Penetration Testing Pro: Comptia Pentest+ Training
Published 4/2024
MP4 | Video: h264, 1920x1080 | Audio: AAC, 44.1 KHz
Language: English
| Size: 10.95 GB
| Duration: 20h 57m
Penetration Testing Strategies for Network Security and Web Applications
What you'll learn
Conduct comprehensive network penetration tests to identify vulnerabilities and strengthen network security.
Perform thorough web application assessments, uncovering and mitigating common vulnerabilities like SQL injection and XSS.
Master penetration testing methodologies, including reconnaissance, scanning, exploitation, and post-exploitation techniques.
Utilize threat intelligence effectively to proactively identify, analyze, and mitigate cyber threats, enhancing overall cybersecurity posture.
Requirements
Prerequisites for the CompTIA Pentest+ course: Basic understanding of cybersecurity concepts. Familiarity with networking principles and protocols. Proficiency in using operating systems such as Windows and Linux. Knowledge of web application basics (HTTP/HTTPS, HTML, etc.). Access to a computer with internet connectivity for hands-on labs and exercises.
Description
Welcome to the CompTIA Pentest+ course, where you'll dive deep into the world of penetration testing to secure networks and web applications effectively. This comprehensive course is designed to equip you with the knowledge and skills needed to become a proficient cybersecurity professional in the field of penetration testing.Throughout this course, you will explore a range of topics essential for mastering penetration testing techniques. You'll start by understanding the fundamentals of network security, learning how to identify vulnerabilities, and implementing robust security measures to protect networks from cyber threats.Next, you'll delve into the realm of web application testing, where you'll discover common vulnerabilities found in web applications and how to conduct thorough assessments to uncover potential security risks. You'll gain hands-on experience with techniques such as SQL injection, cross-site scripting (XSS), and authentication bypass.One of the key focuses of this course is penetration testing methodologies. You'll learn industry-standard methodologies and frameworks for conducting penetration tests, including reconnaissance, scanning, exploitation, and post-exploitation techniques. You'll also explore the importance of ethical hacking practices and responsible disclosure.Moreover, you'll delve into threat intelligence and how to leverage it effectively to identify and respond to emerging cyber threats proactively. You'll learn how to analyze threat intelligence data, assess the impact of threats, and develop strategies to mitigate risks.By the end of this course, you'll have the skills and confidence to conduct penetration tests effectively, identify security vulnerabilities, and implement robust security measures to protect networks and web applications from cyber attacks. Whether you're an aspiring cybersecurity professional or looking to advance your career in penetration testing, this course will provide you with the expertise needed to succeed in the rapidly evolving field of cybersecurity.
Overview
Section 1: Introduction
Lecture 1 Introduction
Section 2: Scoping Organizational Customer
Requirements
Lecture 2 Cyber Health and Risk management
Lecture 3 Penetration Testing Processes
Lecture 4 PCI DSS Payment Card Industry Data security standard
Lecture 5 GDPR and other laws
Lecture 6 Identifying Pentesting Frameworks
Lecture 7 Different penetration testing frameworks.
Lecture 8 Investigating CVE and CWE
Section 3: Defining the Rules of Engagement
Lecture 9 Assess Environmental Considerations
Lecture 10 Outline the Rules of Engagement
Lecture 11 Prepare Legal Documents
Section 4: Footprinting and Gathering Intelligence
Lecture 12 How to access the CompTIA Pentest+ lab
Lecture 13 Discover the Target
Lecture 14 Gather information from source code repository
Lecture 15 Google hacking and Google hacking database
Lecture 16 Gather information from archive and image search
Lecture 17 Retrieve Website information
Lecture 18 Testing ssl and TLS certificate
Lecture 19 LAB nslookup dig and whois -1
Lecture 20 Discover Open-Source Intelligence Tools
Lecture 21 LAB Use tool harvester for gathering emails
Section 5: Evaluating Human and Physical Vulnerabilities
Lecture 22 Social engineering motivation Techniques
Lecture 23 Social engineering attack
Lecture 24 Social engineering Countermeasures
Lecture 25 Some other type of social engineering attacks
Lecture 26 Physical attacks in the term of social engineering
Lecture 27 LAB - Social Engineering Toolkit
Section 6: Preparing the Vulnerability Scan
Lecture 28 Overview of Vulnerability
Lecture 29 Life Cycle of Vulnerability
Lecture 30 Researching Vulnerabilities - CVE
Lecture 31 CWE - Common Weakness Enumeration
Lecture 32 CAPEC- Common Attack Pattern Enumeration and Classification
Lecture 33 MITRE Attack Adversarial Tactics, Techniques and Common Knowledge
Section 7: Scanning Logical Vulnerabilities
Lecture 34 Web vulnerability scanning with Nikto
Lecture 35 Web Vulnerability Scanning with Wapiti
Lecture 36 Vulnerability scanning with OpenVAS
Lecture 37 OpenVAS Report Analyze
Lecture 38 Automating Vulnerability Scanning with Nessus
Lecture 39 Nessus Scan Analyze the scan Report
Section 8: Analyzing Scanning Results
Lecture 40 nmap basic syntax for host discovery in the netowrk
Lecture 41 Different scanning Techniques to Bypass Firewall, IDS and IPS
Lecture 42 LAB host discovery by using nmap
Lecture 43 Different techniques used for scanning ports
Lecture 44 Fingerprinting and Enumeration with nmap
Lecture 45 nmap script engine for Vulnerability scanning
Section 9: Avoiding Detection and Covering Tracks
Lecture 46 Flying under the Radar
Lecture 47 Bypassing network Access Control NAC
Lecture 48 LOITL and covering the Track.
Lecture 49 Tiding Logs and Entries
Lecture 50 Using Steganography to Hide and Conceal Data
Lecture 51 Data Exfiltration and SSH Channel
Lecture 52 Netcat and winrm to manage covert channel.
Lecture 53 Using Proxy and Proxy Chaining
Section 10: Network Attacks LAN and WAN
Lecture 54 What is network attacks
Lecture 55 Load balance or stress testing
Lecture 56 Protect transmission stream
Lecture 57 Bluetooth Attacks in Network
Lecture 58 RFID and NFC Attacks
Lecture 59 ARP poisoning Attack
Lecture 60 ARP poisoning attack using ettercap to capture password.
Lecture 61 Arp Spoofing Attack with arpspoof tool
Lecture 62 MAC table overflow Attack
Lecture 63 What mac spoofing attack LAB in Linux
Lecture 64 VLAN hopping and double Tagging attack
Lecture 65 DNS poisoning Attack using ettercap
Lecture 66 Password Attacks
Lecture 67 Password attack Demonstration LAB
Lecture 68 Pass the hash Attack and Kerboroasting Attack
Lecture 69 Kerboroasting a Complete LAB demo
Lecture 70 On path attack in Network
Lecture 71 LLMNR and NBT-NS Poisoning Attack with Example and LAB
Lecture 72 Advance password attacks and prevention techniques
Lecture 73 NAC Bypass Attack in Network
Lecture 74 Using Reverse and bind Shell LAB
Lecture 75 Exploit Resources Exploit-DB or Chaining
Section 11: Testing Wireless Networks
Lecture 76 Securing Wireless Communication
Lecture 77 Signal transmission and Exploitation
Lecture 78 Quick demo on capture wireless data
Lecture 79 deauthentication attack inside wireless network
Lecture 80 LAB deauthentication attack agains wireless network
Lecture 81 Wi-Fi Jamming Attack
Lecture 82 Crack WPA and WPA2 key with Demo
Lecture 83 Cracking WEP - LAB
Lecture 84 Cracking WPS wireless security
Lecture 85 Evil Twins attack
Section 12: Targeting Mobile Device
Lecture 86 Mobile device vulnerability and deployment methods
Lecture 87 Controlling access
Lecture 88 EMM Security policies and protecting data
Lecture 89 Vulnerability and protection of Android and iOS device
Lecture 90 Attacking on mobile platforms
Lecture 91 Moving through attacks and spyware
Lecture 92 Bluetooth attack and malware analysis
Section 13: Attacking Specialized Systems
Lecture 93 Identify Vulnerabilities and attacks on IoT Devices
Lecture 94 Leveraging the Protocols
Lecture 95 LAB Discovering IoT devices with Shodan
Lecture 96 Recognize Other Vulnerable Systems
Section 14: Web Application-Based Attacks
Lecture 97 Exposing Sensitive Data with improper error handling
Lecture 98 Missing Input Validation and Signing the Code
Lecture 99 Causing a Race condition
Lecture 100 Hijacking Session Credentials
Lecture 101 Crafting Request Forgery Attacks
Lecture 102 Privilege Escalation
Lecture 103 Upgrading a Non-Interactive Shell
Lecture 104 Identifying SQLi Vulnerabilities
Lecture 105 Traversing Files Using Invalid Input
Lecture 106 Executing Cross Site Scripting XSS attack and Web proxy
Lecture 107 LAB SQL Injection Attack
Lecture 108 Overview of Web Testing Tools
Lecture 109 Exploring the Browser Exploit Framework BeEF
Section 15: Performing System Hacking
Lecture 110 Objectives Perform System Hacking
Lecture 111 Net framework and Powershell in Windows 10
Lecture 112 Command and Control C2 Frameworks
Lecture 113 LAB Using Reverse Shell and Bind Shell
Lecture 114 Remote Access Tool - Netcat
Lecture 115 Communicating withing a Secure Shell (SSH)
Lecture 116 Analyze Exploit code
Section 16: Scripting and Software Development
Lecture 117 Analyzing and automating tasks using scripting
Lecture 118 Basic understanding about scripting languages
Lecture 119 LAB Exploring Programming Shells
Lecture 120 Basics of logic construct
Lecture 121 Data structure in python
Lecture 122 LAB Automate the penetration testing process
Lecture 123 Automate Penetration Testing
Section 17: Leveraging the Attack Pivot and Penetrate
Lecture 124 Password cracking method online and offline
Lecture 125 Dictionary attack and bypass lockout policy
Lecture 126 Bruteforce and password spraying attack
Lecture 127 Test Credential as Linux and Windows
Lecture 128 LAB password attack
Lecture 129 LAB post exploitation Techniques
Section 18: Communicating During the PenTesting Process
Lecture 130 Define and outlining the communication Path
Lecture 131 Communicating with Client Counterparts
Lecture 132 Defining Contacts
Lecture 133 Triggering Communication Events and Prioritize findings
Lecture 134 Providing Situational Awareness and Criminal Activity
Lecture 135 Triggering and Investigating False Positives
Lecture 136 Presenting the Findings
Lecture 137 Sharing and Building Reports with Dardis and Nessus
Section 19: Summarizing Report Components
Lecture 138 Identify Report Audience
Lecture 139 List Report Contents
Lecture 140 Define Best Practices for Reports
Section 20: Recommending Remediation
Lecture 141 Hardening the System
Lecture 142 Sanitizing User Input
Lecture 143 Implementing Multifactor Authentication MFA
Lecture 144 Encrypting the password
Lecture 145 Process-Level Remediation and Patch Management
Lecture 146 Key rotation and Certificate Management
Lecture 147 Providing Secret Management Solution and Network Segmentation
Cybersecurity professionals interested in specializing in penetration testing.,IT professionals seeking to enhance their skills in identifying and mitigating security vulnerabilities.,Network administrators and engineers involved in securing network infrastructure.,Web developers and application security professionals aiming to improve web application security.,Students and individuals looking to start a career in cybersecurity with a focus on penetration testing.
Free search engine download: Penetration Testing Pro CompTIA Pentest+ Training
