Corso Penetration Test e Hacking Etico | Certificato CompTIA PenTest+
-
Consiglio Musa Formazione in quanto questa certificazione può essere un trampolino di lancio professionale e personale.
Ho avuto la possibilità di utilizzare il simulatore d'esame ed è stato molto utile per il superamento dell'esame.
← | →
Corso
Online
Hai bisogno di un coach per la formazione?
Ti aiuterà a confrontare vari corsi e trovare l'offerta formativa più conveniente.
Descrizione
-
Tipologia
Corso intensivo
-
Livello
Livello avanzato
-
Metodologia
Online
-
Ore di lezione
48h
-
Durata
Flessible
-
Inizio
Scegli data
-
Campus online
Sì
-
Invio di materiale didattico
Sì
-
Servizio di consultazione
Sì
-
Tutoraggio personalizzato
Sì
-
Lezioni virtuali
Sì
Il corso ideale per imparare strumenti, tecniche e metodologie di hacking utilizzate da Hacker e professionisti della Cybersecurity. Pensa come un Hacker, agisci come un Professionista Etico. Il percorso di formazione è stato sviluppato seguendo le linee guida dell’esame CompTIA PenTest PT003
Sedi e date
Luogo
Inizio del corso
Inizio del corso
Profilo del corso
Seguendo il corso Penetration Test e Hacking Etico acquisirai le competenze tecnico pratiche per poter operare come un Ethical Hacker e Penetration Tester.
Il corso si pone l’obiettivo di formare fornire le competenze necessarie per:
Pianificare e definire l'ambito di un Penetration Test.
Comprendere i requisiti legali e di conformità.
Eseguire la scansione delle vulnerabilità e i PT utilizzando strumenti e tecniche appropriate analizzandone i risultati.
Produrre report con l’analisi di quanto si è analizzato, le metodologie e consigli sulle eventuali remediation da attuare.
Il percorso è arricchito dai Laboratori Pratici Ufficiali CompTIA per esercitarti e confrontarti con situazioni reali simulate in cui metterai alla prova le competenze acquisite durante il corso.
A supporto avrai il Simulatore d’Esame Ufficiale CompTIA che ricrea l’ambiente d’esame, utile a prepararti al meglio al test finale.
All’interno della piattaforma, oltre alle video lezioni ed alle esercitazioni, troverai una community attiva composta da docenti esperti e colleghi corsisti pronti a confrontarsi sempre, anche dopo il corso. Un ambiente stimolante per la tua crescita e formazione continua.
Il corso CompTIA PenTest+ PT003 è orientato ai professionisti della sicurezza informatica incaricati di Penetration test e gestione delle vulnerabilità come Security Consultant e Network & Security Specialist.
Per partecipare al corso non sono necessari particolari requisiti, se non quelli relativi a delle competenze basiche di informatica e dei relativi strumenti.
Corso Penetration Test e Hacking Etico | Certificato CompTIA PenTest
Ciò che distingue questo corso dagli altri è la presenza dei Laboratori Pratici Ufficiali CompTIA in cui verranno visti da remoto diversi attacchi informatici con le varie soluzioni per evitarli
Inoltre vi sono ulteriori agevolazioni come:
1. COMMUNITY: Per confrontarti sempre con i nostri esperti sia durante il corso che dopo.
2. INCONTRI ONE-TO-ONE: Per personalizzare il Tuo percorso di crescita sulla base delle tue esigenze formative. Ne hai be 10 Gratuiti per un valore commerciale di circa 1.000€
3. INSERIMENTO LAVORATIVO: Presentiamo il Tuo CV alle aziende in cerca di Talenti che quotidianamente ci contattano.
4. FORMATORI ESPERTI: selezioniamo solo professionisti del settore esperti della formazione.
5. APPROCCIO PRATICO: il corso è sviluppato per consentirti di apprendere praticamente l'utilizzo dei linguaggi di programmazione principali e fornirti le competenze per lavorare e per continuare a crescere
Dopo la richiesta di informazioni sarai contattato/a dal nostro ufficio commerciale che ti illustrerà al meglio la proposta formativa del corso e, in caso di tuo interesse, ti indicherà la procedura di acquisto.
Opinioni
-
Consiglio Musa Formazione in quanto questa certificazione può essere un trampolino di lancio professionale e personale.
Ho avuto la possibilità di utilizzare il simulatore d'esame ed è stato molto utile per il superamento dell'esame.
← | →
Valutazione del corso
Lo consiglia
Valutazione del Centro
Ferdinando Corvelli
Successi del Centro
Tutti i corsi devono essere aggiornati
La media delle valutazioni dev'essere superiore a 3,7
Più di 50 opinioni degli ultimi 12 mesi
9 anni del centro in Emagister.
Materie
- Hacking1
1 alunni hanno indicato di aver acquisito questa competenza
- Hacker
11 alunni hanno indicato di aver acquisito questa competenza
- Ethical hacker
11 alunni hanno indicato di aver acquisito questa competenza
- Cyber security
11 alunni hanno indicato di aver acquisito questa competenza
- Sicurezza informatica
11 alunni hanno indicato di aver acquisito questa competenza
- Server
- Computer
- Informatica
- CEH
11 alunni hanno indicato di aver acquisito questa competenza
- Certified Ethical Hacker
11 alunni hanno indicato di aver acquisito questa competenza
- Hacking etico certificato
- Formazione CompTIA PenTest+
- Ethical Hacking
- Penetration Test
Professori
Massimo Chirivì
ICT CONSULTANT & AMP - SECURITY SPECIALIST
Programma
UNI1.1: PROFESSIONAL CONDUCT AND PENETRATION TESTING
Exam Objectives Covered:
● Summarize pre-engagement
Topics:
● Professional Conduct and Penetration Testing
● What Is Penetration Testing?
● Ethics, Legal, and Compliance Considerations of Penetration Testing
● Importance and Examples of Documentation
● Scoping and Authorization
● Overview of the PenTest Report
● Live Lab: Exploring the Lab Environment
1.2: COLLABORATION AND COMMUNICATION
Exam Objectives Covered:● Explain collaboration and communication
Topics:
● Collaboration and Communication
● Collaboration and Communication Overview
● PenTest Team Roles and Responsibilities
● Communicating with Clients and Team Members
● Peer Review
● Stakeholder Alignment
● Root Cause Analysis
● Escalation Path
● Secure Distribution
● Articulation of Risk, Severity, and Impact
● Goal Reprioritization
● Business Impact Analysis
● Client Acceptance
1.3: TESTING FRAMEWORKS AND METHODOLOGIES
Exam Objectives Covered:
● Compare and contrast testing frameworks and
Topics:
● Testing Frameworks and Methodologies
● Testing Frameworks and Methodologies Overview
● Open Source Security Testing Methodology Manual (OSSTMM)
● Council of Registered Ethical Security Testers (CREST)
● Penetration Testing Execution Standard (PTES)
● MITRE ATT&CK
● Open Web Application Security Project (OWASP) Top 10
● OWASP Mobile Application Security Verification Standard (MASVS)
● Purdue Model
● Threat Modeling Frameworks
1.4: INTRODUCTION TO SCRIPTING FOR PENETRATION TESTING
Exam Objectives Covered:
● Summarize pre-engagement 1.2 Given a scenario, modify scripts for reconnaissance and enumeration.
Topics:
● Introduction to Scripting for Penetration Testing
● Scripting Languages
● Bash Shell and Bash Script
● Python
● Powershell
● Use of Libraries, Functions, and Classes
● Logic Constructs
● Create Logic Constructs
2.1: DEFINE THE SCOPE
Exam Objectives Covered:● Summarize pre-engagement
Topics:
● Define the Scope
● Regulations, Frameworks, and Standards
● Rules of Engagement
● Agreement Types
● Target Selection
2.2: COMPARE TYPES OF ASSESSMENTS
Exam Objectives Covered:
● Summarize pre-engagement
Topics:
● Compare Types of Assessments
● Types of Assessments Overview
● Web and Application Assessments
● Network Assessments
● Activity: Assess Environmental Considerations
● Mobile Assessments
● Cloud Assessments
● Wireless Assessments
● IoT Devices and Penetration Testing
● Information Technology Versus Operational Technology
2.3: UTILIZE THE SHARED RESPONSIBILITY MODEL
Exam Objectives Covered:
● Summarize pre-engagement
Topics:
● Utilize the Shared Responsibility Model
● The Shared Responsibility Model Overview
● Hosting Provider Responsibilities
● Customer Responsibilities
● Penetration Tester Responsibilities
● Third-Party Responsibilities
2.4: IDENTIFY LEGAL AND ETHICAL CONSIDERATIONS
Exam Objectives Covered:
● Summarize pre-engagement
Topics:
● Identify Legal and Ethical Considerations
● Authorization Letters
● Mandatory Reporting Requirements
● Risk to the Penetration Tester
● Documenting Pre-Engagement Activities
3.1: INFORMATION GATHERING TECHNIQUES
Exam Objectives Covered:
● Given a scenario, apply information gathering 2.3 Given a scenario, modify scripts for reconnaissance and enumeration.
Topics:
● Information Gathering Techniques
● Active and Passive Reconnaissance
● Tools for Reconnaissance
● Open-Source Intelligence (OSINT)
● Using Shodan
● Previously Breached Password Lists
● Network Reconnaissance
● Basics of Scanning
● Perform Recon with Nmap
● Certificate Transparency Logs
● Information Disclosure
● Search Engine Analysis/Enumeration
● Network Sniffing
● Data Manipulation
3.2: HOST AND SERVICE DISCOVERY TECHNIQUES
Exam Objectives Covered:
2.1 Given a scenario, apply information gathering techniques.2.2 Given a scenario, apply enumeration techniques.2.3 Given a scenario, modify scripts for reconnaissance and enumeration.2.4 Given a scenario, use the appropriate tools for reconnaissance and enumeration.
Topics:
● Host and Service Discovery Techniques
● What Is Enumeration?
● Host Discovery
● Scripting with Nmap
● Activity: Scripting with Nmap
● Banner Grabbing
● Protocol Enumeration
● Service Discovery
● DNS Enumeration
● Operating System (OS) Fingerprinting
● Perform Enumeration with Nmap
● Live Lab: DNS Enumeration and Reconnaissance
3.3: ENUMERATION FOR ATTACK PLANNING
Exam Objectives Covered:
● Given a scenario, apply enumeration 2.4 Given a scenario, use the appropriate tools for reconnaissance and enumeration.
Topics:
● Enumeration for Attack Planning
● Attack Path Mapping
● Manual Enumeration
● Simple Network Management Protocol
● Documenting Enumeration Activities
● Activity: Document Enumeration Activities
3.4: ENUMERATION FOR SPECIFIC ASSETS
Exam Objectives Covered:
● Given a scenario, apply enumeration 2.4 Given a scenario, use the appropriate tools for reconnaissance and enumeration.3.1 Given a scenario, conduct vulnerability discovery using various techniques.
Topics:
● Enumeration for Specific Assets
● Directory Enumeration
● User Enumeration
● Wireless Enumeration
● Permission Enumeration
● Secrets Enumeration
● Share Enumeration
● Web Application Firewall (WAF) Enumeration
● Perform a Decoy Scan
● Industrial Control Systems (ICS) Vulnerability Assessment
● Web Crawling/HTML Scraping
4.1: VULNERABILITY DISCOVERY TECHNIQUES
Exam Objectives Covered:
● Given a scenario, conduct vulnerability discovery using various 3.2 Given a scenario, analyze output from reconnaissance, scanning, and enumeration phases.
Topics:
● Vulnerability Discovery Techniques
● Tools for Vulnerability Discovery
● Types of Scans
● Container Scans
● Application Scans
● Scan for Cleartext Vulnerabilities
● Network Scans
● Activity: Scan Identified Targets
● Host-Based Scans
● Live Lab: Using Metasploit
● Secrets Scanning
● Wireless Scans
● Use aircrack-ng to Discover Hidden Networks
● Locate a Rogue Wireless Access Point
● Validate Scan, Reconnaissance, and Enumeration Results
● Applied Live Lab: Network Reconnaissance
● Scan for Linux Vulnerabilities
4.2: ANALYZING RECONNAISSANCE SCANNING AND ENUMERATION
Exam Objectives Covered:
● Given a scenario, analyze output from reconnaissance, scanning, and enumeration
Topics:
● Analyzing Reconnaissance Scanning and Enumeration
● Public Exploit Selection
● Use Scripting to Validate Results
4.3: PHYSICAL SECURITY CONCEPTS
Exam Objectives Covered:
● Explain physical security
Topics:
● Physical Security Concepts
● Tailgating
● Site Surveys
● Universal Serial Bus (USB) Drops
● Badge Cloning
● Lock Picking
● Documenting Scanning and Identifying Vulnerabilities Activities
● Activity: Identify Physical Security Concepts
5.1: PREPARE AND PRIORITIZE ATTACKS
Exam Objectives Covered:
● Given a scenario, analyze output to prioritize and prepare
Topics:
● Prepare and Prioritize Attacks
● Target Prioritization
● High-Value Asset Identification
● Descriptors and Metrics
● End-of-Life Software and Systems
● Default Configurations
● Running Services
● Vulnerable Encryption Methods
● Defensive Capabilities
● Capability Selection
● Exploit Selection and Customization
● Documentation Procedures for Attacks
● Dependencies
● Consideration of Scope Limitations
● Activity: Customize Exploits
● Live Lab: Evaluate EOL Software & Systems
● Applied Live Lab: Exploiting Default Configurations with Responder
5.2: SCRIPTING AUTOMATION
Exam Objectives Covered:
4.10 Given a scenario, use scripting to automate attacks.
Topics:
● Scripting Automation
● Types of Scripting Automation
● PowerShell
● Bash
● Python
● Breach and Attack Simulation (BAS)
● Live Lab: Executing Scripts to Automate Tasks
6.1: WEB-BASED ATTACKS
Exam Objectives Covered:
● Given a scenario, perform web application attacks using the appropriate
Topics:
● Web-based Attacks
● Web Application Attacks Overview
● Types of Web Application Attacks
● Tools for Performing Web Application Attacks
● Brute-Force Attack
● Collision Attack
● Directory Traversal
● Request Forgery Attacks
● Deserialization Attack
● Injection Attacks
● Activity: Injection Attacks
● Insecure Direct Object Reference
● Session Hijacking
● Arbitrary Code Execution
● File Inclusions
● API Abuse
● JSON Web Token (JWT) Manipulation
● Live Lab: Evaluating a Database Using SQLMap
● Live Lab: Exploiting Directory Traversal
● Live Lab: Performing XSS
● Live Lab: Abusing Insecure Direct Object References
● Live Lab: Performing Lateral Movement
● Live Lab: Performing RFI and LFI Exploitation
6.2: CLOUD-BASED ATTACKS
Exam Objectives Covered:
● Given a scenario, perform cloud-based attacks using the appropriate
Topics:
● Cloud-Based Attacks
● Cloud-Based Attacks Overview
● Types of Cloud-Based Attacks
● Tools for Performing Cloud-Based Attacks
● Metadata Service Attacks
● Access Management Misconfigurations
● Third-Party Integrations
● Resource Misconfiguration
● Activity: Conduct Resource Misconfiguration Attacks
● Logging Information Exposure
● Image and Artifact Tampering
● Supply Chain Attacks
● Workload Runtime Attacks
● Container Escape
● Trust Relationship Abuse
● Perform and Analyze a SYN Flood Attack
7.1: PERFORM NETWORK ATTACKS
Exam Objectives Covered:
● Given a scenario, perform cloud-based attacks using the appropriate
Topics:
● Perform Network Attacks
● Network Attack Types
● Tools for Performing Network Attacks
● Default Credentials
● On-Path Attack
● Certificate Services
● Misconfigured Services Exploitation
● Virtual Local Area Network (VLAN) Hopping
● Multihomed Hosts
● Relay Attack
● IDS Evasion
● Live Lab: Sniffing Network Traffic
● Applied Live Lab: Exploring the Power of Nmap NSE
● Live Lab: Discovering Vulnerabilities with Netcat
● Applied Live Lab: Performing a Relay Attack
7.2: PERFORM AUTHENTICATION ATTACKS
Exam Objectives Covered:
● Given a scenario, perform authentication attacks using the appropriate
Topics:
● Perform Authentication Attacks
● Authentication Attack Types
● Tools for Performing Authentication Attacks
● Multifactor Authentication (MFA) Fatigue
● Pass-the-Hash Attacks
● Pass-the-Ticket Attacks
● Pass-the-Token Attacks
● Kerberos Attacks
● Lightweight Directory Access Protocol (LDAP) Injection
● Dictionary Attacks
● Crack a Password with John the Ripper
● Brute-Force Attacks
● Mask Attacks
● Password Spraying
● Credential Stuffing
● OpenID Connect (OIDC) Attacks
● Security Assertion Markup Language (Saml) Attacks
● Live Lab: Cracking Passwords
7.3: PERFORM HOST-BASED ATTACKS
Exam Objectives Covered:
● Given a scenario, perform host-based attacks using the appropriate
Topics:
● Perform Host-Based Attacks
● Types of Host-Based Attacks
● Tools for Performing Host-Based Attacks
● Privilege Escalation
● Credential Dumping
● Circumventing Security Tools
● Clear Audit Policies
● Misconfigured Endpoints
● Payload Obfuscation
● User-Controlled Access Bypass
● Shell Escape
● Kiosk Escape
● Library Injection
● Process Hollowing and Injection
● Log Tampering
● Unquoted Service Path Injection
● Documenting Enterprise Attacks
● Applied Live Lab: Performing an On-Path (AiTM) Attack
● Live Lab: Performing Privilege Escalation
● Live Lab: Implementing Payload Obfuscation
● Live Lab: Performing SQL Injection
● Live Lab: Investigating with Evil-WinRM
● Live Lab: Exploiting LOLBins
● Live Lab: Implementing Credential Dumping
8.1: WIRELESS ATTACKS
Exam Objectives Covered:
● Given a scenario, perform wireless attacks using the appropriate
Topics:
● Wireless Attacks
● Types of Wireless Attacks
● Tools for Performing Wireless Attacks
● Activity: Explore Wireless Tools
● Wardriving
● Bluetooth
● Evil Twin Attack
● Signal Jamming
● Protocol Fuzzing
● Packet Crafting
● Deauthentication
● Captive Portal
● Wi-Fi Protected Setup (WPS) and Personal Identification (PIN) Attack
8.2: SOCIAL ENGINEERING ATTACKS
Exam Objectives Covered:
● Given a scenario, perform social engineering attacks using the appropriate
Topics:
● Social Engineering Attacks
● Types of Social Engineering Attacks
● Tools for Performing Social Engineering Attacks
● Phishing, Whaling, Spear phishing, and Smishing
● Social Engineering Techniques for Gathering Information
● Watering Hole
● Credential Harvesting
● Live Lab: Performing Social Engineering using SET
8.3: SPECIALIZED SYSTEM ATTACKS
Exam Objectives Covered:
● Explain common attacks against specialized
Topics:
● Specialized System Attacks
● Types of Specialized System Attacks
● Tools for Performing Specialized System Attacks
● Mobile Attacks
● AI Attacks
● Operational Technology (OT)
● Radio-Frequency Identification (RFID) and Near-Field Communication (NFC)
● Bluejacking
● Conducting Specialized Penetration Testing Attacks
9.1: ESTABLISH AND MAINTAIN PERSISTENCE
Exam Objectives Covered:
● Given a scenario, perform tasks to establish and maintain
Topics:
● Establish and Maintain Persistence
● Principals of Establishing and Maintaining Persistence
● Scheduled Tasks/cron Jobs
● Service Creation
● Reverse and Bind Shells
● Add New Accounts
● Obtain Valid Account Credentials
● Registry Keys
● Command and Control (C2) Frameworks
● Backdoor
● Activity: Maintain Persistence
● Create a Backdoor with Metasploit
● Rootkit
● Browser Extensions
● Tampering Security Controls
● Live Lab: Configuring Reverse and Bind Shells
● Live Lab: Establishing Persistence and Other Post-Exploitation Activities
9.2: MOVE LATERALLY THROUGH ENVIRONMENTS
Exam Objectives Covered:
● Given a scenario, perform tasks to move laterally throughout the
Topics:
● Move Laterally through Environments
● Lateral and Horizontal Movement
● Scan for Open Ports from a Remote Computer
● Techniques for Moving Laterally through Environments
● Tools for Moving Laterally through Environments
● Pivoting
● Relay Creation
● Enumeration
● Perform Enumeration of MSSQL with Metasploit
● Service Discovery
● Perform a Scan Using Zenmap
● Bypass Windows Firewall
● Window Management Instrumentation (WMI)
● Window Remote Management (WinRM)
9.3: STAGING AND EXFILTRATION
Exam Objectives Covered:
● Summarize concepts related to staging and
Topics:
● Staging and Exfiltration
● Fundamentals of Staging and Exfiltration
● Getting Data from a Target
● Hide Files with OpenStego
● Alternate Data Streams
● Applied Live Lab: Staging and Exfiltration Using ADS
9.4: CLEANUP AND RESTORATION
Exam Objectives Covered:
● Explain cleanup and restoration
Topics:
● Cleanup and Restoration
● Cleanup and Restoration Procedures
● Activity: Implement Cleanup and Restoration Activities
● Documenting Penetration Testing Tasks
10.1 : PENETRATION TEST REPORT COMPONENTS
Exam Objectives Covered:
Explain the components of a penetration test report.
Topics:
● Penetration Test Report Components
● Creating the Penetration Test Report
● Reporting Considerations
● Report Components and Definitions
● Documentation Specifications and Format Alignment
● Risk Scoring
● Test Limitations and Assumptions
10.2: ANALYZE FINDINGS AND REMEDIATION RECOMMENDATIONS
Exam Objectives Covered:Given a scenario, analyze the findings and recommend the appropriate remediation within a report.
Topics:
● Analyze Findings and Remediation Recommendations
● Analyzing Findings and Developing Recommendations Overview
● Technical Controls
● Administrative Controls
● Operational Controls
● Physical Controls
● Activity: Administrative and Operational Controls
Hai bisogno di un coach per la formazione?
Ti aiuterà a confrontare vari corsi e trovare l'offerta formativa più conveniente.
Corso Penetration Test e Hacking Etico | Certificato CompTIA PenTest+
Prezzo da consultareAggiungi corsi simili
e confrontali per aiutarti a scegliere.{title}{centerName}{price}{price} {priceBeforeDiscount} {taxCaption}Formazione per argomento
Corsi di Altre tematiche Corsi di Amministrazione aziendale Corsi di Creazione e design Corsi di Finanza Corsi di Informatica Corsi di Lingue Corsi di Logistica Corsi di Marketing e vendita Corsi di Qualità, produzione, ricerca e sviluppo Corsi di Scienze Corsi di Scienze umane Corsi di Settore industriale Corsi di Settore legale Corsi di Settore pubblico Corsi di Settore sanitario Corsi di Sicurezza Corsi di Sport e tempo libero Corsi di Turismo - Hacker
