Opleiding: CompTIA-PT CompTIA PenTest+ E-Learning (PT0-002) (English)

Volg de CompTIA PenTest+ E-learning bij Master IT! De CompTIA PenTest+ E-learning leert je de nieuwste mogelijkheden omtrent penetratietesten, kwetsbaarheidsbeoordeling en managementvaardigheden die essentieel zijn om systemen tegen aanvallen te beschermen.

Na afronding van deze training kun je onder andere:

  • Uitleggen van key aspects van compliance-based assessments
  • Uitvoeren van een kwetsbaarheid scan
  • Analyseren van de resultaten van de kwetsbaarheidscan
De CompTIA PenTest+ E-learning leert je de nieuwste mogelijkheden omtrent penetratietesten, kwetsbaarheidsbeoordeling en managementvaardigheden die essentieel zijn om systemen tegen aanvallen te beschermen.Jouw CompTIA PenTest+ E-learning bevat: officieel lesmateriaal, Quizzes, een lab waarin je kan oefenen, Assessments, proefexamenvragen en videolessen.De PenTest+ e-learning training omvat alle doelstellingen van het CompTIA PenTest+ PT0-001-examen en leert je de basis van het penetratietesten. Je gaat onder andere in op planning, rapportage en scoping van een penetratietestbeoordeling, het begrijpen van wettelijke en nalevingsvereisten, het uitvoeren van penetratietesten en het scannen van kwetsbaarheden, het interpreteren van gegevens en het adequaat rapporteren van de resultaten.

Lesmethode

Ben je op zoek naar volledige zelfstudie? Wij bieden je de mogelijkheid om deze training volledig in jouw eigen tijd te volgen. Uiteraard met het officiële Engelstalige lesmateriaal waarmee je de juiste kennis opdoet.

Doelgroep

Iedereen die geavanceerde kennis op wil doen in informatiebeveiliging. Carrierekansen na deze training zijn:
  • Penetration Tester
  • Vulnerability Tester
  • Network Security Operations
  • Application Security Vulnerability
  • Vulnerability Assessment Analyst
Iedereen die geavanceerde kennis op wil doen in informatiebeveiliging. Carrierekansen na deze training zijn:
  • Penetration Tester
  • Vulnerability Tester
  • Network Security Operations
  • Application Security Vulnerability
  • Vulnerability Assessment Analyst

Voorkennis

Voor deze training heb je:
  • Network+, Security+ of gelijkwaardige kennis.
  • Minimaal 3-4 jaar hands-on informatiebeveiliging of aanverwante ervaring.
Voor deze training heb je:
  • Network+, Security+ of gelijkwaardige kennis.
  • Minimaal 3-4 jaar hands-on informatiebeveiliging of aanverwante ervaring.

Onderdelen

Het lesmateriaal van deze CompTIA training is zeer uitgebreid en aangevuld met extra materiaal, zoals een pre-assesment, flashcards en oefenexamens. Dit betekent dat je niet al het materiaal tijdens je lesdagen zult behandelen. Wil je je goed voorbereiden op het examen, dan is er veel extra materiaal beschikbaar zodat je je thuis optimaal kunt klaarmaken voor het examen.  Planning and Scoping - 15%SExplain the importance of planning for an engagement.    
  • Understanding the target audience
  • Rules of engagement
  • Communication escalation path
  • Resources and requirements
  • Budget
  • Impact analysis and remediation timelines
  • Disclaimers
  • Technical constraints
  • Support resources
Explain key legal concepts.        
  • Contracts
  • Environmental differences
  • Written authorization
Explain the importance of scoping an engagement properly.           
  • Types of assessment
  • Special scoping considerations
  • Target selection
  • Strategy
  • Risk acceptance
  • Tolerance to impact
  • Scheduling
  • Scope creep
  • Threat actors
Explain the key aspects of compliance-based assessments.    
  • Compliance-based assessments, limitations and caveats
  • Clearly defined objectives based on regulations
Information Gathering and Vulnerability Identification - 22%Given a scenario, conduct information gathering using appropriate techniques.             
  • Scanning
  • Enumeration
  • Packet crafting
  • Packet inspection
  • Fingerprinting
  • Cryptography
  • Eavesdropping
  • Decompilation
  • Debugging
  • Open Source Intelligence Gathering
Given a scenario, perform a vulnerability scan.
  • Credentialed vs. non-credentialed
  • Types of scans
  • Container securit
  • Application scan
  • Considerations of vulnerability scanning
Given a scenario, analyze vulnerability scan results.            
  • Asset categorization
  • Adjudication
  • Prioritization of vulnerabilities
  • Common themes
Explain the process of leveraging information to prepare for exploitation.           
  • Map vulnerabilities to potential exploits
  • Prioritize activities in preparation for penetration test
  • Describe common techniques to complete attack
Explain weaknesses related to specialized systems.            
  • ICS
  • SCADA
  • Mobile
  • IoT
  • Embedded
  • Point-of-sale system
  • Biometrics
  • Application containers
  • RTOS
Attacks and Exploits - 30%Compare and contrast social engineering attacks.            
  • Phishing
  • Elicitation
  • Interrogation
  • Impersonation
  • Shoulder surfing
  • USB key drop
  • Motivation techniques
  • Pass the hash
  • Man-in-the-middle
  • DoS/stress test
  • NAC bypass
  • VLAN hopping
Given a scenario, exploit wireless and RF-based vulnerabilities. 
  • Evil twin
  • Deauthentication attacks
  • Fragmentation attacks
  • Credential harvesting
  • WPS implementation weakness
  • Bluejacking
  • Bluesnarfing
  • RFID cloning
  • Jamming
  • Repeating
Given a scenario, exploit application-based vulnerabilities. 
  • Injections
  • Authentication
  • Authorization
  • Cross-site scripting (XSS)
  • Cross-site request forgery (CSRF/XSRF)
  • Clickjacking
  • Security misconfiguration
  • File inclusion
  • Unsecure code practices
Given a scenario, exploit local host vulnerabilities.            
  • OS vulnerabilities
  • Unsecure service and protocol configurations
  • Privilege escalation
  • Default account settings
  • Sandbox escape
  • Physical device security
Summarize physical security attacks related to facilities.           
  • Piggybacking/tailgating
  • Fence jumping
  • Dumpster diving
  • Lock picking
  • Lock bypass
  • Egress sensor
  • Badge cloning
Given a scenario, perform post-exploitation techniques.       
  • Lateral movement
  • Persistence
  • Covering your tracks
Penetration Testing Tools - 17%Given a scenario, use Nmap to conduct information gathering exercises.      
  • SYN scan (-sS) vs. full connect scan (-sT)
  • Port selection (-p)
  • Service identification (-sV)
  • OS fingerprinting (-O)
  • Disabling ping (-Pn)
  • Target input file (-iL)
  • Timing (-T)
  • Output parameters
Compare and contrast various use cases of tools.            
  • Use cases
  • Tools
Given a scenario, analyze tool output or data related to a penetration test.   
  • Password cracking
  • Pass the hash
  • Setting up a bind shell
  • Getting a reverse shell
  • Proxying a connection
  • Uploading a web shell
  • Injections
Given a scenario, analyze a basic script (limited to Bash, Python, Ruby, and PowerShell).   
  • Logic
  • I/O
  • Substitutions
  • Variables
  • Common operations
  • Error handling
  • Arrays
  • Encoding/decoding
Reporting and Communication - 16%Given a scenario, use report writing and handling best practices.          
  • Normalization of data
  • Written report of findings and remediation
  • Risk appetite
  • Storage time for report
  • Secure handling and disposition of reports
Explain post-report delivery activities.  
  • Post-engagement cleanup
  • Client acceptance
  • Lessons learned
  • Follow-up actions/retest
  • Attestation of findings
Given a scenario, recommend mitigation strategies for discovered vulnerabilities.   
  • Solutions
  • Findings
  • Remediation
Explain the importance of communication during the penetration testing process.      
  • Communication path
  • Communication triggers
  • Reasons for communication
  • Goal reprioritization
Het lesmateriaal van deze CompTIA training is zeer uitgebreid en aangevuld met extra materiaal, zoals een pre-assesment, flashcards en oefenexamens. Dit betekent dat je niet al het materiaal tijdens je lesdagen zult behandelen. Wil je je goed voorbereiden op het examen, dan is er veel extra materiaal beschikbaar zodat je je thuis optimaal kunt klaarmaken voor het examen.  Planning and Scoping - 15%SExplain the importance of planning for an engagement.    
  • Understanding the target audience
  • Rules of engagement
  • Communication escalation path
  • Resources and requirements
  • Budget
  • Impact analysis and remediation timelines
  • Disclaimers
  • Technical constraints
  • Support resources
Explain key legal concepts.        
  • Contracts
  • Environmental differences
  • Written authorization
Explain the importance of scoping an engagement properly.           
  • Types of assessment
  • Special scoping considerations
  • Target selection
  • Strategy
  • Risk acceptance
  • Tolerance to impact
  • Scheduling
  • Scope creep
  • Threat actors
Explain the key aspects of compliance-based assessments.    
  • Compliance-based assessments, limitations and caveats
  • Clearly defined objectives based on regulations
Information Gathering and Vulnerability Identification - 22%Given a scenario, conduct information gathering using appropriate techniques.             
  • Scanning
  • Enumeration
  • Packet crafting
  • Packet inspection
  • Fingerprinting
  • Cryptography
  • Eavesdropping
  • Decompilation
  • Debugging
  • Open Source Intelligence Gathering
Given a scenario, perform a vulnerability scan.
  • Credentialed vs. non-credentialed
  • Types of scans
  • Container securit
  • Application scan
  • Considerations of vulnerability scanning
Given a scenario, analyze vulnerability scan results.            
  • Asset categorization
  • Adjudication
  • Prioritization of vulnerabilities
  • Common themes
Explain the process of leveraging information to prepare for exploitation.           
  • Map vulnerabilities to potential exploits
  • Prioritize activities in preparation for penetration test
  • Describe common techniques to complete attack
Explain weaknesses related to specialized systems.            
  • ICS
  • SCADA
  • Mobile
  • IoT
  • Embedded
  • Point-of-sale system
  • Biometrics
  • Application containers
  • RTOS
Attacks and Exploits - 30%Compare and contrast social engineering attacks.            
  • Phishing
  • Elicitation
  • Interrogation
  • Impersonation
  • Shoulder surfing
  • USB key drop
  • Motivation techniques
  • Pass the hash
  • Man-in-the-middle
  • DoS/stress test
  • NAC bypass
  • VLAN hopping
Given a scenario, exploit wireless and RF-based vulnerabilities. 
  • Evil twin
  • Deauthentication attacks
  • Fragmentation attacks
  • Credential harvesting
  • WPS implementation weakness
  • Bluejacking
  • Bluesnarfing
  • RFID cloning
  • Jamming
  • Repeating
Given a scenario, exploit application-based vulnerabilities. 
  • Injections
  • Authentication
  • Authorization
  • Cross-site scripting (XSS)
  • Cross-site request forgery (CSRF/XSRF)
  • Clickjacking
  • Security misconfiguration
  • File inclusion
  • Unsecure code practices
Given a scenario, exploit local host vulnerabilities.            
  • OS vulnerabilities
  • Unsecure service and protocol configurations
  • Privilege escalation
  • Default account settings
  • Sandbox escape
  • Physical device security
Summarize physical security attacks related to facilities.           
  • Piggybacking/tailgating
  • Fence jumping
  • Dumpster diving
  • Lock picking
  • Lock bypass
  • Egress sensor
  • Badge cloning
Given a scenario, perform post-exploitation techniques.       
  • Lateral movement
  • Persistence
  • Covering your tracks
Penetration Testing Tools - 17%Given a scenario, use Nmap to conduct information gathering exercises.      
  • SYN scan (-sS) vs. full connect scan (-sT)
  • Port selection (-p)
  • Service identification (-sV)
  • OS fingerprinting (-O)
  • Disabling ping (-Pn)
  • Target input file (-iL)
  • Timing (-T)
  • Output parameters
Compare and contrast various use cases of tools.            
  • Use cases
  • Tools
Given a scenario, analyze tool output or data related to a penetration test.   
  • Password cracking
  • Pass the hash
  • Setting up a bind shell
  • Getting a reverse shell
  • Proxying a connection
  • Uploading a web shell
  • Injections
Given a scenario, analyze a basic script (limited to Bash, Python, Ruby, and PowerShell).   
  • Logic
  • I/O
  • Substitutions
  • Variables
  • Common operations
  • Error handling
  • Arrays
  • Encoding/decoding
Reporting and Communication - 16%Given a scenario, use report writing and handling best practices.          
  • Normalization of data
  • Written report of findings and remediation
  • Risk appetite
  • Storage time for report
  • Secure handling and disposition of reports
Explain post-report delivery activities.  
  • Post-engagement cleanup
  • Client acceptance
  • Lessons learned
  • Follow-up actions/retest
  • Attestation of findings
Given a scenario, recommend mitigation strategies for discovered vulnerabilities.   
  • Solutions
  • Findings
  • Remediation
Explain the importance of communication during the penetration testing process.      
  • Communication path
  • Communication triggers
  • Reasons for communication
  • Goal reprioritization
Meer...
€690
ex. BTW
Aangeboden door
Master it Training
Onderwerp
CompTIA A+ / Network+ / Security+
Engels
Niveau
Duur
0 dagen
Taal
en
Type product
training
Lesvorm
E-Learning
Aantal deelnemers
Min: 1
Max: 9
Keurmerken aanbieder
Microsoft Learning Partner
NRTO