Pentest+

Or log in to access your purchased courses

This course for IT professionals who want to develop penetration testing skills to enable them to identify information-system vulnerabilities and effective remediation techniques for those vulnerabilities.

Avatar
Course By

Joseph McCray

Lessons

C1L1: Introduction

Author: Joseph McCray

Introduction This lesson was made to demonstrate various characteristics related to the pentest+ course and explain the various factors which create the whole structure of the Ethical Hacking environment (legal agreements, different methodologies, types of attacks, standardization organisms and reliable source of information). Everything that is described in this lesson is for you to prepare [...]

C1L2: Footprinting

Author: Joseph McCray

Introduction Just imagine, you as a hunter or a fisherman, I mean a professional. And you are preparing your excursion to find your prey. What do you require? You require the terrain you will begin to take your prize. You require to watch for prints or get the appropriate bait. You must understand the habits [...]

C1L3: Scanning

Author: Joseph McCray

Introduction Once we have collected enough information (location, Network infrastructure, IP addresses, Protocols,  Infrastructure brand, Internal/external hosting, Cloud usage) from our target we can start the scanning phase, which is nothing more than doing an in-depth analysis to the data, specifically check for live systems, open ports and services that allow us to identify vulnerabilities [...]

C1L4: Enumeration

Author: Joseph McCray

Introduction: Enumeration is the method of identifying each domain that is present within the LAN. These domains are discovered using built-in Windows commands. Enumeration is also described as the process of obtaining different shared resources from a system. This can be utilized for an attacker to obtain more information about a particular target on the network. [...]

C1L5: System Hacking

Author: Joseph McCray

Introduction: Once we have captured the most substantial amount of information from our target: 1. we have obtained information from the network. 2. we have identified IP addresses, services, open ports, applications. 3. Identify potential vulnerabilities and threats. We can start the systems hacking phase, breaking passwords, scaling privileges, hiding files and covering tracks. Learning [...]

C1L6: Malware Threats

Author: Joseph McCray

Introduction: Who enjoys a disease? Except we use it as a reason to skip an unpleasant event, right?. A virus comes without warning and resides and thrives in the host. So, as in life, if you go out when there is -3 °F, without clothing appropriate for the hard conditions, then you will get a [...]

C1L7: Sniffing

Author: Joseph McCray

Introduction: After compromising a system or the machine of a user, there is no doubt that we can acquire much more information, such as passwords of some systems, sensitive or confidential information. So our next target is to capture and examine the traffic of the network to obtain the data packages that travel through the [...]

C1L8: Social Engineering

Author: Joseph McCray

Introduction: Social Engineering is a method of the art of manipulation and the skill of exploiting human weakness. A social engineering attack can occur over the phone, by e-mail, by a personal visit, or through any computer using the Internet. The purpose of the attack is to obtain information, such as user IDs and passwords. [...]

C1L9: Denial of Service

Author: Joseph McCray

Introduction: The availability of the applications, systems or other platform are also victims for an attack. In this lesson, we will talk about the various methods of denial of service most used. Learning Objectives: By the end of this lesson you should be able to: Understand the types of DoS attacks Understand how a DDoS [...]

C1L10: Session Hijacking

Author: Joseph McCray

Introduction: Another way to access any system, the name says it all. How a hacker can portray you to obtain a corporation and take anything he gets his “hands” on, sneaky. As an ethical hacker, you also need to know how your employers can restrict this. Learning Objectives: By the end of this lesson you [...]

C1L11: Hacking WebServers

Author: Joseph McCray

Introduction Web systems are an important element in the analysis of hacking. They are commonly used to publish systems, Web services,, and others. When a web server is compromised, it can provide access to other underlying resources that could be exploited by the attacker. Learning Objectives By the end of this lesson you should be [...]

C1L12: Hacking Web Applications

Author: Joseph McCray

Introduction: Web servers utilize Hypertext Transfer Protocol (HTTP) and Hypertext Transfer Protocol Secure (HTTPS) to permit web-based clients to connect to them and view and download files. HTTP is an Application-layer protocol present in the TCP/IP stack. HTTP and HTTPS are the critical protocols used by web clients for accessing web pages located on web [...]

C1L13: SQL Injection

Author: Joseph McCray

Introduction: Have you seen in the news lately, news like Credit Card information of clients have been stolen from “X” corporation?, or, Social Security Numbers were stolen from “X” government agency? SQL Injection, ladies and gentlemen. How hackers manage to do this and how to prevent it? Learning Objectives: By the end of this lesson [...]

C1L14: Hacking Wireless Networks

Author: Joseph McCray

Introduction: Nowadays the vast majority of connections, are considered wireless, and hackers know everything about it, and so should you. Join this module and learn multiple ways, and tools used by them, to obtain passwords and get access to the network. Learning Objectives: By the end of this module you should be able to: Know [...]

C1L15: Hacking Mobile Platforms

Author: Joseph McCray

Introduction: Currently, mobile platforms are highly used to manage our confidential information, such as banking transactions, credentials, mail and others. Turning this type of platform into a potential target for an attacker, so next, we will know some issues associated with vulnerabilities present in these technologies. Learning Objectives: By the end of this lesson you should [...]

C1L16: Evading IDS, Firewalls, and Honeypots

Author: Joseph McCray

INTRODUCTION What tools are employed in Ethical hacking, to detect and prevent intrusions? What are they specifically? How do hackers circumvent security measures? This module describes this topic. Intrusion Detection Systems IDS systems can either be software based or hardware based. While some open are small software applications, others are high-end hardware-based products. No matter [...]

C1L17: Cloud Computing

Author: Joseph McCray

Introduction: Cloud Computing is an on-demand offering of IT capabilities where IT infrastructure and applications are provided to subscribers as metered services over a network. Learning Objectives: By the completion of this module you should be able to: Understand the different characteristics involving Cloud Computing Analyze the different benefits provided by Cloud Computing Understand the [...]

C1L18: Cryptography

Author: Joseph McCray

Introduction: Confidentiality, integrity, authentication (CIA). Hash, security certificates, how the data is safeguarded. Basic concepts and its importance. Learning Objectives: By the end of this lesson you should be able to: Know the concept of Cryptography. Analyze Cryptography types. See the use of Cryptography types. Cryptography Cryptography deals with encrypted or coded techniques; we can [...]

C1L19: Ethics, Process, General Knowledge

Author: Joseph McCray

Introduction: Ethical hackers are security professionals or network penetration testers who practice their hacking skills and toolsets for shielding and protective purposes. Ethical hackers who are security professionals examine their network and systems security for vulnerabilities employing the same tools that a hacker use to compromise the network. Any computer professional can master the skills [...]

C1L20: Performing a Penetration Test

Author: Joseph McCray

Introduction: Now you are ready, everything you need to achieve a proper penetration test, and more significant, you will have the capacity to pass the Pentest + exam to become a proper Pen Tester and Ethical Hacker, the guardian of secrets and information. Congratulations! You can get more from us here at InfoSecAddicts, join our [...]

C1L21: IoT Security

Author: Joseph McCray

Introduction: The implementation of IoT devices does not leave from the probability of being compromised, on the contrary, its widespread use has turned it into a potential target of attack by a hacker with malicious intentions, then let us talk about the vulnerabilities in this type of technology. Learning Objectives: By the end of this [...]

C2-L1 Planning and Scoping Penetration Tests

Author: Joseph McCray

Introduction In today's computing environment, security exploits and issues are more prevalent than ever. Most organizations have developed strong security postures to protect their assets. In many cases, these security postures include the practice of testing the organization's information systems to determine how resistant they are to unauthorized access and usage. Providing a clear plan [...]

C2-L2 Conducting Passive Reconnaissance

Author: Joseph McCray

Introduction Now that you have finished planning and scoping your penetration test, you begin the test in earnest. For many pen tests, the first phase of the process begins with gathering information. There are various approaches to accomplish this, but it is usually a good idea to start with a hands-off, non-intrusive approach called passive [...]

C2-L3 Performing Non- Technical Tests

Author: Joseph McCray

Introduction If social engineering and physical security testing are within the scope of your pen test engagement, you might want to consider not jumping into active reconnaissance right away. Your passive reconnaissance findings can easily prompt you to start these non-technical tests, and likewise, social engineering and physical security tests may themselves be used to [...]

C2-L4 Conducting Active Reconnaissance

Author: Joseph McCray

Introduction With the background work accomplished, it is time to look for vulnerable targets on the network. Objectives In this lesson, you will: • Conduct network scans to discover hosts, ports, and services. • Enumerate additional detail from discovered hosts and services. • Perform vulnerability scans. • Analyze basic scripts. Scan Networks The first step [...]

C2-L5 Analyzing Vulnerabilities

Author: Joseph McCray

Introduction You have finished uncovering vulnerabilities through your active reconnaissance efforts. Now you need to decide how to turn those results into the best exploits with which to test the target organization. Objectives In this lesson, you will: • Analyze vulnerability scan results. • Prepare for exploitation by leveraging the information that has been gathered. [...]

C2-L6 Penetrating Networks

Author: Joseph McCray

Introduction The first category of an asset that you will target is the organization's network. Weaknesses in networking infrastructure will enable you to gain entry to hosts in the network, eavesdrop on data in transit, and disrupt communications. All of these actions can have severe consequences for the organization. Objectives In this lesson, you will: [...]

C2-L7 Exploiting Host-Based Vulnerabilities

Author: Joseph McCray

Introduction Network services are not the only source of vulnerability for an organization. Many exploits are aimed at server and workstation operating systems. Once you have compromised the network, you will want to zero in on specific hosts and their applications. Objectives In this lesson, you will: • Exploit Windows-based host vulnerabilities. • Exploit *nix-based [...]

C2-L8 Testing Applications

Author: Joseph McCray

Introduction Now that you have tested the target organization's network and its various hosts, you can turn your attention to its applications. There are many different ways software can be flawed by both design and implementation, so you require to execute a wide variety of tests in order to assess each application that the business [...]

C2-L9 Completing Post-Exploit Tasks

Author: Joseph McCray

Introduction You have targeted the significant computing assets an organization must keep protected—networks, hosts, and applications—and have done what you can to exploit their weaknesses. This was the core phase of the pen test, but there is still more left to do. You need to engage in post-exploitation tasks in order to evade security countermeasures [...]

C2-L10 Analyzing and Reporting Pen Test Results

Author: Joseph McCray

Introduction Now you have completed all of your penetration testings. You need to analyze the data you collected and create reports based on that data. Your reports need to include information about the data you collected and recommended strategies to mitigate those vulnerabilities you identified. You also need to devise a strategy for how to [...]