Opleiding: CompTIA-PT CompTIA PenTest+ E-Learning (PT0-002) (English)
Volg de CompTIA PenTest+ E-learning bij Master IT! De CompTIA PenTest+ E-learning leert je de nieuwste mogelijkheden omtrent penetratietesten, kwetsbaarheidsbeoordeling en managementvaardigheden die essentieel zijn om systemen tegen aanvallen te beschermen.
Na afronding van deze training kun je onder andere:
- Uitleggen van key aspects van compliance-based assessments
- Uitvoeren van een kwetsbaarheid scan
- Analyseren van de resultaten van de kwetsbaarheidscan
Lesmethode
Ben je op zoek naar volledige zelfstudie? Wij bieden je de mogelijkheid om deze training volledig in jouw eigen tijd te volgen. Uiteraard met het officiële Engelstalige lesmateriaal waarmee je de juiste kennis opdoet.Doelgroep
Iedereen die geavanceerde kennis op wil doen in informatiebeveiliging. Carrierekansen na deze training zijn:- Penetration Tester
- Vulnerability Tester
- Network Security Operations
- Application Security Vulnerability
- Vulnerability Assessment Analyst
- Penetration Tester
- Vulnerability Tester
- Network Security Operations
- Application Security Vulnerability
- Vulnerability Assessment Analyst
Voorkennis
Voor deze training heb je:- Network+, Security+ of gelijkwaardige kennis.
- Minimaal 3-4 jaar hands-on informatiebeveiliging of aanverwante ervaring.
- Network+, Security+ of gelijkwaardige kennis.
- Minimaal 3-4 jaar hands-on informatiebeveiliging of aanverwante ervaring.
Onderdelen
Het lesmateriaal van deze CompTIA training is zeer uitgebreid en aangevuld met extra materiaal, zoals een pre-assesment, flashcards en oefenexamens. Dit betekent dat je niet al het materiaal tijdens je lesdagen zult behandelen. Wil je je goed voorbereiden op het examen, dan is er veel extra materiaal beschikbaar zodat je je thuis optimaal kunt klaarmaken voor het examen. Planning and Scoping - 15%SExplain the importance of planning for an engagement.- Understanding the target audience
- Rules of engagement
- Communication escalation path
- Resources and requirements
- Budget
- Impact analysis and remediation timelines
- Disclaimers
- Technical constraints
- Support resources
- Contracts
- Environmental differences
- Written authorization
- Types of assessment
- Special scoping considerations
- Target selection
- Strategy
- Risk acceptance
- Tolerance to impact
- Scheduling
- Scope creep
- Threat actors
- Compliance-based assessments, limitations and caveats
- Clearly defined objectives based on regulations
- Scanning
- Enumeration
- Packet crafting
- Packet inspection
- Fingerprinting
- Cryptography
- Eavesdropping
- Decompilation
- Debugging
- Open Source Intelligence Gathering
- Credentialed vs. non-credentialed
- Types of scans
- Container securit
- Application scan
- Considerations of vulnerability scanning
- Asset categorization
- Adjudication
- Prioritization of vulnerabilities
- Common themes
- Map vulnerabilities to potential exploits
- Prioritize activities in preparation for penetration test
- Describe common techniques to complete attack
- ICS
- SCADA
- Mobile
- IoT
- Embedded
- Point-of-sale system
- Biometrics
- Application containers
- RTOS
- Phishing
- Elicitation
- Interrogation
- Impersonation
- Shoulder surfing
- USB key drop
- Motivation techniques
- Pass the hash
- Man-in-the-middle
- DoS/stress test
- NAC bypass
- VLAN hopping
- Evil twin
- Deauthentication attacks
- Fragmentation attacks
- Credential harvesting
- WPS implementation weakness
- Bluejacking
- Bluesnarfing
- RFID cloning
- Jamming
- Repeating
- Injections
- Authentication
- Authorization
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF/XSRF)
- Clickjacking
- Security misconfiguration
- File inclusion
- Unsecure code practices
- OS vulnerabilities
- Unsecure service and protocol configurations
- Privilege escalation
- Default account settings
- Sandbox escape
- Physical device security
- Piggybacking/tailgating
- Fence jumping
- Dumpster diving
- Lock picking
- Lock bypass
- Egress sensor
- Badge cloning
- Lateral movement
- Persistence
- Covering your tracks
- SYN scan (-sS) vs. full connect scan (-sT)
- Port selection (-p)
- Service identification (-sV)
- OS fingerprinting (-O)
- Disabling ping (-Pn)
- Target input file (-iL)
- Timing (-T)
- Output parameters
- Use cases
- Tools
- Password cracking
- Pass the hash
- Setting up a bind shell
- Getting a reverse shell
- Proxying a connection
- Uploading a web shell
- Injections
- Logic
- I/O
- Substitutions
- Variables
- Common operations
- Error handling
- Arrays
- Encoding/decoding
- Normalization of data
- Written report of findings and remediation
- Risk appetite
- Storage time for report
- Secure handling and disposition of reports
- Post-engagement cleanup
- Client acceptance
- Lessons learned
- Follow-up actions/retest
- Attestation of findings
- Solutions
- Findings
- Remediation
- Communication path
- Communication triggers
- Reasons for communication
- Goal reprioritization
- Understanding the target audience
- Rules of engagement
- Communication escalation path
- Resources and requirements
- Budget
- Impact analysis and remediation timelines
- Disclaimers
- Technical constraints
- Support resources
- Contracts
- Environmental differences
- Written authorization
- Types of assessment
- Special scoping considerations
- Target selection
- Strategy
- Risk acceptance
- Tolerance to impact
- Scheduling
- Scope creep
- Threat actors
- Compliance-based assessments, limitations and caveats
- Clearly defined objectives based on regulations
- Scanning
- Enumeration
- Packet crafting
- Packet inspection
- Fingerprinting
- Cryptography
- Eavesdropping
- Decompilation
- Debugging
- Open Source Intelligence Gathering
- Credentialed vs. non-credentialed
- Types of scans
- Container securit
- Application scan
- Considerations of vulnerability scanning
- Asset categorization
- Adjudication
- Prioritization of vulnerabilities
- Common themes
- Map vulnerabilities to potential exploits
- Prioritize activities in preparation for penetration test
- Describe common techniques to complete attack
- ICS
- SCADA
- Mobile
- IoT
- Embedded
- Point-of-sale system
- Biometrics
- Application containers
- RTOS
- Phishing
- Elicitation
- Interrogation
- Impersonation
- Shoulder surfing
- USB key drop
- Motivation techniques
- Pass the hash
- Man-in-the-middle
- DoS/stress test
- NAC bypass
- VLAN hopping
- Evil twin
- Deauthentication attacks
- Fragmentation attacks
- Credential harvesting
- WPS implementation weakness
- Bluejacking
- Bluesnarfing
- RFID cloning
- Jamming
- Repeating
- Injections
- Authentication
- Authorization
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF/XSRF)
- Clickjacking
- Security misconfiguration
- File inclusion
- Unsecure code practices
- OS vulnerabilities
- Unsecure service and protocol configurations
- Privilege escalation
- Default account settings
- Sandbox escape
- Physical device security
- Piggybacking/tailgating
- Fence jumping
- Dumpster diving
- Lock picking
- Lock bypass
- Egress sensor
- Badge cloning
- Lateral movement
- Persistence
- Covering your tracks
- SYN scan (-sS) vs. full connect scan (-sT)
- Port selection (-p)
- Service identification (-sV)
- OS fingerprinting (-O)
- Disabling ping (-Pn)
- Target input file (-iL)
- Timing (-T)
- Output parameters
- Use cases
- Tools
- Password cracking
- Pass the hash
- Setting up a bind shell
- Getting a reverse shell
- Proxying a connection
- Uploading a web shell
- Injections
- Logic
- I/O
- Substitutions
- Variables
- Common operations
- Error handling
- Arrays
- Encoding/decoding
- Normalization of data
- Written report of findings and remediation
- Risk appetite
- Storage time for report
- Secure handling and disposition of reports
- Post-engagement cleanup
- Client acceptance
- Lessons learned
- Follow-up actions/retest
- Attestation of findings
- Solutions
- Findings
- Remediation
- Communication path
- Communication triggers
- Reasons for communication
- Goal reprioritization
€690
ex. BTW
Aangeboden door

Master it Training
Onderwerp
CompTIA A+ / Network+ / Security+
Engels
Niveau
Duur
0 dagen
Taal
en
Type product
training
Lesvorm
E-Learning
Aantal deelnemers
Min: 1
Max: 9
Keurmerken aanbieder
Microsoft Learning Partner
NRTO