Autoplay
Autocomplete
Previous Lesson
Complete and Continue
CompTIA Pentest+ (PT0- 002)
01 - Welcome to the Course (PT0-002)
002 CompTIA-PenTest-PT0-002-Study-Notes
002 PenTest-PT0-002-Objectives
003 Exam Tips (3:51)
02 - Planning an Engagement (PT0-002)
001 Planning an Engagement (OBJ 1.1, 1.2, and 1.3) (2:29)
002 Risk (OBJ 1.2) (9:14)
003 Risk Handling (OBJ 1.2) (7:55)
004 Controls (OBJ 1.2) (7:33)
005 PenTest Methodologies (OBJ 1.2) (7:58)
006 PenTest Standards (OBJ 1.2) (7:09)
007 Planning a Test (OBJ 1.2) (9:42)
008 Legal Concepts (OBJ 1.1) (8:24)
009 Regulatory Compliance (OBJ 1.1) (15:20)
010 Professionalism (OBJ 1.3) (10:34)
03 - Scoping an Engagement (PT0-002)
001 Scoping an Engagement (OBJ 1.1, 1.2, and 1.3) (3:39)
002 Defining the Scope (OBJ 1.2) (7:00)
003 Adversary Emulation (OBJ 1.2) (11:57)
004 Target List (OBJ 1.2) (10:59)
005 Identifying Restrictions (OBJ 1.1) (8:04)
006 Rules of Engagement (OBJ 1.2) (7:48)
007 Assessment Types (OBJ 1.3) (9:02)
008 Validating the Scope (OBJ 1.2) (5:20)
009 Limitations and Permission (OBJ 1.1 and 1.3) (7:01)
010 Build a Virtual Lab (16:42)
04 - Passive Reconnaissance (PT0-002)
001 Passive Reconnaissance (OBJ 2.1) (2:43)
002 Information Gathering (OBJ 2.1) (6:01)
003 Open-Source Intelligence (OSINT) (OBJ 2.1) (6:51)
004 Social Media Scraping (OBJ 2.1) (10:44)
005 OSINT Tools (OBJ 2.1) (11:47)
006 Using OSINT Tools (OBJ 2.1) (26:38)
007 DNS Information (OBJ 2.1) (10:28)
008 Reconnaissance with CentralOps (OBJ 2.1) (13:07)
009 Public Repositories (OBJ2.1) (5:17)
010 Search Engine Analysis (OBJ 2.1) (6:23)
011 URL Analysis (OBJ 2.1) (15:23)
012 Cryptographic Flaws (OBJ 2.1) (16:34)
013 CWE & CVE (OBJ 2.1) (6:27)
05 - Active Reconnaissance (PT0-002)
001 Active Reconnaissance (OBJ 2.2 and 2.3) (2:22)
002 Scanning and Enumeration (OBJ 2.2 and 2.3) (10:11)
003 Conducting Enumeration (OBJ 2.3) (15:00)
004 Other Enumeration (OBJ 2.2 and 2.3) (9:27)
005 Website Reconnaissance (OBJ 2.3) (11:43)
006 Detecting and Evading Defenses (OBJ 2.2) (10:12)
007 Packet Crafting (OBJ 2.2) (10:32)
008 Eavesdropping (OBJ 2.2) (10:18)
009 Wardriving (OBJ 2.2) (8:21)
010 DNS and ARP Analysis (OBJ 2.3) (23:07)
011 Network Traffic Analysis (OBJ 2.3) (17:56)
06 - Vulnerability Scanning (PT0-002)
001 Vulnerability Scanning (OBJ 2.3 and 2.4) (2:00)
002 Vulnerability Lifecycle (OBJ 2.3 and 2.4) (8:39)
003 Vulnerability Scans (OBJ 2.3 and 2.4) (11:13)
004 Scanning Considerations (OBJ 2.3 and 2.4) (9:25)
005 Nessus Scanning (OBJ 2.3 and 2.4) (9:12)
006 OpenVas Scanning (OBJ 2.3 and 2.4) (13:37)
007 Nikto Scanning (OBJ 2.3 and 2.4) (5:22)
07 - Nmap (PT0-002)
001 Nmap (OBJ 2.3 and 2.4) (2:34)
002 Nmap Discovery Scans (OBJ 2.3 and 2.4) (7:58)
003 Nmap Port Scans (OBJ 2.3 and 2.4) (9:16)
004 Nmap Fingerprinting (OBJ 2.3 and 2.4) (4:16)
005 Using Nmap (OBJ 2.3 and 2.4) (11:35)
006 Nmap Scripting Engine (OBJ 2.3 and 2.4) (20:24)
08 - Social Engineering and Physical Attacks (PT0-002)
001 Social Engineering and Physical Attacks (OBJ 3.6) (3:39)
002 Methods of Influence (OBJ 3.6) (11:14)
003 Social Engineering (OBJ 3.6) (14:03)
004 Phishing Campaigns (OBJ 3.6) (5:16)
005 Social Engineering Toolkit (OBJ 3.6) (13:41)
006 Pretexting (OBJ 3.6) (4:11)
007 Baiting Victims (OBJ 3.6) (7:14)
008 Impersonation (OBJ 3.6) (4:20)
009 Physical Security (OBJ 3.6) (15:46)
010 Lock Picking (OBJ 3.6) (1:40)
011 Physical Attacks (OBJ 3.6) (10:28)
012 Social Engineering Tools (OBJ 3.6) (4:18)
09 - Wireless Attacks (PT0-002)
001 Wireless Attacks (OBJ 3.2) (3:27)
002 Wireless Security (OBJ 3.2) (16:42)
003 Bypassing MAC Filtering (OBJ 3.2) (4:10)
004 Signal Exploitation (OBJ 3.2) (11:19)
005 WEP Hacking (OBJ 3.2) (9:24)
006 WPAWPA2 Hacking (OBJ 3.2) (8:40)
007 WPS PIN Attacks (OBJ 3.2) (11:47)
008 Evil Twins (OBJ 3.2) (5:56)
009 On-path and Relay Attacks (OBJ 3.2) (4:50)
010 Bluetooth Attacks (OBJ 3.2) (5:53)
011 RFID and NFC Attacks (OBJ 3.2) (4:49)
10 - Network Attacks (PT0-002)
001 Network Attacks (OBJ 3.1) (2:33)
002 Stress Testing (OBJ 3.1) (6:36)
003 Exploit Resources (OBJ 3.1) (6:26)
004 ARP Poisoning (OBJ 3.1) (7:20)
005 DNS Cache Poisoning (OBJ 3.1) (13:01)
006 LLMNRNBT-NS Poisoning (OBJ 3.1) (4:54)
007 MAC Spoofing (OBJ 3.1) (5:26)
008 VLAN Hopping (OBJ 3.1) (6:59)
009 NAC Bypass (OBJ 3.1) (4:54)
010 On-path Attack (OBJ 3.1) (4:02)
011 Password Attacks (OBJ 3.1) (10:11)
012 Pass the Hash (OBJ 3.1) (7:58)
013 Intro to Metasploit (OBJ 3.1) (18:56)
014 Netcat (OBJ 3.1) (7:45)
015 Using Netcat (OBJ 3.1) (11:02)
11 - Application Vulnerabilities (PT0-002)
001 Application Vulnerabilities (OBJ 3.3) (5:46)
002 Race Conditions (OBJ 3.3) (4:58)
003 Buffer Overflows (OBJ 3.3) (12:26)
004 Buffer Overflow Attacks (OBJ 3.3) (6:27)
005 Authentication and References (OBJ 3.3) (5:55)
006 Improper Error Handling (OBJ 3.3) (5:14)
007 Improper Headers (OBJ 3.3) (6:10)
008 Code Signing (OBJ 3.3) (1:59)
009 Vulnerable Components (OBJ 3.3) (11:45)
010 Software Composition (OBJ 3.3) (9:49)
011 Privilege Escalation (OBJ 3.3) (6:12)
012 Conducting Privilege Escalation (OBJ 3.3) (13:08)
12 - Application Attacks (PT0-002)
001 Application Attacks (OBJ 3.3) (2:39)
002 Directory Traversals (OBJ 3.3) (9:35)
003 Dirbuster (OBJ 3.3) (7:17)
004 Cross-Site Scripting (XSS) (OBJ 3.3) (8:59)
005 Cross-Site Request Forgery (CSRF) (OBJ 3.3) (7:15)
006 SQL Injections (OBJ 3.3) (7:01)
007 Conducting SQL Injections (OBJ 3.3) (8:29)
008 Burp Suite and SQLmap (OBJ 3.3) (10:09)
009 OWASP ZAP (OBJ 3.3) (2:52)
010 XML Injections (OBJ 3.3) (6:23)
011 Other Injection Attacks (OBJ 3.3) (4:21)
012 Attacking Web Applications (OBJ 3.3) (15:39)
13 - Cloud Attacks (PT0-002)
001 Cloud Attacks (OBJ 3.4) (2:12)
002 Attacking the Cloud (OBJ 3.4) (6:57)
003 Credential Harvesting (OBJ 3.4) (8:20)
004 Misconfigured Assets (OBJ 3.4) (12:16)
005 Metadata Service Attack (OBJ 3.4) (6:30)
006 Software Development Kit (SDK) (OBJ 3.4) (2:59)
007 Auditing the Cloud (OBJ 3.4) (5:07)
008 Conducting Cloud Audits (OBJ 3.4) (14:02)
14 - Attacks on Mobile Devices (PT0-002)
001 Attacks on Mobile Devices (OBJ 3.5) (4:49)
002 Enterprise Mobility Management (OBJ 3.5) (9:35)
003 Deployment Options (OBJ 3.5) (4:37)
004 Mobile Reconnaissance Concerns (OBJ 3.5) (8:00)
005 Mobile Device Insecurity (OBJ 3.5) (12:18)
006 Multifactor Authentication (OBJ 3.5) (12:14)
007 Mobile Device Attacks (OBJ 3.5) (5:17)
008 Malware Analysis (OBJ 3.5) (13:16)
009 Conducting Malware Analysis (OBJ 3.5) (25:58)
010 Mobile Device Tools (OBJ 3.5) (8:25)
15 - Attacks on Specialized Systems (PT0-002)
001 Attacks on Specialized Systems (OBJ 3.5) (2:47)
002 Internet of Things (IoT) Devices (OBJ 3.5) (8:20)
003 Internet of Things (IoT) Vulnerabilities (OBJ 3.5) (7:39)
004 Embedded Systems (OBJ 3.5) (6:48)
005 ICS and SCADA Devices (OBJ 3.5) (9:19)
006 ICS Protocols and Vulnerabilities (OBJ 3.5) (10:54)
007 Data Storage Vulnerabilities (OBJ 3.5) (6:02)
008 Virtual Environments (OBJ 3.5) (8:19)
009 Virtual Machine Attacks (OBJ 3.5) (6:00)
010 Containerization (OBJ 3.5) (5:48)
16 - Post-exploitation (PT0-002)
001 Post-exploitation (OBJ 3.7) (2:54)
002 Enumerating the Network (OBJ 3.7) (4:07)
003 Network Segmentation Testing (OBJ 3.7) (3:13)
004 Lateral Movement and Pivoting (OBJ 3.7) (3:01)
005 Pass the Hash (OBJ 3.7) (7:52)
006 Golden Ticket (OBJ 3.7) (6:08)
007 Lateral Movement (OBJ 3.7) (8:35)
008 Pivoting (3.7) (7:45)
009 Escalating Privileges (OBJ 3.7) (19:17)
010 Upgrading Restrictive Shells (OBJ 3.7) (5:29)
17 - Detection Avoidance (PT0-002)
001 Detection Avoidance (OBJ 3.7) (1:35)
002 Trojans and Backdoors (OBJ 3.7) (4:23)
003 Creating Persistence (OBJ 3.7) (13:54)
004 Living Off the Land (OBJ 3.7) (12:04)
005 Data Exfiltration (OBJ 3.7) (6:49)
006 Covert Channels (OBJ 3.7) (4:47)
007 Steganography (3.7) (6:02)
008 Covering Your Tracks (OBJ 3.7) (10:07)
009 Persistence and Covering Your Tracks (OBJ 3.7) (8:47)
010 Post-Exploitation Tools (OBJ 3.7) (3:03)
18 - Communication and Reports (PT0-002)
001 Communication and Reports (OBJ 4.3) (1:47)
002 Communication Paths (OBJ 4.3) (5:28)
003 Communication Triggers (OBJ 4.3) (4:40)
004 Reasons for Communication (OBJ 4.3) (10:21)
005 Presentation of Findings (4.1 & OBJ 4.3) (6:08)
006 Report Data Gathering (OBJ 4.1) (3:41)
007 Written Reports (OBJ 4.1) (14:47)
008 Common Themes (OBJ 4.1) (3:04)
009 Securing and Storing Reports (OBJ 4.1) (5:09)
19 - Findings and Remediations (PT0-002)
001 Findings and Remediations (OBJ 4.2) (2:36)
002 Security Control Categories (OBJ 4.2) (13:38)
003 Selecting Security Controls (OBJ 4.2) (4:48)
004 Physical Controls (OBJ 4.2) (6:58)
005 Operational Controls (OBJ 4.2) (10:25)
006 Administrative Controls (OBJ 4.2) (14:26)
007 System Hardening (OBJ 4.2) (10:59)
008 Secure Coding (OBJ 4.2) (9:30)
009 Implementing MFA (OBJ 4.2) (6:24)
010 Digital Certificates (OBJ 4.2) (9:50)
011 Other Technical Controls (OBJ 4.2) (2:44)
012 Mitigation Strategies (OBJ 4.2) (8:11)
20 - Post-report Activities (PT0-002)
001 Post-report Activities (OBJ 4.2) (2:45)
002 Removing Shells and Tools (OBJ 4.2) (2:56)
003 Deleting Test Credentials (OBJ 4.2) (1:56)
004 Destroy Test Data (OBJ 4.2) (2:54)
005 Client Acceptance (OBJ 4.2) (3:00)
006 Attestation of Findings (OBJ 4.2) (3:03)
007 Lessons Learned (OBJ 4.2) (4:08)
008 Retesting (OBJ 4.2) (2:46)
21 - Scripting Basics (PT0-002)
001 Scripting Basics (OBJ 5.1 & OBJ 5.2) (2:27)
002 Scripting Tools (OBJ 5.2) (9:53)
003 Variables (OBJ 5.1) (7:55)
004 Loops (OBJ 5.1) (5:23)
005 Logic Control (OBJ 5.1) (4:38)
006 Data Structures (OBJ 5.1) (12:44)
007 Object Oriented Programming (OBJ 5.1) (7:02)
22 - Analyzing Scripts (PT0-002)
001 Analyzing Scripts (OBJ 5.2) (5:21)
002 Coding in Bash (OBJ 5.2) (21:20)
003 Bash Example (OBJ 5.2) (4:39)
004 Coding in PowerShell (OBJ 5.2) (15:44)
005 PowerShell Example (OBJ 5.2) (3:28)
006 Coding in Python (OBJ 5.2) (20:32)
007 Python Example (OBJ 5.2) (3:43)
008 Coding in Perl (OBJ 5.2) (17:27)
009 Perl Example (OBJ 5.2) (16:15)
010 Coding in JavaScript (OBJ 5.2) (19:25)
011 JavaScript Example (OBJ 5.2) (9:51)
012 Coding in Ruby (OBJ 5.2) (13:46)
013 Ruby Example (OBJ 5.2) (4:18)
23 - Exploits and Automation (PT0-002)
001 Exploits and Automation (OBJ 5.2) (1:40)
002 Exploits to Download Files (OBJ 5.2) (4:30)
003 Exploits for Remote Access (OBJ 5.2) (9:29)
004 Exploits for Enumerating Users (OBJ 5.2) (6:01)
005 Exploits for Enumerating Assets (OBJ 5.2) (5:27)
006 Automation in Engagements (OBJ 5.2) (3:31)
007 Automation with Nmap Scripts (OBJ 5.2) (2:36)
24 - Tool Round-up (PT0-002)
001 Tool Round-up (OBJ 5.3) (2:57)
002 OSINT Tools (OBJ 5.3) (6:17)
003 Scanning Tools (OBJ 5.3) (6:40)
004 Networking Tools (OBJ 5.3) (2:34)
005 Wireless Tools (OBJ 5.3) (7:40)
006 Social Engineering Tools (OBJ 5.3) (2:39)
007 Remote Access Tools (OBJ 5.3) (4:27)
008 Credential Testing Tools (OBJ 5.3) (7:42)
009 Web Application Tools (OBJ 5.3) (2:30)
010 Cloud Tools (OBJ 5.3) (3:02)
011 Steganography Tools (OBJ 5.3) (8:13)
012 Debuggers (OBJ 5.3) (5:35)
013 Miscellaneous Tools (OBJ 5.3) (9:30)
25 - Conclusion (PT0-002)
001 Conclusion (12:01)
002 BONUS Where to go from here (5:16)
Teach online with
003 Deployment Options (OBJ 3.5)
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock