Exploits, Reporting, and Tool’s.
Oh, My!
The EXAM
The CompTIA Pentest+ is another wonderful exam that deserves a place at the table. This exam tests applicant on their ability to adequately scan, enumerated, exploit and report on vulnerabilities within a network. The exam is broken down into 5 separate domains.
Those Domains are:
- Planning and Scoping
2. Information Gathering and Vulnerability Identification
3. Attacks and Exploits
4. Penetration Testing Tools
5. Reporting and Communication
The Pentest+ will test you on just about every facet of a full blown penetration test. You will need to understand the initial planning phases (not just the OSINT passive info gathering stuff, the boring legal documents like SLA, MOU, NDA, etc.). You will need to understand the legal requirements needed before you conduct your first scan. You will be tested on the disclaimers and target audience of your reports. You will also need to understand the rules of engagement, in-scope vs. out-of-scope, and the different file types you may encounter and need to use. You will need to be cognizant of scope-creep, as well as compliance requirements of different organizations and sectors. And that’s just the first Domain!
You will be tested on your knowledge of CVE, CWSS, tools such as Nessus and OpenVAS, Burp and ZAP, NMAP, DNSRecon, Metasploit, THC Hydra, Hashcat, Armitage, HPING, Netcat, Drozer, Maltego, Nikto, and a list of a few dozen more. You will need to know their use-cases and any specific flags that may increase functionality or improve the execution. You will need to be able to identify, read, and analyze different scripting languages and be able to identify what they are and what they do. (You should be able to look at some code, identify that it is a ruby/lua/python/etc. and know that it calls a function or opens a port/etc.)
You will need to understand the purpose of PKI and how to inspect a certificate to gather intel. You will need to understand threat actors, and how they implement an attack. You will more than likely be required to analyze a scenario and identify what the attacker is doing/looking for.
This has only been a fraction of the items listed in the exam objectives. The full exam objectives list can be found here:
The exam itself cost around $370 usd and can be taken at home or at a Pearson Vue testing center.
Studying
Now, don’t be discouraged by that massive set of paragraphs above. This exam is entirely beatable if you prepare. I personally got access to this course from my school (WGU) and they offered study material from UCertify. However, being the paranoid perfectionist that I am, I went out in search of additional material. I found a few resources that helped cement the ideas into my brain. The primary resource I used was the Pentest+ series on Pluralsight (https://app.pluralsight.com/paths/skills/comptia-pentest-pt0-001), this was a great 25 hour series that broke the concepts down with great visualizations. I also used the Jason Dion course on Udemy (https://www.udemy.com/course/pentestplus/). Between the book ,and those 2 courses, I was well prepared for the exam. I believe I completed this exam in around 2 weeks (I spent around 6–8 hours every day studying).
CAVEAT- I have been doing HackTheBox, TryHackMe, and other courses on Pentesting for around a year prior to attempting this exam. You WILL need some hand-on experience to complete the PBQ’s that CompTIA is notorious for.
Final Thoughts
This exam was… interesting. I won’t put it in the “hard” category with exams like the CISSP, but if this is the first exam you try to tackle after the A+, you will have a really bad day. The Pentest+ requires a significant amount of background information on Networking, Web Apps, Security, and more. This information is treated as assumed knowledge and without it, it is really easy to get lost in this material. That being said, there is a flip side to this as well. Don’t take this exam and expect to just land a job cracking boxes. The knowledge gained from this exam will definitely set you ahead of the average security pro, but this exam WILL NOT make you a “hacker”. It is the equivalent of the CEH (D.O.D 8570–01-M). It gives you a great baseline to understand the process and get started learning the trade. I definitely recommend anyone looking to learn more about Red Teaming and “hacking” to take this course. It is a great test of academic understanding and will definitely help catapult you into the future as a well-rounded security person!