NET 642 - Pentest+ Guide to Penetration Testing

Module 1: Introduction to Penetration Testing

1. Describe the penetration testing process and its phases, activities, and team members.
2. Describe the CIA and DAD triads.
3. Describe the ethical hacking mindset.
4. Describe some of the tools used in penetration testing.

Module 2: Setting Up a Penetration Testing Lab

1. Explain the purpose of a penetration testing lab.
2. Describe the role each virtual machine plays in a penetration testing lab.
3. Describe how to set up a virtual machine.

Module 3: Planning and Scoping

1. Describe regulatory compliance requirements, such as those in the PCI DSS and GDPR.
2. Define penetration-testing legal documents such as SLAs, SOWs, MSAs, and NDAs.
3. Identify penetration-testing standards and methodologies such as the MITRE ATT&CK Framework, OWASP, NIST, OSSTMM, and PTES.
4. Describe types of penetration-testing assessments.
5. Define the rules of engagement for penetration testing.

Module 4: Information Gathering

1. Apply passive reconnaissance techniques.
2. Apply active reconnaissance techniques.
3. Analyze the results of reconnaissance
4. Use active and passive reconnaissance tools.

Module 5: Performing Vulnerability Scanning

1. Describe vulnerability scanning and its purposes.
2. Describe methods and tools to discover targets for vulnerability scanning.
3. Describe different types of vulnerabilities and vulnerability scans.
4. Describe additional considerations when performing vulnerability scans.
5. Execute vulnerability scans using different tools.
6. Analyze the results of vulnerability scans.

Module 6: Exploitation Methods and Tools

1. Describe methods and tools used in the exploitation and post-exploitation process.
2. Explain how to select targets for exploitation.
3. Describe different exploitation frameworks and their capabilities.
4. Describe common exploits executed against a target.
5. Identify post-exploitation methods and tools.
6. Describe persistence and how to maintain persistence.
7. Describe pivoting, evading detection, and clean-up methods and requirements.

Module 7: Network Attacks and Attack Vectors

1. Describe methods and tools used for performing network attacks.
2. Explain how to select targets for attack.
3. Describe on-path/man-in-the-middle attacks.
4. Describe replay and relay attacks.
5. Describe security and service attacks such as network access control bypass, kerberoasting, SSH attacks, password attacks, SMB and Samba attacks, SMTP attacks, SNMP attacks, and FTP attacks.
6. Describe denial-of-service attacks.
7. Describe VLAN hopping and exploit chaining.

Module 8: Wireless and Specialized Systems Attack Vectors and Attacks

1. Describe wireless attacks and attack vectors.
2. Describe specialized systems attacks and attack vectors.
3. Explain wireless network components, architecture, authentication, and encryption.
4. Describe Radio-Frequency Identification (RFID) and Near Field Communication (NFC).
5. Explain how to acquire wireless hacking targets.
6. Describe wardriving.
7. Explain the tools and methods used to compromise WPS, WEP, WPA, WPA2, and WPA3 wireless security protocols.
8. Describe the tools and methods used to compromise Bluetooth, RFID, and NFC technologies.
9. Describe specialized systems and their vulnerabilities and attack vectors.
10. Describe mobile device vulnerabilities and attack vectors.

Module 9: Application-Based Attack Vectors and Attacks

1. Describe common application vulnerabilities.
2. Describe secure coding practices.
3. Explain application injection attacks such as SQL, HTML, Code, Command, and LDAP injections.
4. Explain application authentication attacks such as password, session, cookie, redirect, and Kerberos attacks.
5. Explain authorization attacks such as insecure direct object reference, parameter pollution, directory traversal, file inclusion, and privilege escalation attacks.
6. Explain web application attacks such as cross-site scripting (XSS), Domain Object Model (DOM), cross-site request forgery (CSRF/XSRF), server-side request forgery (SSRF), and click jacking attacks.
7. Describe mobile application attack tools.
8. Describe application testing tools useful in pen testing.

Module 10: Host Attack Vectors and Cloud Technologies Attacks

1. Describe nonoperating specific host attacks such as taking advantage of permission configuration errors, accessing stored credentials, exploiting defaults, and brute-forcing credentials.
2. Describe various remote access attack methods such as hiding attacks using SSH, NETCAT/Ncat, Metasploit framework remote access, and proxies.
3. Describe Linux/Unix host attacks such as SUID/GUID SUDO, shell upgrade, and kernel exploits, credential harvesting, and password cracking.
4. Describe Windows host attacks such as credential hash, LSA secrets, SAM database, and kernel exploits, credential harvesting, and password cracking.
5. Describe attacks against virtualization such as virtual machine (VM), hypervisor, and VM repository exploits, VM escaping, and container exploits.
6. Describe attacks against cloud-based targets such as account, misconfiguration, and data storage exploits, malware injection, denial-of-service and resource exhaustion attacks, and direct-to-origin exploits.
7. Describe cloud attack tools and their usage.
8. Describe attacks against cloud-based data storage.

Module 11: Social Engineering and Physical Attacks

1. Describe social engineering and its motivations.
2. Describe the psychology of social engineering and the aspects of human nature that can be leveraged by social engineers.
3. Describe the tactics used in person-to-person social engineering.
4. Describe some of the technology and technology-based attacks used in social engineering.
5. Describe social engineering tools.
6. Describe social engineering physical attacks and methods.

Module 12: Reporting and Communication

1. Explain the importance of communication during the pen-testing process.
2. Describe situations that may necessitate communication.
3. Explain the importance of a well-defined communication path and the different contacts involved.
4. Explain communication triggers.
5. Explain various events and milestones that necessitate communication.
6. Explain the types of controls that can be used to remediate vulnerabilities.
7. Describe the most common pen-testing finds and mitigation strategies.
8. Explain the importance of a pen-testing report, its various components, and its secure handling and destruction requirements.
9. Describe pen-testing post-engagement activities.

Module 13: Writing and Understanding Code

1. Explain basic programming concepts.
2. Describe common data structures.
3. Write a simple C program.
4. Create Bash scripts.
5. Create PowerShell scripts.
6. Explain how webpages are created with HTML.
7. Create basic Perl Programs.
8. Explain basic object-oriented programming concepts.
9. Create basic Python programs.
10. Create basic Ruby programs.
11. Create basic JavaScript programs.
12. Describe some of the uses of programming in penetration testing.