CompTIA PenTest+

1 – Understanding Organizational/Customer Requirements

Define Penetration Testing within the Organization

Address Compliance Requirements

Compare Industry Standards and Methodologies

Discuss Professional Conduct in Penetration Testing

2 – Establishing Rules of Engagement

Assess Environmental Factors

Outline Rules of Engagement

Prepare Legal Documentation and Agreements

3 – Footprinting and Intelligence Gathering

Identify the Target

Collect Essential Information

Compile Data from Websites

Utilize Open-Source Intelligence Tools

4 – Assessing Human and Physical Vulnerabilities

Understand Human Behavior and Psychology

Summarize Physical Vulnerabilities

Utilize Social Engineering Techniques

5 – Planning for Vulnerability Scanning

Prepare for Vulnerability Scans

Identify Defensive Measures

Use Scanning Tools

6 – Scanning for Logical Vulnerabilities

Conduct Scans on Identified Targets

Analyze Network Traffic

Identify Wireless Assets

7 – Analyzing Scan Results

Utilize Nmap and NSE

Enumerate Network Hosts

Analyze Scan Outputs

8 – Evasion and Covering Tracks

Avoid Detection

Use Steganography for Concealment

Establish Covert Channels

9 – Exploiting LAN and Cloud Environments

Enumerate Hosts

Attack LAN Protocols

Identify and Compare Exploit Tools

Identify Cloud Vulnerabilities

Explore Cloud-Based Attacks

10 – Testing Wireless Networks

Identify Wireless Vulnerabilities

Utilize Wireless Testing Tools

11 – Targeting Mobile Devices

Recognize Vulnerabilities in Mobile Devices

Conduct Attacks on Mobile Devices

Utilize Assessment Tools for Mobile Devices

12 – Attacking Specialized Systems

Identify Attacks on IoT

Recognize Vulnerable Systems

Explain Vulnerabilities in Virtual Machines

13 – Web Application-Based Attacks

Identify Vulnerabilities in Web Applications

Conduct Session Attacks

Plan and Execute Injection Attacks

Utilize Relevant Tools

14 – System Hacking Techniques

Perform System Hacking

Utilize Remote Access Tools

Analyze Exploit Codes

15 – Scripting and Software Development

Analyze Scripts and Code Samples

Develop Logic Constructs

Automate Penetration Testing Processes

16 – Leveraging the Attack: Pivot and Penetrate

Test Credentials

Navigate through Systems

Maintain Persistence

17 – Communication During Penetration Testing

Establish Communication Channels

Identify Communication Triggers

Utilize Built-In Reporting Tools

18 – Summarizing Report Components

Define Report Audience

List Report Contents

Establish Best Practices for Reports

19 – Recommending Remediation Strategies

Implement Technical, Administrative, and Physical Controls

20 – Post-Report Delivery Activities

Engage in Post-Engagement Cleanup

Follow-Up on Action Items