CompTIA

CYB-325 Ethical Hacking and Penetration Testing

(AIUS-CYB-325.AB1)
Lessons
Lab
TestPrep
Get A Free Trial

Skills You’ll Get

Download Course Outline

1

Introduction

  • The Goals of the CompTIA PenTest+ Certification
  • The Exam Objectives (Domains)
  • Steps to Earning the PenTest+ Certification
  • Facts About the PenTest+ Exam
  • About the CompTIA PenTest+ PT0-002 Cert Guide
2

Introduction to Ethical Hacking and Penetration Testing

  • Understanding Ethical Hacking and Penetration Testing
  • Exploring Penetration Testing Methodologies
  • Building Your Own Lab
  • Review All Key Topics
3

Planning and Scoping a Penetration Testing Assessment

  • Comparing and Contrasting Governance, Risk, and Compliance Concepts
  • Explaining the Importance of Scoping and Organizational or Customer Requirements
  • Demonstrating an Ethical Hacking Mindset by Maintaining Professionalism and Integrity
  • Review All Key Topics
4

Information Gathering and Vulnerability Scanning

  • Performing Passive Reconnaissance
  • Performing Active Reconnaissance
  • Understanding the Art of Performing Vulnerability Scans
  • Understanding How to Analyze Vulnerability Scan Results
  • Review All Key Topics
5

Social Engineering Attacks

  • Pretexting for an Approach and Impersonation
  • Social Engineering Attacks
  • Physical Attacks
  • Social Engineering Tools
  • Methods of Influence
  • Review All Key Topics
6

Exploiting Wired and Wireless Networks

  • Exploiting Network-Based Vulnerabilities
  • Exploiting Wireless Vulnerabilities
  • Review All Key Topics
7

Exploiting Application-Based Vulnerabilities

  • Overview of Web Application-Based Attacks for Security Professionals and the OWASP Top 10
  • How to Build Your Own Web Application Lab
  • Understanding Business Logic Flaws
  • Understanding Injection-Based Vulnerabilities
  • Exploiting Authentication-Based Vulnerabilities
  • Exploiting Authorization-Based Vulnerabilities
  • Understanding Cross-Site Scripting (XSS) Vulnerabilities
  • Understanding Cross-Site Request Forgery (CSRF/XSRF) and Server-Side Request Forgery Attacks
  • Understanding Clickjacking
  • Exploiting Security Misconfigurations
  • Exploiting File Inclusion Vulnerabilities
  • Exploiting Insecure Code Practices
  • Review All Key Topics
8

Cloud, Mobile, and IoT Security

  • Researching Attack Vectors and Performing Attacks on Cloud Technologies
  • Explaining Common Attacks and Vulnerabilities Against Specialized Systems
  • Review All Key Topics
9

Performing Post-Exploitation Techniques

  • Creating a Foothold and Maintaining Persistence After Compromising a System
  • Understanding How to Perform Lateral Movement, Detection Avoidance, and Enumeration
  • Review All Key Topics
10

Reporting and Communication

  • Comparing and Contrasting Important Components of Written Reports
  • Analyzing the Findings and Recommending the Appropriate Remediation Within a Report
  • Explaining the Importance of Communication During the Penetration Testing Process
  • Explaining Post-Report Delivery Activities
  • Review All Key Topics
11

Tools and Code Analysis

  • Understanding the Basic Concepts of Scripting and Software Development
  • Understanding the Different Use Cases of Penetration Testing Tools and Analyzing Exploit Code
  • Review All Key Topics

1

Information Gathering and Vulnerability Scanning

  • Performing Zone Transfer Using dig
  • Using dnsrecon
  • Using Recon-ng to Gather Information
  • Performing Reconnaissance on a Network
  • Performing a UDP Scan Using Nmap
  • Using Nmap for User Enumeration
  • Using Nmap for Network Enumeration
  • Performing Nmap SYN Scan
  • Conducting Vulnerability Scanning Using Nessus
2

Social Engineering Attacks

  • Using BeEF
  • Using the SET Tool to Plan an Attack
3

Exploiting Wired and Wireless Networks

  • Using the EternalBlue Exploit in Metasploit
  • Simulating the DDoS Attack
  • Performing a DHCP Starvation Attack
  • Understanding the Pass-the-hash Attack
  • Performing ARP Spoofing
  • Exploiting SMTP
  • Exploiting SNMP
  • Searching Exploits Using searchsploit
  • Exploiting SMB
4

Exploiting Application-Based Vulnerabilities

  • Exploiting Command Injection Vulnerabilities
  • Exploiting a Website Using SQL Injection
  • Performing Session Hijacking Using Burp Suite
  • Cracking Passwords
  • Conducting a Cross-Site Request Forgery Attack
5

Cloud, Mobile, and IoT Security

  • Understanding Local Privilege Escalation
6

Performing Post-Exploitation Techniques

  • Using OWASP ZAP
  • Using the Task Scheduler
  • Writing Bash Shell Script
  • Performing a Scan in Zenmap
  • Using dig and nslookup Commands
  • Creating Reverse and Bind Shells Using Netcat
  • Hiding Text Using Steganography
  • Using the Metasploit RDP Post-Exploitation Module
7

Tools and Code Analysis

  • Finding Live Hosts by Using the Ping Sweep in Python
  • Whitelisting an IP Address in the Windows Firewall
  • Viewing Exploits Written in Perl
  • Viewing the Effects of Hostile JavaScript in the Browser
  • Using Meterpreter to Display the System Information
  • Performing Vulnerability Scanning Using OpenVAS
  • Enumerating Data Using enum4linux
  • Using Maltego to Gather Information
  • Cracking a Linux Password Using John the Ripper

Any questions?
Check out the FAQs

Still have unanswered questions and need to get in touch?

Contact Us Now

Related Courses

All Courses