I. Overview:

CompTIA PenTest+ validates your ability to identify, mitigate, and report system vulnerabilities. Covering all stages of penetration testing across attack surfaces like cloud, web apps, APIs, and IoT, it emphasizes hands-on skills such as vulnerability management and lateral movement. This certification equips you with the expertise to advance your career as a penetration tester or security consultant.

II. Duration: 48 hours (6 days)

III. Objectives:

• Plan and scope penetration tests while ensuring compliance with legal and ethical requirements, and develop detailed reports with remediation recommendations to support engagement management.
• Perform active and passive reconnaissance, gather information, and enumerate systems to uncover vulnerabilities effectively.
• Conduct vulnerability scans, analyze results, and validate findings to identify and address security weaknesses.
• Execute network, host-based, web application, and cloud-based attacks using appropriate tools and techniques to test system defenses.
• Maintain persistence, perform lateral movement, and document findings to support remediation efforts during post-exploitation activities.

IV. Prerequisites:

• Recommended experience:  3–4 years in a penetration tester job role, with Network+ and Security+ or equivalent knowledge.

V. Course outlines:

1. Engagement Management

• Summarize pre-engagement activities.
• Explain collaboration and communication activities.
• Compare and contrast testing frameworks and methodologies.
• Explain the components of a penetration test report.
• Given a scenario, analyze the findings and recommend the appropriate remediation within a report.

2. Reconnaissance and Enumeration

• Given a scenario, apply information gathering techniques.
• Given a scenario, apply enumeration techniques.
• Given a scenario, modify scripts for reconnaissance and enumeration.
• Given a scenario, use the appropriate tools for reconnaissance and enumeration.

3. Vulnerability Discovery and Analysis

• Given a scenario, conduct vulnerability discovery using various techniques.
• Given a scenario, analyze output from reconnaissance, scanning, and enumeration phases.
• Explain physical security concepts.

4. Attacks and Exploits

• Given a scenario, analyze output to prioritize and prepare attacks.
• Given a scenario, perform network attacks using the appropriate tools.
• Given a scenario, perform authentication attacks using the appropriate tools.
• Given a scenario, perform host-based attacks using the appropriate tools.
• Given a scenario, perform web application attacks using the appropriate tools.
• Given a scenario, perform cloud-based attacks using the appropriate tools.
• Given a scenario, perform wireless attacks using the appropriate tools.
• Given a scenario, perform social engineering attacks using the appropriate tools.
• Explain common attacks against specialized systems.
• Given a scenario, use scripting to automate attacks.

5. Post-exploitation and Lateral Movement

• Given a scenario, perform tasks to establish and maintain persistence.
• Given a scenario, perform tasks to move laterally throughout the environment.
• Summarize concepts related to staging and exfiltration.
• Explain cleanup and restoration activities