CompTIA PenTest+ (PT0-003)

Explore regulation and compliance in penetration testing, including pre-engagement activities and PCI DSS. Highlight GDPR articles 32 and 35, and standards such as HIPAA, Sox, NIST, ISO 27,001.

Define testing boundaries by enforcing international and domestic laws, GDPR and CPRA privacy rules, and client tool restrictions to ensure legal, ethical penetration testing.

Explore essential legal agreements and documentation for penetration testing, including SOWs, MSAs, NDAs, SLAs, and authorization letters to define scope and ensure compliance.

Explore standards and methodologies that structure penetration testing across Mitre ATT&CK, OWASP, and NIST. Compare OSS TMM and TS to guide testing phases from reconnaissance to exfiltration, with regulatory alignment.

Define primary contact, technical contact, and emergency contact, and establish communication paths to report critical findings, status reports, indicators of prior compromise, and remediation in tailored executive and technical reports.

Explain the essential components of a penetration test report, including executive summary, scope, methodology, findings, and remediation, and tailor content for executives and technical readers.

Explore recommended remediation solutions across technical, administrative, operational, and physical controls, including system hardening, MFA, patch management, RBAC, and security training for stronger defense.

Learn post engagement cleanup, client acceptance, lessons learned, follow-up actions, retests, and secure data destruction to ensure remediation and protect client confidentiality.

Learn DNS reconnaissance for information gathering in penetration testing, using nslookup, dig, and host to map domains to IPs, identify dns servers, perform reverse lookups, and assess zone transfer risks.

Map the web and cloud attack surface through information gathering and enumeration, using tools for domain discovery, site crawling, and cloud asset enumeration across AWS, Azure, and GCP.

Explore denial of service attacks, including dos, ddos, reflection, amplification, volumetric, and application-layer methods, and learn to ethically simulate them with hp3 for stress testing critical infrastructure.

Explore password attacks, including hash cracking, password spraying, Kerberos, and NTLM relay. Learn to automate password discovery with tools like John the Ripper, Hashcat, Hydra, Medusa, and Responder.

Explore mac spoofing techniques used by penetration testers to impersonate legitimate devices by changing mac addresses to bypass mac filtering and enable on-path wireless attacks.

Explore SQL injection attacks, including error-based, union-based, and blind techniques, and learn to identify vulnerable input points, perform manual exploits, and automate testing with sqlmap to extract data.

Explore cross-site scripting attacks, including reflected and stored XSS, and learn how to identify, exploit, and test for these vulnerabilities using polyglots and web application attacks.

Detect web application firewalls and bypass techniques to test security using tools to identify WAF, inspect headers and cookies, and evade patterns with url encoding or base64 for sql injection and xss.

Explore virtual environment vulnerabilities, including vm escape, hypervisor flaws, and malicious virtual machines in shared repositories, with practical reconnaissance and cloud-based attack concepts.

Explore common container vulnerabilities in applications, container engines, and cloud deployments; understand container escapes and misconfigurations in Kubernetes and EKS, and implement secure controls.

Explore vulnerabilities, threats, and tools in ICS, SCADA, and IIoT, including legacy tech, weak authentication, insecure communications, and IT-OT convergence creating attacker pivot points.

Master privilege escalation across Windows and Linux, detailing horizontal and vertical moves, cross-platform methods, and common techniques like password reuse, misconfigurations, and kernel exploits; apply lateral movement and persistence strategies.

Explore how to plan, scope, and execute penetration tests for the CompTIA PenTest Plus PT0-002 exam, with hands-on demos and expert insights from Ronnie Wong and Daniel Lowrie.

Explore how regulation and compliance shape pen testing, examining PCI-DSS and GDPR with merchant levels, SAQs, ASVs, and data protection impact assessments.

Define the scope of a penetration test by outlining the rules of engagement and in-scope targets, assets, and environment, then validate with the client to stay within boundaries.

Uphold professionalism and integrity in pen testing with background checks, scope adherence, and confidential handling of data, while identifying criminal activity and limiting tool use to the engagement.

Master DNS recon for penetration testing to verify ownership, enumerate in-scope hosts, and learn about records, name servers, and zone transfers using nslookup, dig, and host.

Learn web and cloud discovery and enumeration through domain brute forcing, subdomain discovery, directory fuzzing, and site crawling. Understand token-based authentication, API requests, and assets across AWS, Azure, and GCP.

Explore denial of service concepts, including distributed, reflective and amplification attacks, plus volumetric, protocol, and application-layer methods. See practical demos with hping3 and examples like ping of death and slowloris.

Explore VLAN hopping defenses and attacks, including switch spoofing and double tagging, demonstrating how attackers traverse guest and accounting networks via 802.1Q trunks and potential man-in-the-middle tactics.

Learn mac spoofing in pen testing, including what mac addresses are and the burned-in address, and how mac filtering and NAC can be bypassed on wireless networks.

Explore SQL injection attacks, including boolean-based and union-based payloads, test methods with sqlmap, and enumerate databases, tables, and credentials to understand data exposure.

Explore cross site scripting (XSS) and learn how to test for reflected and stored XSS attacks using web app inputs, JavaScript injection, and polyglot payloads.

Explore how web sessions identify users and protect access. Learn session hijacking, replay, cross-site scripting, CSRF, and session fixation techniques for penetration testing.

Explore cloud attacks and misconfigurations that expand the attack surface beyond on-prem networks, including credential harvesting, metadata service abuse, and cloud-specific tools like Scout Suite and Pacu.

Explore how mobile devices become attack vectors and reveal vulnerabilities like insecure storage. Identify mobile attacks and testing tools, including phishing, sandbox analysis, reverse engineering, and weak permissions.

Explore container vulnerabilities in pen testing by comparing containers with virtual machines, and examining docker basics, container escapes, misconfigurations, and cloud deployment risks in Kubernetes and AWS ECS.

Discover how social engineering and physical attacks drive pen testing, including pretexting, phishing, impersonation, tailgating, and tools like the social engineering toolkit and beef.

Identify post-exploitation enumeration techniques to locate sensitive information and credentials after gaining access. Explore tools like Power Shell Empire, BloodHound, Mimi Cats, and pass-the-hash for lateral movement in active directory.

Test network segmentation to verify the cardholder data environment is isolated from other networks using firewalls, ACLs, VLANs, and routing, and perform annual PCI DSS–compliant penetration tests.

Explore detection avoidance in pen testing, including living-off-the-land techniques, fileless malware, and covert channels for data exfiltration, plus methods to cover tracks by clearing logs.

Explore practical remediation strategies across technical, administrative, operational, and physical controls, from system hardening and patch management to role-based access control, secrets management, and network segmentation.