Penetration Testing: intermediate

https://www.skillsoft.com/channel/penetration-testing-80b7bb10-eb95-4f7f-81d5-c3b8a663ab62?expertiselevel=3606529 https://www.skillsoft.com/channel/penetration-testing-80b7bb10-eb95-4f7f-81d5-c3b8a663ab62?expertiselevel=3606530 https://www.skillsoft.com/channel/penetration-testing-80b7bb10-eb95-4f7f-81d5-c3b8a663ab62?expertiselevel=3606531
  • 16 Courses | 15h 23m 34s
  • 8 Books | 33h 3m
  • Includes Lab
  • 3 Courses | 4h 32m 49s
  • 2 Books | 6h 11m
  • 1 Course | 1h 22m 6s
  • 3 Books | 16h 14m
Rating 5.0 of 1 users Rating 5.0 of 1 users (1)
 
Penetration tests are authorized simulated attacks on a computer system, performed to evaluate the security of the system. Explore penetration testing.

GETTING STARTED

CompTIA PenTest+: Planning for an Engagement

  • 5m 55s
  • 3m 43s

GETTING STARTED

Penetration Testing Fundamentals

  • 1m 27s
  • 7m 13s

GETTING STARTED

Advanced Pen Testing Techniques

  • 1m 44s
  • 6m 29s

COURSES INCLUDED

CompTIA PenTest+: Planning for an Engagement
Discover how penetration testing exposes weaknesses in security. During this course, you will learn all about the CompTIA PenTest+ exam. Begin by getting to know your audience and the rules of engagement for penetration tests. Next, compare resources, requirements, and budgets. Observe how to conduct an impact analysis and trace remediation timelines. Learn how to review disclaimers and confirm engagement support resources; consider technical constraints, and examine contracts and agreements, such as statements of work. Evaluate environmental differences between clients. Finally, learn why it is important to get written authorization instead of an oral agreement, before the execution of a penetration test.
11 videos | 55m has Assessment available Badge
CompTIA PenTest+: Scoping an Engagement
How far does a security test need to go? This course shows you how to set the scope of a security penetration test. Begin by identifying security assessment types, how to select security targets, and how to determine the testing scope strategy. Next, you will determine who tests the security and learn how to confirm their test methods. Discover how to review the test outcome to determine the level of acceptable risks, risk impacts, and risk treatments. Learn how to avoid scope creep with clients, and identify threat actors and agents. Conclude by aligning tests to regulations and standards, such as PCI DSS, FISMA, MARS-E, HIPAA, SOX, and ISO.
10 videos | 55m has Assessment available Badge
CompTIA PenTest+: Information Gathering
Discover how to gather information and perform white hat reconnaissance through scanning, enumeration, fingerprinting, and eavesdropping. This course can be used as part of the preparation for the PT0-001: CompTIA PenTest+ certification exam. Among the topics covered you will explore how to leverage data to prepare for exploitation. Learn about packet crafting, packet and certificate inspection, decompilation, debugging, open-source intelligence collection, and how to map and prioritize potential intruders. Identify common attack techniques. Conclude with an exercise to name five of the OWASP Top 10 for 2017, list five certificate inspection issues and common enumeration types, and list three UNIX/Linux enumeration tools.
12 videos | 52m has Assessment available Badge
CompTIA PenTest+: Vulnerability Identification
Discover how to properly perform and analyze vulnerability scans, in preparation for the PT0-001: CompTIA PenTest+ certification exam. During this course you will learn about scan types, their considerations, applications, and containers, such as the Docker software platform. Discover how to categorize assets for scans and how to adjudicate and prioritize scans. Review common scanning themes, such as the definition of vulnerability. See how to perform a vulnerability scan and analyze its results. As an exercise, you will list eight common examples of compliance scans, name three benefits of credentialed scans, and list three considerations about vulnerability scans.
9 videos | 40m has Assessment available Badge
CompTIA PenTest+: Social Engineering & Specialized System Attacks
Familiarize yourself with various aspects of social engineering exploits and attacks, as well as specialized system attacks. This course can be used to prepare for the PT0-001: CompTIA PenTest+ certification exam. Begin by learning about weaknesses in specialized systems, such as SCADA, which is used to remotely monitor and control unmanned critical infrastructure, such as parts of the electrical grid. Next, learn how to address phishing attacks, elicitation exploits, interrogation techniques, impersonation, hoaxing, shoulder surfing, USB key dropping, and motivation techniques. Finally, explore how to choose the best software for a pentesting lab, and how to configure a pentesting lab environment.
11 videos | 56m has Assessment available Badge
CompTIA PenTest+: Network-Based Exploits
Discover how to exploit vulnerabilities in wired and wireless networks that take advantage of weaknesses at several layers of the OSI model. During this course, you will explore name resolution, SMB, FTP, DNS, and pass the hash exploits, as well as denial-of-service, NAC bypass and VLAN hopping. Other topics include evil twin, bluejacking, bluesnarfing, cloning, jamming, man-in-the-middle, and repeating. This course can be used as part of the preparation for the PT0-001: CompTIA PenTest+ certification exam. As a review exercise, you will name four weaknesses or specific attacks on WEP, list four scanner SMB auxiliary Metasploit modules, and list four of the five top DNS attacks during 2017/2018.
12 videos | 1h has Assessment available Badge
CompTIA PenTest+: Application-Based Vulnerabilities
There are common exploits and vulnerabilities of applications and programs that security professionals be aware of. During this course, you will explore topics such as injection attacks, authentication and authorization exploits, cross-site scripting attacks, cross-site request forgery, clickjacking, security misconfiguration, file inclusion exploits, and unsecure code practices. This course can be used as part of the preparation for the PT0-001: CompTIA PenTest+ certification exam. As a review exercise, you will list three types of exploits from SQL injection attacks, name three SQLi attack tools, and name five unsecure coding practices.
10 videos | 52m has Assessment available Badge
CompTIA PenTest+: Local Host Vulnerabilities
Discover how to conduct penetration testing against specific local host operating systems, with an emphasis on Windows and Linux systems. This course can be used as part of the preparation for the PT0-001: CompTIA PenTest+ certification exam. You will learn how to recognize OS vulnerabilities, describe service and protocol configurations, and classify additional host-based exploits. As you delve into the topics, you will consider host-based and sandbox exploits and default account setting vulnerabilities. As a review exercise, you will list the five steps of a Linux privilege escalation exploit, name four protocol misconfiguration attack vectors, and name four features of securely encrypted enclaves.
8 videos | 38m has Assessment available Badge
CompTIA PenTest+: Post-Exploitation & Facilities Attacks
Explore topics that involve physical security attacks related to facilities, and learn about post-exploitation techniques. This course can be used to help prepare for the PT0-001: CompTIA PenTest+ certification exam. You will start with a reminder of the six phases of the pen testing life cycle, with a focus on phase five: post-exploitation or post-exploit. Learn about exploit tactics, such as lateral movement, persistence, covering tracks, piggybacking, tailgating, fence jumping, dumpster diving, lock picking, bypass, and badge cloning. As you delve deeper into the course, you will discover how to compare the features of various types of egress sensors, such as photoelectric, passive infrared, and vibration.
10 videos | 40m has Assessment available Badge
CompTIA PenTest+: Penetration Testing
Explore and evaluate various penetration testing tools, scripts, modules, and utilities, such as Nmap, scanner tools, credential testing tools, debuggers and software assurance tools, OSINT tools, networking and wireless tools, web proxies and social engineering tools, and remote access tools. This course can be used to help prepare for the PT0-001: CompTIA PenTest+ certification exam. As a review exercise, you will list five reason why an organization might need penetration tests, list five top candidate sectors that could use penetration tests, and name four OSINT tools.
11 videos | 1h 23m has Assessment available Badge
CompTIA PenTest+: Analyzing Tool & Output
Explore and evaluate various penetration testing analysis techniques using tool and script output such as Password Cracking and Pass the Hash Outputs, Bind Shell and Reverse Shell, Analyzing Injections, and Analyzing Error Handling and Arrays. This course can be used as part of the preparation for the PT0-001: CompTIA PenTest+ certification exam.
12 videos | 56m has Assessment available Badge
CompTIA PenTest+: Reporting & Communication
Explore Domain 5 of the CompTIA PenTest+ exam, which includes report and communication topics, as well as mitigation solutions and remediation strategies. This course can be used to help prepare for the PT0-001: CompTIA PenTest+ certification exam. Start by learning about data normalization and how to write executive summaries of your findings. Next, observe secure practices to dispose of reports, remove shells and tools, clear tester-created credentials, and delete all other artifacts. Conclude by learning how to recommend mitigation strategies for vulnerabilities while maintaining clear communication with the client.
8 videos | 36m has Assessment available Badge
Wi-Fi Penetration Testing
Explore the business convenience of Wi-Fi access, how to recognize the vulnerabilities of wireless networks, and the importance of Wi-Fi penetration testing in this 12-video course, which examines the categories of threats that can compromise a Wi-Fi network. First, you will examine built-in sniffing capabilities used for penetration testing, and the process for performing a rough access point analysis. This course examines Wi-Fi hotspots, web security, and the vulnerabilities of WEP (wired equivalent privacy). This course demonstrates the process used to exploit a Wi-Fi client's vulnerabilities. You will learn how to use Powerfuzzer, an automated customizable web fuzzer, that is part of Kali Linux vulnerability analysis tools. You will learn how to perform a wireless DoS (denial of service) attack against a wireless network. You will examine bugs using the technique of Wi-Fi fuzzing, and how to exploit WPA with PSK secured Wi-Fi. Finally, you will examine the best practices for turning Wi-Fi penetration testing results into policy, security protocols, and user education programs.
12 videos | 51m has Assessment available Badge
PenTesting for Physical Security
This 14-video course explores physical penetration testing, and how to test a business's infrastructure, including IT assets, its data, people, and physical security to locate any exploitable vulnerabilities. In this course, you will learn why lockpicking is essential in cybersecurity, and you will examine different types of locks and lockpick tools. This course demonstrates several types of penetrations, including EM (electromagnetic security vulnerabilities), dumpster diving, and tailgating, and how to protect against these attacks. You will learn about penetration testing types, including network services, web and client applications, Cloud penetration, penetration testing of wireless networks, and social engineering. Learners will explore several penetration tools, including Kali Linux, which comes with tool such as Nmap, Wireshark, and John the Ripper; the Aircrack suite; OpenVas, and several others. You will learn about web app security testing methodologies. Learners will observe the elements of a successful report, and how to document penetration testing results. Finally, this course demonstrates practicing testing skills by using Grier Demo website.
14 videos | 1h 7m has Assessment available Badge
Pen Testing for Software Development: The Penetration Testing Process
Penetration testing can identify both known and unknown vulnerabilities and help avoid security breaches. In this course, you'll learn the importance of penetration testing, what system hardening is, and the requirements of penetration testing. You'll then examine the differences between penetration testing and vulnerability assessments, as well as the various types, stages, and methods of penetration testing. Next, you'll learn about white box, black box, and gray box penetration testing, and the differences in penetration testing methodologies. You'll see the available tools for performing penetration testing, as well as the types of outputs resulting from penetration testing. Lastly, you'll learn about penetration testing best practices and how to perform a penetration test.
16 videos | 1h 26m has Assessment available Badge
Pen Testing for Software Development: Penetration Testing SDLC, Team Structure, & Web Services
Penetration testing in the Software Development Life Cycle helps create a safe and secure end product and minimizes financial and legal risk. In this course, you'll learn where penetration testing fits in the SDLC, the differences between pen testing and developer, and the importance of developer contributions to pen testing. You'll then examine the pen testing team structure and the tasks of the pen testing blue, red, and purple teams. Next, you'll explore the importance of pen testing web services and APIs, what is involved in API pen testing, and the available tools for pen testing APIs. Lastly, you'll learn how to perform a pen test on a REST API, as well as how to perform a pen test using Burp Suite.
14 videos | 1h 13m has Assessment available Badge
SHOW MORE
FREE ACCESS

COURSES INCLUDED

Penetration Testing Fundamentals
This 14-video course explores penetration testing, and the role it plays in protecting a company's assets and networks from exploitation and attacks. In this course, users learn how penetration testing can expose security weaknesses. You will also learn about different types of penetration testing, and how to test for common penetration types, and you will examine the importance of penetration testing for an organization. This course demonstrates passive information gathering, or open- source gathering to search for available information about the organization. You will learn to use active information gathering to target the organization's systems, the employees, their networks to gain information. Next, explore several different types of exploits that can cause problems, including buffer overflow attacks, client side and website attacks, password attacks, and port forwarding exploits; and learn how to conduct a privilege escalation attack. Finally, you will examine how penetration testers and bad actors can gain access to a system by using network tunneling.
14 videos | 1h 18m has Assessment available Badge
Pen Testing Awareness: Results Management
This 14-video course explores benefits to an organization and the role of penetration testing to protect digital assets and networks. In this course, learners observe how to manage and analyze testing results. You will examine several testing methods, including black box, white box, and grey box testing. Next, you will learn about rules of engagement documents, which is executed prior to starting the penetrations testing. This document outlines rules around the test, and the importance of setting stopping points within a penetration test, and when to stop a penetration test. Explore test findings management, risk, risk tolerance, and how to align recommendations to an organization's needs and goals. You will learn about risk tolerance from a privacy and intellectual property perspective, and how to create good test reports for clients. You will learn to categorize your findings by using CVE (Common Vulnerabilities and Exposure) database, or the CVE details. Finally, you will learn how to communicate needed changes, and to emphasize the importance of further testing after recommendations are implemented.
14 videos | 1h 27m has Assessment available Badge
Pen Testing: End-user Behavior
Explore penetration testing, its limitations, and how end-user behavior affects this process in this 14-video course, which examines several types of penetration testing, the reliance on end-user behavior, and the challenges facing organizations. You will explore the role of human error in causing data breaches, user awareness, preventing attacks, and how to use end-user analytics. You will learn to use tools to perform user behavior analytics, and how to use test results to create and communicate reports. Next, learners will examine how to create a plan for organizations to check user behavior when a threat is received, and explore the need for cybersecurity training for employees. You will learn to use advanced analytics that focus on user activity instead of specific static threat indicators to detect anomalies or malicious behavior. You will explore social engineering attacks, how to perform a social engineering penetration test, and how to counter social engineering attacks. Finally, examine the role played by human behavior in penetration testing.
14 videos | 1h 47m has Assessment available Badge

COURSES INCLUDED

Advanced Pen Testing Techniques
Explore advanced penetration testing tools and techniques used to find vulnerabilities, sniff network traffic, deal with cryptography, and crack passwords in this 14-video course. Learners will discover common techniques used to find weaknesses in both Linux and Windows-based systems. Key concepts covered here include finding vulnerability by using scanners and other techniques; how to capture and analyze network traffic with Wireshark; and learning about wireless security technologies, such as WEP, WPA/2/3, and their vulnerabilities. Continue by learning about cryptography and its four goals; learning to differentiate between symmetric and asymmetric cryptography; and learning how to choose a password cracking technique. Next, learn to differentiate between malware types and recognize the consequences of using targeted malware; learn to differentiate between scanning and enumeration; and learn the benefits of using Python to build scripts and deliver exploits. Then perform Linux privilege escalation with a penetration tester; perform Windows privilege escalation to exploit a Windows system by using the AlwaysInstallElevated technique; and use PowerShell to perform pen testing tasks such as reporting on all USB devices installed.
14 videos | 1h 22m has Assessment available Badge

EARN A DIGITAL BADGE WHEN YOU COMPLETE THESE COURSES

Skillsoft is providing you the opportunity to earn a digital badge upon successful completion on some of our courses, which can be shared on any social network or business platform.

Digital badges are yours to keep, forever.

BOOKS INCLUDED

Book

Penetration Testing For Dummies
It is the go-to book for those who have some IT experience but desire more knowledge of how to gather intelligence on a target, learn the steps for mapping out a test, and discover best practices for analyzing, solving, and reporting on vulnerabilities.
book Duration 3h 27m book Authors By Robert Shimonski

Book

Quick Start Guide to Penetration Testing: With NMAP, OpenVAS and Metasploit
Focusing on the three most powerful pentesting tools, this book will get you started with NMAP, OpenVAS, and Metasploit and will help you understand how they can be integrated with each other for greater flexibility and efficiency.
book Duration 50m book Authors By Sagar Rahalkar

Book

CompTIA PenTest+ Study Guide: Exam PT0-001
Whether you're just embarking on your certification journey or finalizing preparations for the big day, this invaluable resource helps you solidify your understanding of essential skills and concepts.
book Duration 8h 45m book Authors By David Seidl, Mike Chapple

Book

Advanced Penetration Testing: Hacking the World's Most Secure Networks
Featuring techniques not taught in any certification prep or covered by common defensive scanners, this book integrates social engineering, programming, and vulnerability exploits into a multidisciplinary approach for targeting and compromising high security environments.
book Duration 3h 59m book Authors By Wil Allsopp

Book

Ethical Hacker's Penetration Testing Guide: Vulnerability Assessment and Attack Simulation on Web, Mobile, Network Services and Wireless Networks
This book is intended for pen testers, ethical hackers, security analysts, cyber professionals, security consultants, and anybody interested in learning about penetration testing, tools, and methodologies. Knowing concepts of penetration testing is preferable but not required.
book Duration 3h 49m book Authors By Samir Kumar Rakshit

Book

Hands-on Penetration Testing for Web Applications: Run Web Security Testing on Modern Applications Using Nmap, Burp Suite and Wireshark (English Edition)
This book offers readers with knowledge and skillset to identify, exploit and control the security vulnerabilities present in commercial web applications including online banking, mobile payments and e-commerce applications.
book Duration 3h 16m book Authors By Richa Gupta

Book

Penetration Testing Essentials
IT Security certifications have stringent requirements and demand a complex body of knowledge. This essential guide lays the groundwork for any IT professional hoping to move into a cybersecurity career by developing a robust pen tester skill set.
book Duration 6h 13m book Authors By Sean-Philip Oriyano

Book

Penetration Testing Basics: A Quick-Start Guide to Breaking into Systems
Learn how to break systems, networks, and software in order to determine where the bad guys might get in. Once the holes have been determined, this short book discusses how they can be fixed.
book Duration 2h 44m book Authors By Ric Messier
SHOW MORE
FREE ACCESS

BOOKS INCLUDED

Book

Penetration Testing For Dummies
It is the go-to book for those who have some IT experience but desire more knowledge of how to gather intelligence on a target, learn the steps for mapping out a test, and discover best practices for analyzing, solving, and reporting on vulnerabilities.
book Duration 3h 27m book Authors By Robert Shimonski

Book

Penetration Testing Basics: A Quick-Start Guide to Breaking into Systems
Learn how to break systems, networks, and software in order to determine where the bad guys might get in. Once the holes have been determined, this short book discusses how they can be fixed.
book Duration 2h 44m book Authors By Ric Messier

BOOKS INCLUDED

Book

Advanced Penetration Testing: Hacking the World's Most Secure Networks
Featuring techniques not taught in any certification prep or covered by common defensive scanners, this book integrates social engineering, programming, and vulnerability exploits into a multidisciplinary approach for targeting and compromising high security environments.
book Duration 3h 59m book Authors By Wil Allsopp

Book

Ethical Hacking and Penetration Testing Guide
Supplying a simple and clean explanation of how to effectively utilize a wide range of tools, this accessible resource details a four-step methodology for conducting an effective penetration test or hack to provide you with a fundamental understanding of offensive security.
book Duration 6h 2m book Authors By Rafay Baloch

Book

Penetration Testing Essentials
IT Security certifications have stringent requirements and demand a complex body of knowledge. This essential guide lays the groundwork for any IT professional hoping to move into a cybersecurity career by developing a robust pen tester skill set.
book Duration 6h 13m book Authors By Sean-Philip Oriyano

SKILL BENCHMARKS INCLUDED

SecOps Proficiency (Advanced Level)
The SecOps Proficiency benchmark measures whether a learner has an advanced understanding of the SecOps practice, with additional experience with SecOps tools and processes. A learner who scores high on this benchmark demonstrates professional proficiency in all of the major areas of the SecOps discipline, across a variety of different platforms and deployments. This learner works and acts almost 100% independently of others, and is seen as a leader in the industry.
31m 58s    |   32 questions
SecOps Competency (Intermediate Level)
The SecOps Competency benchmark measures whether a learner has working experience of the SecOps practice, with additional experience with SecOps tools and processes. A learner who scores high on this benchmark demonstrates competency in many areas of the SecOps discipline. This learner has had some working exposure to SecOps and Internet security principles and practices.
24m    |   24 questions
SecOps Awareness (Entry Level)
The SecOps Awareness benchmark measures whether a learner has had exposure to basic SecOps practices and theories. A learner who scores high on this benchmark demonstrates awareness in some areas of the SecOps discipline.
11m    |   11 questions
SecOps Literacy (Beginner Level)
The SecOps Literacy benchmark measures whether a learner has had some exposure of the SecOps practices and processes. A learner who scores high on this benchmark demonstrates literacy in key areas of the SecOps discipline. They are able to participate in SecOps discussions and understand the advice of more advanced SecOps practitioners.
24m    |   24 questions
SHOW MORE
FREE ACCESS

YOU MIGHT ALSO LIKE

Rating 5.0 of 2 users Rating 5.0 of 2 users (2)