COURSE OBJECTIVE:
After completing this course you should be able to:
• Explain the importance of planning and key aspects of compliance-based assessments.
• Conduct information gathering exercises with various tools and analyse output and basic scripts (limited to: Bash, Python, Ruby, PowerShell).
• Gather information to prepare for exploitation then perform a vulnerability scan and analyse results.
• Utilise report writing and handling best practices explaining recommended mitigation strategies for discovered vulnerabilities.
• Exploit network, wireless, application, and RF-based vulnerabilities, summarize physical security attacks, and perform post-exploitation techniques.
TARGET AUDIENCE:
• Penetration Tester
• Security Consultant
• Cloud Penetration Tester
• Web App Penetration Tester
• Cloud Security Specialist
• Network & Security Specialist
COURSE PREREQUISITES:
Attendees should meet the following prerequisites:
• Intermediate knowledge of information security concepts, including but not limited to identity and access management (IAM), cryptographic concepts and implementations, computer networking concepts and implementations, and common security technologies.
• Practical experience in securing various computing environments, including small to medium businesses, as well as enterprise environments.
• CompTIA Network + or CompTIA Security + or equivalent knowledge
• Hands-on information security experience
COURSE CONTENT:
•
Lesson 1: Scoping Organizational/Customer Requirements
•
Lesson 2: Defining the Rules of Engagement
•
Lesson 3: Footprinting and Gathering Intelligence
•
Lesson 4: Evaluating Human and Physical Vulnerabilities
•
Lesson 5: Preparing the Vulnerability Scan
•
Lesson 6: Scanning Logical Vulnerabilities
•
Lesson 7: Analyzing Scanning Results
•
Lesson 8: Avoiding Detection and Covering Tracks
•
Lesson 9: Exploiting the LAN and Cloud
•
Lesson 10: Testing Wireless Networks
•
Lesson 11: Targeting Mobile Devices
•
Lesson 12: Attacking Specialized Systems
•
Lesson 13: Web Application-Based Attacks
•
Lesson 14: Performing System Hacking
•
Lesson 15: Scripting and Software Development
•
Lesson 16: Leveraging the Attack: Pivot and Penetrate
•
Lesson 17: Communicating During the PenTesting Process
•
Lesson 18: Summarizing Report Components
•
Lesson 19: Recommending Remediation
•
Lesson 20: Performing Post-Report Delivery Activities
FOLLOW ON COURSES:
The following courses are recommended for further study.
GK5867 – CompTIA CySA+ Cybersecurity Analyst