CompTIA PenTest+ Training (PT0-002)

This intermediate CompTIA PenTest+ training prepares learners to take the PT0-001 & PT0-002 exam, which is the one required exam to earn the CompTIA PenTest+ Certification certification.

The CompTIA PenTest+ certification demonstrates to employers that a penetration tester has the skills, knowledge and the ability to perform tests on a variety of devices and systems as well as the ability to not only exploit weaknesses but also to plan, scope and manage them. Organizations know that those who hold this certificate have the most up-to-date skills in penetration testing and vulnerability assessment as well as the skills required to determine the resiliency of systems against attacks.

By completing this PT0-001 & PT0-002 training and earning the CompTIA PenTest+ Certification, penetration testers will be better prepared to get more senior security roles.

For anyone who leads a technology team that uses CompTIA products, this PenTest+ training can be used for PT0-001 & PT0-002 exam prep, on-boarding new penetration testers, or as part of a team training plan.

PenTest+: What You Need to Know

This CompTIA PenTest+ Certification training covers PT0-001 & PT0-002 penetration testing exam objectives, including these topics:

Planning a comprehensive vulnerability assessment
Managing security with a focus on compliance
Gathering information that can aid an exploitation
Analyzing vulnerability scan results
Exploiting vulnerabilities: network, wireless, application and RF
Reporting findings and mitigating vulnerabilities

Who Should Take PenTest+ Training?

This PenTest+ training is considered professional-level CompTIA training, which means it was designed for penetration testers. This penetration testing skills course is designed for penetration testers with three to five years of experience with penetration testing.

New or aspiring penetration testers. If you’ve been working as a security technician or security engineer for a while, you might feel like you want to try your hand at a different part of the job. Penetration testing is an important part of a robust security environment, and our CompTIA PenTest+ certification training gives you the context, mindset and skills necessary to expand your organization’s security apparatus.

Experienced penetration testers. You might have years of experience as a penetration tester, but it can be difficult for organizations to determine exactly what that experience actually means. This training can help you earn your CompTIA PenTest+ certification, and with that, you prove that your capabilities are on par with industry standards. Whether it’s planning the vulnerability assessment, reporting findings, or doing the actual exploitation, certify that you’re an all-around excellent penetration tester with this training.

Skill:
Understanding the Need for Scope Planning
- 1. Overview
  1 min
- 2. Introduction to the Importance of Planning
  1 min
- 3. Identifying Target Audience
  4 mins
- 4. Specifying the Rules of Engagement
  7 mins
- 5. Defining Resources, Requirements, and Budgets
  6 mins
- 6. Explaining Timelines and Disclaimers
  4 mins
- 7. Defining Technical Constraints
  5 mins
- 8. Requesting Support Resources
  9 mins
- 9. Conclusion
  1 min
Skill:
Explaining Key Legal Concepts
- 1. Overview
  1 min
- 2. Legal Concepts Introduction
  2 mins
- 3. Identifying Legal Contracts
  4 mins
- 4. Considering Environmental and Location Factors
  4 mins
- 5. Obtaining Written Authorization
  3 mins
- 6. Obeying Corporate Policies
  3 mins
- 7. Conclusion
  1 min
Skill:
Properly Scoping an Engagement
- 1. Overview
  1 min
- 2. Introduction to Properly Scoping an Engagement
  1 min
- 3. Identifying Types of Assessments
  5 mins
- 4. Understanding Mergers and Partners
  3 mins
- 5. Selecting Targets
  6 mins
- 6. Targeting Considerations
  4 mins
- 7. Understanding Risk and Tolerance
  3 mins
- 8. Identifying Scope Creep and Schedule Impact
  4 mins
- 9. Identifying Threat Actors
  6 mins
- 10. Conclusion
  1 min
Skill:
Explain Compliance-Based Assessments
- 1. Overview
  1 min
- 2. Intro to Compliance Assessments
  1 min
- 3. Identifying Various Compliance-based Standards
  6 mins
- 4. Understanding Password Policies and Key Management
  3 mins
- 5. Handling Data Isolation and Limited Access
  2 mins
- 6. Conclusion
  1 min
Skill:
Standards, Compliance and the Ethical Hacker Mindset
- 1. Overview
  1 min
- 2. Regulatory Compliance
  12 mins
- 3. Legal Concepts
  6 mins
- 4. Standards and Methodologies
  13 mins
- 5. MITRE ATT&CK Framework
  9 mins
- 6. Ethical Hacker Mindset
  9 mins
- 7. Conclusion
  1 min
Skill:
Conduct Information Gathering Using Appropriate Techniques
- 1. Overview
  1 min
- 2. Introduction to Information Gathering
  1 min
- 3. Scanning Hosts
  6 mins
- 4. Enumerating Hosts for Specific Details
  8 mins
- 5. Digging Deeper into Fingerprinting and Cryptography
  6 mins
- 6. Eavesdropping for Data
  7 mins
- 7. Decompiling and Debugging for Data
  5 mins
- 8. Conclusion
  1 min
Skill:
Perform a Vulnerability Scan
- 1. Overview
  1 min
- 2. Intro to Vulnerability Scanning
  1 min
- 3. Identifying Types of Scans
  6 mins
- 4. Handling Scanning Permissions
  4 mins
- 5. Scanning Applications and Containers
  4 mins
- 6. Scanning Considerations
  5 mins
- 7. Conclusion
  1 min
Skill:
Security Controls and Control Frameworks
- 1. Overview
  1 min
- 2. Security Controls
  6 mins
- 3. Security Control Categories
  5 mins
- 4. Security Control Functions
  6 mins
- 5. Testing Security Controls
  8 mins
- 6. Control Objectives and Frameworks
  8 mins
- 7. Designing Controls
  7 mins
- 8. Security Control Review
  15 mins
- 9. Conclusion
  1 min
Skill:
Analyze Vulnerability Scan Results
- 1. Overview
  1 min
- 2. Intro to Analyzing Scan Results
  1 min
- 3. Categorizing Assets
  4 mins
- 4. Adjudicating Scan Results
  6 mins
- 5. Prioritizing Vulnerabilities
  5 mins
- 6. Identifying Common Themes
  6 mins
- 7. Conclusion
  1 min
Skill:
Leverage Information for Exploitation
- 1. Overview
  1 min
- 2. Intro to Exploitation
  1 min
- 3. Mapping Vulnerabilities to Potential Exploits
  5 mins
- 4. Prioritizing Pentest Activities
  2 mins
- 5. Implementing Exploits
  5 mins
- 6. Learning Password Cracking Methods
  8 mins
- 7. Understanding Social Engineering
  3 mins
- 8. Conclusion
  1 min
Skill:
Explain Weaknesses Inherent to Specialized Systems
- 1. Overview
  1 min
- 2. Intro to Specialized Systems
  1 min
- 3. Understanding ICS and SCADA
  4 mins
- 4. Considering Mobile Devices
  4 mins
- 5. Embedded and Real-Time Devices
  5 mins
- 6. Understanding POS Device Weaknesses
  4 mins
- 7. Conclusion
  1 min
Skill:
Pentesting Reconnaissance
- 1. Overview
  1 min
- 2. Introduction to Pentesting Reconnaissance
  5 mins
- 3. Pentesting Reconnaissance Tools
  9 mins
- 4. Domain Information Tools
  12 mins
- 5. IP and DNS Information Tools
  7 mins
- 6. Combination OSINT Tools
  8 mins
- 7. Breach Data Tools
  5 mins
- 8. Pentesting Reconnaissance Review
  3 mins
- 9. Conclusion
  1 min
Skill:
Pentest Enumeration and NMAP
- 1. Overview
  1 min
- 2. Intro to Pentesting Enumeration
  9 mins
- 3. Pentest Enumeration Tools
  14 mins
- 4. Basic NMAP Commands
  10 mins
- 5. Ping Scans with NMAP
  9 mins
- 6. Scanning TCP and UDP with NMAP
  11 mins
- 7. Identifying Host Attributes with NMAP
  13 mins
- 8. Bypassing Firewalls with NMAP
  11 mins
- 9. Conclusion
  1 min
Skill:
Enumerating Services and Vulnerabilities
- 1. Overview
  1 min
- 2. Intro to Enumerating Services and Vulnerabilities
  2 mins
- 3. Enumerating with Port Scanners
  20 mins
- 4. Enumerating Web Servers
  17 mins
- 5. Enumerating SMB and Shares
  14 mins
- 6. Enumerating Vulnerabilities with Nessus
  21 mins
- 7. Automating Enumeration
  13 mins
- 8. Pentest Enumeration Review
  3 mins
- 9. Conclusion
  1 min
Skill:
Social Engineering Attacks and Tools
- 1. Overview
  1 min
- 2. Social Engineering Anatomy
  9 mins
- 3. Social Engineering Attacks
  8 mins
- 4. Social Engineering Tools
  8 mins
- 5. Social Engineering Toolkit
  5 mins
- 6. Pharming With ShellPhish
  10 mins
- 7. Social Engineering Review
  4 mins
- 8. Conclusion
  1 min
Skill:
Exploits and Payloads
- 1. Overview
  1 min
- 2. Exploits and Payloads
  8 mins
- 3. Moving Files With PwnDrop
  17 mins
- 4. Transferring Files with SMB and SCP
  14 mins
- 5. Exploits and Payloads Review
  2 mins
- 6. Conclusion
  1 min
Skill:
Metasploit Framework
- 1. Overview
  1 min
- 2. Intro to the Metasploit Framework
  4 mins
- 3. Metasploit Startup and Workspaces
  12 mins
- 4. Metasploit Modules
  15 mins
- 5. Metasploit Options and Payloads
  15 mins
- 6. Managing Metasploit Sessions
  8 mins
- 7. Metasploit Framework Review
  2 mins
- 8. Conclusion
  1 min
Skill:
Network-Based Attacks and Tools
- 1. Overview
  1 min
- 2. Network Based Attacks and Tools
  11 mins
- 3. How Attacks Against ARP Work
  6 mins
- 4. ARP Poisoning Attack
  13 mins
- 5. How DNS Cache Poisoning Works
  3 mins
- 6. DNS Cache Poisoning Attack
  11 mins
- 7. Bypassing Network Access Control
  10 mins
- 8. Network Based Attacks Review
  6 mins
- 9. Conclusion
  1 min
Skill:
Host Protocol Attacks and Tools
- 1. Overview
  1 min
- 2. Host Protocol Attacks and Tools Overview
  5 mins
- 3. Server Message Block (SMB) Protocol
  4 mins
- 4. Attacking the SMB Protocol
  18 mins
- 5. Simple Network Management Protocol (SNMP)
  5 mins
- 6. Exploiting the SNMP Protocol
  18 mins
- 7. Denial of Service Attacks
  10 mins
- 8. Analyzing the LLMNR Protocol
  4 mins
- 9. Attacking the LLMNR Protocol
  11 mins
- 10. Host Protocol Attacks and Tools Review
  3 mins
- 11. Conclusion
  1 min
Skill:
Wireless and Mobile Device Attacks and Tools
- 1. Overview
  1 min
- 2. Sniffing Wireless Data
  6 mins
- 3. Cracking WPA2 Preshared Keys
  5 mins
- 4. Automated Wifi Attack Tools
  7 mins
- 5. Section Review
  4 mins
- 6. Conclusion
  1 min
Skill:
Web Application Vulnerabilities
- 1. Overview
  1 min
- 2. OWASP Top 10 (1 thru 3)
  11 mins
- 3. OWASP Top 10 (4 thru 6)
  7 mins
- 4. OWASP Top 10 (7 thru 10)
  10 mins
- 5. Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF)
  4 mins
- 6. SQL Injection Attacks
  4 mins
- 7. File Inclusion Vulnerabilities
  8 mins
- 8. Additional Web App Vulnerabilities and Attacks
  6 mins
- 9. Conclusion
  1 min
Skill:
Web Application Pentesting
- 1. Overview
  1 min
- 2. OWASP ZAP
  17 mins
- 3. Attack Scans Using OWASP ZAP
  10 mins
- 4. Brute Force Attack Using OWASP ZAP
  12 mins
- 5. SQL Injection Using SQLmap
  18 mins
- 6. Local and Remote File Inclusion Attacks
  13 mins
- 7. Cross Site Scripting (XSS) Attacks
  11 mins
- 8. Conclusion
  1 min
Skill:
All About Shells
- 1. Overview
  1 min
- 2. Bind and Reverse Shells
  9 mins
- 3. The Power of Web Shells
  16 mins
- 4. Shell One-Liners
  11 mins
- 5. Spawning Meterpreter Shells
  18 mins
- 6. Log Poisoning for a Shell
  11 mins
- 7. Conclusion
  1 min
Skill:
Windows Localhost Vulnerabilities, Attacks, and Tools
- 1. Overview
  1 min
- 2. Getting a Windows Shell
  14 mins
- 3. Conclusion
  1 min
Skill:
Linux Localhost Vulnerabilities, Attacks, and Tools
- 1. Overview
  1 min
- 2. Introduction to Privilege Escalation
  10 mins
- 3. Linux Privilege Escalation Pt.1
  7 mins
- 4. Linux Privilege Escalation Pt.2
  8 mins
- 5. Linux Shell Escalation
  12 mins
- 6. Linux Local Host Enumeration
  15 mins
- 7. Linux Privilege Escalation Via Cron Jobs
  14 mins
- 8. Linux SUID and SUDO privilege escalation
  13 mins
- 9. Linux Local Exploit Privilege Escalation
  17 mins
- 10. Conclusion
  1 min
Skill:
Physical Penetration Testing
- 1. Overview
  1 min
- 2. Physical Pentest Documents
  9 mins
- 3. Reconnaissance and Planning
  6 mins
- 4. Physical Pentest Tools
  14 mins
- 5. Getting Inside
  7 mins
- 6. Continuing From the Inside
  8 mins
- 7. Physical Pentest Report
  7 mins
- 8. Conclusion
  1 min
Skill:
Credential Attacks
- 1. Overview
  1 min
- 2. Credential Attacks Pt.1
  7 mins
- 3. Credential Attacks Pt.2
  10 mins
- 4. Creating Custom Wordlists
  18 mins
- 5. Performing a Brute Force Attack
  13 mins
- 6. Cracking Hashed Passwords
  16 mins
- 7. Executing a Pass the Hash Attack
  9 mins
- 8. Conclusion
  1 min
Skill:
Performing Attacks on Cloud Technologies
- 1. Overview
  1 min
- 2. Credential Harvesting and PrivEsc in the Cloud
  14 mins
- 3. Running PACU
  11 mins
- 4. Misconfigured Cloud Assets
  9 mins
- 5. Running CloudSploit
  8 mins
- 6. Resource Exhaustion, Malware Injection and API Attacks
  7 mins
- 7. Side Channel and Direct-To-Origin Attacks
  7 mins
- 8. Additional Cloud Pentesting Tools
  5 mins
- 9. Conclusion
  1 min
Skill:
Attacks and Vulnerabilities of Specialized Systems
- 1. Overview
  1 min
- 2. Mobile Device Attacks
  5 mins
- 3. Mobile Device Vulnerabilities
  13 mins
- 4. Mobile Security Tools
  6 mins
- 5. Internet of Things (IoT) Devices
  8 mins
- 6. Data Storage System Vulnerabilities
  9 mins
- 7. SCADA, IIoT and ICS Vulnerabilities
  5 mins
- 8. Conclusion
  1 min
Skill:
Post Exploit Activities
- 1. Overview
  1 min
- 2. Establishing Persistence
  5 mins
- 3. Lateral Movement
  9 mins
- 4. Data Exfiltration
  7 mins
- 5. Covering Your Tracks
  6 mins
- 6. Linux Post Exploit Activities
  16 mins
- 7. Conclusion
  1 min
Skill:
Scripting Basics
- 1. Overview
  1 min
- 2. Analyze a Basic Script
  6 mins
- 3. Scripting Basics
  9 mins
- 4. Assigning Values to Variables
  8 mins
- 5. Operating on Variables with Operators
  7 mins
- 6. Branching Code with Conditionals
  9 mins
- 7. Reapeating Code with Loops
  11 mins
- 8. Handling Errors in Code
  7 mins
- 9. Conclusion
  1 min
Skill:
Analyzing Scripts
- 1. Overview
  1 min
- 2. Intro
  1 min
- 3. Analyzing PING Scripts
  15 mins
- 4. Downloading Files with Scripts
  5 mins
- 5. Automation with Scripts
  11 mins
- 6. Updating IP Settings with a Script
  6 mins
- 7. NMAP Reports in HTML
  7 mins
- 8. Conclusion
  1 min
Skill:
Pentest Reporting and Communications
- 1. Overview
  1 min
- 2. Reviewing an Example Pentest Report
  7 mins
- 3. Post-Report Delivery Activities
  10 mins
- 4. Providing Recommendations
  13 mins
- 5. The Importance of Communicaitons
  10 mins
- 6. Conclusion
  1 min

Loading transcripts...

Analyze a Basic Script

Access all premium content with a free week!

Start a free week

Explore Features

Course overview

31 HOURS OF TRAINING

33 SKILLS

217 VIDEOS

56 VIRTUAL LABS

1 PRACTICE EXAM

Ben Finkel

Nugget trainer since 2014

Read the full bio

What is it like to train with us?

Our learners say it best.

Helps me learn the skills I need when I need them

THOMAS S. | SYSTEMS ENGINEER & CONSULTANT

Read Reviews

CompTIA PenTest+ (PT0-002) FAQs: Cost, Training, Value

Is the CompTIA PenTest+ worth it?

Yes, the CompTIA PenTest+ is worth it for cybersecurity professionals who already perform penetration tests or vulnerability assessments, or want to start. If you already do penetration tests for your job, the PenTest+ is worth it because it’ll make you even better at planning, scoping and managing network and system weaknesses. And if you want to advance your career, the CompTIA PenTest+ is worth it for proving you’re ready to make that step.

Which is harder CompTIA PenTest+ or CySA+?

It’s impossible to say if the PenTest+ is harder than the CySA+ because they test very different skills, and people come to them with such different experience levels. The CySA+ is easier for cybersecurity analysts with experience in “blue team” tactics. Meanwhile, the CompTIA PenTest+ is easier for penetration testers who know the offensive approaches to identifying and resolving network security vulnerabilities.

How much does CompTIA PenTest+ cost?

The CompTIA PenTest+ costs $370. If you want to earn the PenTest+, you’ll have to pass one exam, PT0-002, a 165-minute exam with a maximum of 85 questions and a passing score of 750 out of 900. CompTIA PenTest+ has no prerequisites, so $370 is the total cost. There are no refunds for failures, though, so to make sure you don’t pay $370 twice, you might add the cost of a course so you’re prepared.

Is the CompTIA PenTest+ difficult?

The CompTIA PenTest+ definitely isn’t easy, but it’s also not unfair or unnecessarily difficult. The reason the PenTest+ exam is so difficult for many people is because it’s a vendor-agnostic exam. That means it tests penetration testing knowledge and skills regardless of the hardware, software or operating system involved. So to make sure the CompTIA PenTest+ is easy, you have to know a lot more, generalized knowledge.

Does the CompTIA PenTest+ expire?

The CompTIA PenTest+ does expire -- three years after you earn it. The PenTest+ expires so that CompTIA can be sure they’re only certifying cybersecurity professionals with relevant knowledge and technologies. You can recertify your PenTest+ with CompTIA continuing education training courses, taking a recertifying exam, passing a higher CompTIA certification, or with qualifying continuing education activities.

Related Courses

CompTIA Security+ (SY0-601)

CompTIA Cybersecurity Analyst CySA+ (CS0-002)

CompTIA CASP+ (CAS-004)

What is it like to train with us?

Our learners say it best.

CompTIA PenTest+ (PT0-002) FAQs: Cost, Training, Value

Let's chat!