Tools for Performing Cloud-Based Attacks
- Metadata Service Attacks
- Access Management Misconfigurations
- Third-Party Integrations
- Resource Misconfiguration
- Activity: Conduct Resource Misconfiguration Attacks
- Logging Information Exposure
- Image and Artifact Tampering
- Supply Chain Attacks
- Workload Runtime Attacks
- Container Escape
- Trust Relationship Abuse
- Perform and Analyze a SYN Flood Attack
7.1: Perform Network Attacks
Exam Objectives Covered:
- Given a scenario, perform cloud-based attacks using the appropriate
Topics:
- Perform Network Attacks
- Network Attack Types
- Tools for Performing Network Attacks
- Default Credentials
- On-Path Attack
- Certificate Services
- Misconfigured Services Exploitation
- Virtual Local Area Network (VLAN) Hopping
- Multihomed Hosts
- Relay Attack
- IDS Evasion
- Live Lab: Sniffing Network Traffic
- Applied Live Lab: Exploring the Power of Nmap NSE
- Live Lab: Discovering Vulnerabilities with Netcat
- Applied Live Lab: Performing a Relay Attack
7.2: Perform Authentication Attacks
Exam Objectives Covered:
- Given a scenario, perform authentication attacks using the appropriate
Topics:
- Perform Authentication Attacks
- Authentication Attack Types
- Tools for Performing Authentication Attacks
- Multifactor Authentication (MFA) Fatigue
- Pass-the-Hash Attacks
- Pass-the-Ticket Attacks
- Pass-the-Token Attacks
- Kerberos Attacks
- Lightweight Directory Access Protocol (LDAP) Injection
- Dictionary Attacks
- Crack a Password with John the Ripper
- Brute-Force Attacks
- Mask Attacks
- Password Spraying
- Credential Stuffing
- OpenID Connect (OIDC) Attacks
- Security Assertion Markup Language (Saml) Attacks
- Live Lab: Cracking Passwords
7.3: Perform Host-Based Attacks
Exam Objectives Covered:
- Given a scenario, perform host-based attacks using the appropriate
Topics:
- Perform Host-Based Attacks
- Types of Host-Based Attacks
- Tools for Performing Host-Based Attacks
- Privilege Escalation
- Credential Dumping
- Circumventing Security Tools
- Clear Audit Policies
- Misconfigured Endpoints
- Payload Obfuscation
- User-Controlled Access Bypass
- Shell Escape
- Kiosk Escape
- Library Injection
- Process Hollowing and Injection
- Log Tampering
- Unquoted Service Path Injection
- Documenting Enterprise Attacks
- Applied Live Lab: Performing an On-Path (AiTM) Attack
- Live Lab: Performing Privilege Escalation
- Live Lab: Implementing Payload Obfuscation
- Live Lab: Performing SQL Injection
- Live Lab: Investigating with Evil-WinRM
- Live Lab: Exploiting LOLBins
- Live Lab: Implementing Credential Dumping
8.1: Wireless Attacks
Exam Objectives Covered:
- Given a scenario, perform wireless attacks using the appropriate
Topics:
- Wireless Attacks
- Types of Wireless Attacks
- Tools for Performing Wireless Attacks
- Activity: Explore Wireless Tools
- Wardriving
- Bluetooth
- Evil Twin Attack
- Signal Jamming
- Protocol Fuzzing
- Packet Crafting
- Deauthentication
- Captive Portal
- Wi-Fi Protected Setup (WPS) and Personal Identification (PIN) Attack
8.2: Social Engineering Attacks
Exam Objectives Covered:
- Given a scenario, perform social engineering attacks using the appropriate
Topics:
- Social Engineering Attacks
- Types of Social Engineering Attacks
- Tools for Performing Social Engineering Attacks
- Phishing, Whaling, Spear phishing, and Smishing
- Social Engineering Techniques for Gathering Information
- Watering Hole
- Credential Harvesting
- Live Lab: Performing Social Engineering using SET
8.3: Specialized System Attacks
Exam Objectives Covered:
- Explain common attacks against specialized
Topics:
- Specialized System Attacks
- Types of Specialized System Attacks
- Tools for Performing Specialized System Attacks
- Mobile Attacks
- AI Attacks
- Operational Technology (OT)
- Radio-Frequency Identification (RFID) and Near-Field Communication (NFC)
- Bluejacking
- Conducting Specialized Penetration Testing Attacks
9.1: Establish and Maintain Persistence
Exam Objectives Covered:
- Given a scenario, perform tasks to establish and maintain
Topics:
- Establish and Maintain Persistence
- Principals of Establishing and Maintaining Persistence
- Scheduled Tasks/cron Jobs
- Service Creation
- Reverse and Bind Shells
- Add New Accounts
- Obtain Valid Account Credentials
- Registry Keys
- Command and Control (C2) Frameworks
- Backdoor
- Activity: Maintain Persistence
- Create a Backdoor with Metasploit
- Rootkit
- Browser Extensions
- Tampering Security Controls
- Live Lab: Configuring Reverse and Bind Shells
- Live Lab: Establishing Persistence and Other Post-Exploitation Activities
9.2: Move Laterally through Environments
Exam Objectives Covered:
- Given a scenario, perform tasks to move laterally throughout the
Topics:
- Move Laterally through Environments
- Lateral and Horizontal Movement
- Scan for Open Ports from a Remote Computer
- Techniques for Moving Laterally through Environments
- Tools for Moving Laterally through Environments
- Pivoting
- Relay Creation
- Enumeration
- Perform Enumeration of MSSQL with Metasploit
- Service Discovery
- Perform a Scan Using Zenmap
- Bypass Windows Firewall
- Window Management Instrumentation (WMI)
- Window Remote Management (WinRM)
9.3: Staging and Exfiltration
Exam Objectives Covered:
- Summarize concepts related to staging and
Topics:
- Staging and Exfiltration
- Fundamentals of Staging and Exfiltration
- Getting Data from a Target
- Hide Files with OpenStego
- Alternate Data Streams
- Applied Live Lab: Staging and Exfiltration Using ADS
9.4: Cleanup and Restoration
Exam Objectives Covered:
- Explain cleanup and restoration
Topics:
- Cleanup and Restoration
- Cleanup and Restoration Procedures
- Activity: Implement Cleanup and Restoration Activities
- Documenting Penetration Testing Tasks
10.1 : Penetration Test Report Components
Exam Objectives Covered:
Explain the components of a penetration test report.
Topics:
- Penetration Test Report Components
- Creating the Penetration Test Report
- Reporting Considerations
- Report Components and Definitions
- Documentation Specifications and Format Alignment
- Risk Scoring
- Test Limitations and Assumptions
10.2: Analyze Findings and Remediation Recommendations
Exam Objectives Covered:
Given a scenario, analyze the findings and recommend the appropriate remediation within a report.
Topics:
- Analyze Findings and Remediation Recommendations
- Analyzing Findings and Developing Recommendations Overview
- Technical Controls
- Administrative Controls
- Operational Controls
- Physical Controls
- Activity: Administrative and Operational Controls
Ti Aiutiamo Noi!
Compila il form e scopri tutti i vantaggi riservati a TE!
Copyright 2021 © IN-Formazione s.r.l.. Tutti i diritti riservati. P. IVA 07252070722
