Pentest +

The CompTIA PenTest+ certification course will walk you through the process of performing a pentest. You'll also become familiar with many popular tools and scripting languages. Whether you're interested in becoming a pentester or simply curious about the profession, this course is for you. Not only will this course prepare you for the certification exam, but it will also arm you with the skills necessary for entering into the mysterious realm of pentesting.

  • 4.9/5.0
  • 2873 Eingeschrieben
  • Zuletzt aktualisiert Jun 28, 2026
Pentest + course image

Kursübersicht

  • The CompTIA PenTest+ certification is a globally recognized credential that validates the skills and knowledge required to perform advanced penetration testing and vulnerability management. It ensures that candidates are capable of assessing the security posture of networks, systems, and applications by identifying, exploiting, and managing vulnerabilities in a responsible and professional manner.
  • This course provides comprehensive, hands-on training designed to develop the practical skills necessary for planning and scoping penetration tests, conducting vulnerability assessments, and performing real-world attacks on a variety of systems. Participants will also learn to analyse findings, prepare detailed reports, and communicate remediation strategies to both technical and non-technical audiences.
  • The CompTIA PenTest+ certification goes beyond simple vulnerability scanning—it covers the full lifecycle of a penetration testing engagement, from initial reconnaissance and information gathering to exploitation, post-exploitation, and reporting. The course aligns with industry best practices, legal standards, and compliance frameworks to ensure ethical and responsible testing procedures.
  • Through this program, learners gain not only technical expertise but also the analytical and communication skills necessary to work effectively as part of a cybersecurity team, helping organizations strengthen their security defences and reduce exposure to cyber threats.

Who This Course Is For

  • Security Analysts who want to deepen their knowledge of offensive security and vulnerability management.
  • Penetration Testers seeking to validate and expand their professional skills with a globally respected certification.
  • Vulnerability Testers who wish to enhance their ability to identify, exploit, and remediate security flaws.
  • Network Security Operations Personnel responsible for maintaining and defending network infrastructures against attacks.
  • Application Security Vulnerability Testers who want to specialize in testing and securing web and mobile applications.

Kursübersicht



Module 1 — Planning & Scoping Penetration Tests

  • Overview: Establish the legal, contractual, and technical foundation for a safe, repeatable penetration test.
    Learning objectives: define scope, legal/ethical boundaries, success criteria; create test plans and rules of engagement; select tools and assessment types.
    Key topics: client intake & scoping questionnaires; authorization, non-disclosure agreements, and laws; risk assessment and impact analysis; test types (black/grey/white box); scheduling, rollback & contingency planning; resource & tool selection.
    Practical work / labs: write a sample rules-of-engagement document; build a risk-based test plan for a fictional organization; create a scoping questionnaire.
    Skills gained: professional test planning, legal/compliance awareness, stakeholder communication.

Module 2 — Conducting Passive Reconnaissance

  • Overview: Collect publicly available intelligence without directly interacting with target systems.
    Learning objectives: map digital footprint, identify attack surface, harvest metadata and public exposures, discover third-party risks.
    Key topics: OSINT techniques (search engines, social media, public registries), WHOIS/DNS/Passive DNS, public code repositories, metadata analysis, cloud and third-party exposure discovery, data aggregation & correlation.
    Practical work / labs: OSINT exercise on a mock company; extract and analyze metadata from documents; build an attack surface inventory.
    Skills gained: efficient data collection, correlation of disparate public data, building reconnaissance reports.

Module 3 — Performing Non-Technical Tests

  • Overview: Test human and organizational weaknesses that technology alone won’t reveal.
    Learning objectives: design and run social-engineering campaigns, assess physical security, evaluate policy and process adherence.
    Key topics: phishing and vishing concepts, social-engineering frameworks, pretexting, physical access assessments, insider threat scenarios, security awareness measurement, policy review techniques.
    Practical work / labs: craft a simulated phishing email (non-malicious), conduct a reception/visitor procedure audit, create a security awareness scorecard.
    Skills gained: social-engineering planning, human vulnerability assessment, organizational control evaluation.

Module 4 — Conducting Active Reconnaissance

  • Overview: Use direct interaction to discover live hosts, services, and configuration details while minimizing detection and impact.
    Learning objectives: perform network discovery, service enumeration, banner grabbing, fingerprinting and mapping of infrastructure.
    Key topics: TCP/UDP scanning strategies, network mapping, service and OS fingerprinting, application discovery, IDS/IPS awareness, scanning ethics and throttling.
    Practical work / labs: run scanning workflows against a lab network; correlate scan results to produce an asset inventory; tune scans to avoid service disruption.
    Skills gained: safe active discovery, accurate host/service enumeration, reconnaissance report generation.

Module 5 — Analyzing Vulnerabilities

  • Overview: Identify, verify, and prioritize vulnerabilities in hosts, services, and applications.
    Learning objectives: analyze scan output, validate findings, assess likelihood and impact, and prioritize remediation using risk models.
    Key topics: vulnerability scanners and interpretation, false positive/negative handling, manual verification techniques, CVE/CWE mapping, risk scoring (CVSS), prioritization strategies.
    Practical work / labs: triage scanner results from multiple tools; manually verify selected findings; map vulnerabilities to remediation actions.
    Skills gained: critical analysis of automated results, vulnerability validation, remediation prioritization.

Module 6 — Penetrating Networks

  • Overview: Exploit network-level weaknesses to gain access to internal resources while maintaining operational safety.
    Learning objectives: execute network exploitation techniques, pivoting, and maintain stealth and persistence where appropriate for tests.
    Key topics: network protocol weaknesses, misconfigurations (open shares, weak SMB), exploitation of services, man-in-the-middle techniques, tunneling and pivoting, use of proxies and pivot hosts.
    Practical work / labs: perform controlled exploitation of vulnerable lab services; demonstrate pivoting from a compromised host to additional subnets; document containment steps.
    Skills gained: practical exploitation of network weaknesses, lateral movement basics, safe escalation techniques.

Module 7 — Exploiting Host-Based Vulnerabilities

  • Overview: Attack host machines to escalate privileges, access sensitive data, and demonstrate impact.
    Learning objectives: exploit host vulnerabilities, escalate privileges, bypass common protections, and cleanly document evidence.
    Key topics: privilege escalation (Windows/Linux), service exploitation, credential harvesting, patch-level exploitation, anti-forensics considerations, endpoint security bypass methods (with legal/ethical limits).
    Practical work / labs: exploit lab hosts to gain user and then admin/root access; capture and document proof-of-concepts; practice safe cleanup.
    Skills gained: host exploitation, post-compromise evidence collection, responsible reporting of impact.

Module 8 — Testing Applications

  • Overview: Identify and exploit weaknesses in web, mobile, and API applications using secure testing methodologies.
    Learning objectives: test for common application vulnerabilities, chain bugs into exploits, and recommend secure remediations.
    Key topics: OWASP Top 10 and beyond, input validation flaws, authentication/authorization issues, session management, server-side vulnerabilities, API testing, mobile app testing basics, secure coding remediation.
    Practical work / labs: hands-on web app testing (SQLi, XSS, auth flaws), API fuzzing and exploitation, report secure fixes for discovered bugs.
    Skills gained: systematic web/API testing, exploit chaining, developer-facing remediation guidance.

Module 9 — Completing Post-Exploit Tasks

  • Overview: After gaining access, perform controlled tasks to demonstrate impact while preserving evidence and respecting scope.
    Learning objectives: collect and analyze evidence, maintain minimal persistence only if authorized, exfiltrate sample data safely, and restore systems to original state.
    Key topics: evidence preservation and chain-of-custody basics, credential and secret discovery, data discovery/exfiltration techniques (simulated), safe persistence strategies (for tests), cleanup procedures and rollback.
    Practical work / labs: evidence capture exercises, simulated data discovery and secure reporting, restore lab systems to baseline.
    Skills gained: ethical post-exploit operations, forensic mindfulness, responsible restoration.

Module 10 — Analyzing & Reporting Pen Test Results

  • Overview: Turn technical findings into clear, actionable, and prioritized reports for technical teams and leadership.
    Learning objectives: synthesize findings into remediation-focused reports, produce executive summaries, quantify business impact, and present results to stakeholders.
    Key topics: report structure (exec summary, technical findings, PoC, remediation guidance), risk remediation plans, metrics/KPIs, presentation skills, creating repeatable delivery artifacts (templates, trackers), legal disclosure considerations.
    Practical work / labs: produce a full pentest report from a previous lab engagement; prepare an executive slide deck; role-play presenting findings to technical and non-technical audiences.
    Skills gained: professional reporting, stakeholder communication, remediation planning.

Final notes & suggested course add-ons

  • Capstone project: a full-life-cycle pentest on a controlled lab that includes planning, reconnaissance, exploitation, post-exploit tasks, and final reporting.
  • Assessments: practical labs, a written exam section, and a final report/presentation graded for clarity, accuracy, and remediation quality.
  • Duration guidance (optional): each module typically fits a 1–2 day workshop; combine into a 3–5 week bootcamp or a semester-length course depending on depth.

Kursziele

  • Successful candidates will have the intermediate-level skills required to customize and adapt various assessment frameworks in order to conduct comprehensive penetration tests effectively. They will learn how to plan, execute, and manage penetration testing projects while ensuring that all activities comply with legal and organizational standards.
  • Additionally, candidates will gain the ability to perform detailed vulnerability assessments, identify and exploit system weaknesses, and demonstrate real-world attack techniques in controlled environments. They will also develop the capacity to analyze and interpret data collected during tests to accurately evaluate an organization’s security posture.
  • Candidates will master the best practices for documenting and communicating findings, including how to create clear and actionable reports for both technical teams and executive stakeholders. They will learn how to recommend remediation strategies and mitigation techniques to reduce identified risks and strengthen overall network defenses.
  • Finally, candidates will acquire the skills to collaborate effectively with cross-functional security teams, provide post-assessment guidance, and continuously improve IT security processes through evidence-based recommendations.

Kursvoraussetzungen

  • To successfully undertake the CompTIA PenTest+ certification, candidates should possess a minimum of 3–4 years of practical, hands-on experience in information security or related IT fields. This ensures that participants have a solid understanding of core networking, system administration, and security concepts before diving into advanced penetration testing techniques.

Additional recommended prerequisites include:

  • Strong foundational knowledge of networks and protocols, including TCP/IP, DNS, HTTP, and VPN technologies.
  • Experience with operating systems such as Windows, Linux, and macOS, with a focus on command-line tools and system configurations.
  • Understanding of vulnerability management processes, including identifying, analyzing, and mitigating security risks.
  • Basic scripting or programming experience in languages such as Python, Bash, or PowerShell to automate security tasks and exploit analysis.
  • Familiarity with security frameworks and compliance standards, such as NIST, ISO 27001, and GDPR.
  • It is also highly recommended (though not mandatory) that candidates have earned the CompTIA Security+ certification or possess equivalent knowledge before attempting the PenTest+ exam.
  • These prerequisites help ensure that learners are well-prepared to understand advanced penetration testing methodologies, effectively use penetration testing tools, and produce professional, actionable security assessment reports.

Kursplan

Datum Tage übrig Schulungsort
Keine Termine verfügbar

Kursprüfungsinformationen

  • The CompTIA PenTest+ exam is a performance-based certification exam that assesses the candidate’s ability to plan, conduct, analyze, and report on penetration tests and vulnerability assessments. It validates intermediate-level cybersecurity skills used by penetration testers, vulnerability assessment analysts, and security consultants.
  • Exam Code: PT0-002
    Exam Format: Multiple-choice and performance-based questions
    Number of Questions: Maximum of 85 questions
    Type of Questions: Multiple choice (single and multiple response) and hands-on, performance-based simulations
    Exam Duration: 165 minutes (2 hours and 45 minutes)
    Passing Score: 750 (on a scale of 100–900)
    Languages Available: English, Japanese, Portuguese, Thai, and Spanish
    Testing Provider: Pearson VUE (Online Testing or In-Person at Testing Centers)

Key Skills Measured:

  • Planning and scoping penetration testing engagements
  • Conducting information gathering and vulnerability identification
  • Performing attacks and exploiting vulnerabilities
  • Managing post-exploitation activities and reporting results
  • Understanding legal, compliance, and ethical considerations in penetration testing

Recommended Experience:
Before taking the PenTest+ exam, candidates are recommended to have:

  • CompTIA Security+ certification or equivalent knowledge
  • Minimum of 3–4 years of hands-on experience in information security or related field
  • Strong understanding of networking, security tools, and vulnerability management
  • Renewal and Continuing Education:
    The PenTest+ certification is valid for three years from the date of certification. It can be renewed through the CompTIA Continuing Education (CE) program by earning CEUs (Continuing Education Units) through approved activities, training, or higher-level certifications.
  • Exam Domains (Objectives):
  • Planning and Scoping (14%)
  • Information Gathering and Vulnerability Identification (22%)
  • Attacks and Exploits (30%)
  • Reporting and Communication (18%)
  • Tools and Code Analysis (16%)
Bewertungen unserer Kunden

4.9

  • (*)(*)(*)(*)(*)

Excellent

  • (*)(*)(*)(*)(*)
  • (*)(*)(*)(*)( )
  • ( )( )( )( )( )
  • ( )( )( )( )( )
  • ( )( )( )( )( )
JV
Jeroen Van Dijk

If you’ve ever wanted to break into ethical hacking, this is the place to start. It’s practical, challenging, and pushes you to think like an attacker. I finally get why iExperts emphasizes hands-on cybersecurity training.

  • (*)(*)(*)(*)(*)

DN
Dimitris Nikidis

I wanted to give you my feedback regarding the security training you did to us. First of all, I want to thank you for all the valuable information you shared. For sure I can tell that my objectives for this training were fulfilled. The best part of the session was the hands-on session (even though I didn’t have laptop :)). The only thing that I would like to have more is to do some kind of penetration in the mobile environment. Last but not least, your way of presenting is very nice. There wasn’t any moment that I was tired. Keep on the beautiful work! I will follow you also on Twitter to get the latest information. We will keep in touch!

  • (*)(*)(*)(*)(*)

SR
Sarah Roberts

Enthusiastic and knowledgeable presentation style Approachable / flexible

  • (*)(*)(*)(*)(*)

Dieser Kurs beinhaltet

  • Dauer40 Std.
  • AnbieterCompTIA
  • KategorieCyber Security
  • ZertifikatJa

Kursprofil

Kursquiz

Testen Sie Ihr Wissen mit unserem Kursquiz! Beantworten Sie eine Reihe von Fragen zu Pentest +.

Ähnliche Kurse

Security + 701
Security + 701

CompTIA Security+ is a globally recognized certification that validates the foundational skills required for IT security roles. It confirms your ability to perform core security functions and apply best practices across various systems. The course covers essential topics such as threat management, risk mitigation, and incident response. It equips you with knowledge of network security, cryptography, identity management, and access control. Security+ 701 ensures you understand how to protect devices, data, and infrastructure from modern cyber threats. The certification serves as a stepping stone for advanced security certifications and career growth in cybersecurity. By completing this course, you demonstrate to employers that you have the practical skills and knowledge to secure IT environments effectively.

  • 40 Std. 4.8 (2933)

Cyber Security Analyst (CySA +)
Cyber Security Analyst (CySA +)

CompTIA Cybersecurity Analyst (CySA+) is a globally recognized certification designed for cybersecurity professionals responsible for protecting and defending organizational networks. The certification focuses on threat detection, prevention, and response through continuous security monitoring. It validates the skills needed to analyze data, identify vulnerabilities, and implement effective security solutions to safeguard systems and applications against modern cyber threats. This course prepares learners to apply behavioral analytics to networks and devices to prevent, detect, and combat cybersecurity threats through real-time monitoring and incident response techniques. It bridges the gap between the foundational security knowledge of Security+ and the advanced expertise of CompTIA PenTest+.

  • 40 Std. 4.7 (2633)

Advanced Security Practitioner (CASP +)
Advanced Security Practitioner (CASP +)

The CompTIA Advanced Security Practitioner (CASP+) certification focuses on the technical knowledge and skills necessary to design, engineer, integrate, and implement secure solutions in complex environments. It emphasizes supporting a resilient enterprise while addressing governance, risk, and compliance requirements. This exam does not use a scaled score system and is evaluated on a pass/fail basis.

  • 40 Std. 4.8 (2364)

CompTIA A +
CompTIA A +

The CompTIA A+ Core Series requires candidates to pass two exams: Core 1 (220-1101) and Core 2 (220-1102). These exams cover the latest content and emphasize the technologies and skills IT professionals need to effectively support a hybrid workforce. This certification validates foundational IT skills across various areas such as hardware, networking, mobile devices, operating systems, troubleshooting, and security. It prepares learners to manage and maintain modern computing environments, ensuring smooth technical support in both on-site and remote work settings. Earning the CompTIA A+ certification demonstrates that you have the practical knowledge and problem-solving abilities required for entry-level IT support roles, making it a globally recognized starting point for a successful career in information technology.

  • 40 Std. 4.8 (2354)

CompTIA Cloud +
CompTIA Cloud +

CompTIA Cloud+ validates the skills needed to deploy and automate secure cloud environments that support the high availability of business systems and data. It covers key concepts in cloud architecture, virtualization, and storage. The course also emphasizes cloud security, risk management, and compliance best practices. Participants learn how to manage and optimize cloud resources effectively. It provides practical knowledge for troubleshooting and resolving cloud infrastructure issues. The certification ensures readiness to support hybrid and multi-cloud environments. Overall, Cloud+ prepares professionals to maintain efficient, reliable, and secure cloud operations.

  • 40 Std. 4.9 (2976)

Das könnte Ihnen auch gefallen

Entdecken Sie die beliebtesten 🔥 Kurse auf dem Markt

Dora Lead Manager
PECB
Cyber SecurityBusiness Management
Dora Lead Manager

The DORA (Digital Operational Resilience Act) Lead Manager course equips senior professionals with the skills and knowledge needed to oversee, manage, and ensure compliance with the DORA framework in financial institutions and related ICT service providers. This program covers operational resilience strategies, ICT risk management, incident handling, reporting requirements, and oversight of third-party providers, enabling participants to lead their organizations in meeting the EU’s regulatory expectations effectively.


4.9

(2000)
40 Std.
ISO 9001 Lead Implementer
PECB
Business Management
ISO 9001 Lead Implementer

The ISO 9001 Lead Implementer training course equips participants with the necessary knowledge and skills to support an organization in establishing, implementing, managing, and maintaining a Quality Management System (QMS) based on ISO 9001:2015. This course provides a practical methodology for the implementation process by applying best practices and aligning with international quality management standards. By the end of the course, participants will gain hands-on expertise in leading implementation projects, managing teams, and preparing organizations for certification audits.


4.8

(3000)
40 Std.
ISO 42001 AI lead implementer
PECB
Cyber Security
ISO 42001 AI lead implementer

The ISO/IEC 42001 Lead Auditor course equips professionals with the knowledge and skills to conduct and lead Artificial Intelligence Management System (AIMS) audits in compliance with ISO/IEC 42001. Participants will learn to apply internationally recognized audit principles, manage audit programs, and ensure AI governance aligns with ethical, legal, and organizational requirements. The course prepares attendees for certification as an ISO/IEC 42001 Lead Auditor, empowering them to assess AI systems for compliance, risk management, and continuous improvement.


4.9

(2000)
40 Std.
AI For End User
iExperts
AI
AI For End User

This course is a practical, tool-agnostic training program designed for professionals who want to leverage artificial intelligence in their daily work without needing a background in data science or programming. Participants will learn how AI interprets and processes human language, how to interact with AI tools effectively, and how to integrate AI into everyday tasks to enhance productivity, decision-making, and creativity.


4.9

(2457)
35 Std.
AI For End User Plus
iExperts
AI
AI For End User Plus

This advanced lesson builds on foundational AI knowledge to help users unlock the full potential of AI tools in personal and professional settings. Learners will explore more powerful features of AI platforms, gain hands-on experience with smart assistants, content generators, and automation tools, and learn strategies for integrating AI into workflows. The course also emphasizes data awareness, ethical use, and decision-making with AI support—empowering users to use AI responsibly and effectively in real-world scenarios.


4.9

(1953)
40 Std.