This certification is designed for IT professionals with intermediate-level cybersecurity skills. It is ideal for individuals pursuing roles such as penetration testers, ethical hackers, or vulnerability analysts who want to build expertise in assessing and securing networks and systems.

Upon successful completion of this course, students will be able to:

• Plan, scope, and perform information gathering as part of a penetration test.

• Perform attacks that are aligned to and fulfill legal and compliance requirements.
• Perform each phase of a penetration test using and modifying appropriate tools and use the appropriate tactics, techniques, and procedures.
• Analyze the results of each phase of a penetration test to develop a written report, effectively communicate findings to stakeholders and provide practical recommendations.

1.0 Engagement Management

1.1 Summarize pre-engagement activities.

Scope definition

Shared responsibility model

Legal and ethical considerations

1.2 Explain collaboration and communication activities.

Peer review and Stakeholder alignment

Root cause analysis

Escalation path and Secure distribution

Articulation of risk, severity, and impact

Goal reprioritization and Business impact analysis

Client acceptance

1.3 Compare and contrast testing frameworks and methodologies.

Open Source Security Testing Methodology Manual (OSSTMM)

Council of Registered Ethical Security Testers (CREST)

Penetration Testing Execution Standard (PTES)

MITRE ATT&CK

Open Worldwide Application Security Project (OWASP) Top 10

OWASP Mobile Application Security Verification Standard (MASVS)

Purdue model

Threat modeling frameworks

1.4 Explain the components of a penetration test report.

Format alignment

Documentation specifications

Risk scoring

Definitions and Report components

Test limitations and assumptions

Reporting considerations

1.5 Given a scenario, analyze the findings and recommend the appropriate remediation within a report.

Technical, Administrative, Operational and Physical controls

2.0 Reconnaissance and Enumeration

2.1 Given a scenario, apply information gathering techniques.

Active and passive reconnaissance

Open-source intelligence (OSINT)

Network reconnaissance

Protocol scanning

Certificate transparency logs

Information disclosure

Search engine analysis/ enumeration

Network sniffing and Banner grabbing

Hypertext Markup Language (HTML) scraping

2.2 Given a scenario, apply enumeration techniques.

Operating system (OS) fingerprinting

Service discovery

Protocol enumeration

DNS and Directory enumeration

Host discovery and Share enumeration

Local user and Email account enumeration

Wireless, Permission and Secrets enumeration

Attack path mapping

Web application firewall (WAF) enumeration

Web crawling

Manual enumeration

2.3 Given a scenario, modify scripts for reconnaissance and enumeration.

Information gathering

Data manipulation

Scripting languages

Logic constructs

2.4 Given a scenario, use the appropriate tools for reconnaissance and enumeration.

Wayback Machine

Maltego

Recon-ng

Shodan

SpiderFoot

WHOIS

nslookup/dig

3.1 Given a scenario, conduct vulnerability discovery using various techniques.

Types of scans

Industrial control systems (ICS) vulnerability assessment

Tools

3.2 Given a scenario, analyze output from reconnaissance, scanning, and enumeration phases.

Validate scan, reconnaissance, and enumeration results

Public exploit selection

Use scripting to validate results

3.3 Explain physical security concepts.

Tailgating

Site surveys

Universal Serial Bus (USB) drops

Badge cloning

Lock picking

4.0 Attacks and Exploits

4.1 Given a scenario, analyze output to prioritize and prepare attacks.

Target prioritization

Capability selection

4.2 Given a scenario, perform network attacks using the appropriate tools.

Attack types and Tools

4.3 Given a scenario, perform authentication attacks using the appropriate tools.

Attack types and Tools

4.4 Given a scenario, perform host-based attacks using the appropriate tools.

Attack types and Tools

4.5 Given a scenario, perform web application attacks using the appropriate tools.

Attack types and Tools

4.6 Given a scenario, perform cloud-based attacks using the appropriate tools.

Attack types and Tools

4.7 Given a scenario, perform wireless attacks using the appropriate tools.

Attack types and Tools

4.8 Given a scenario, perform social engineering attacks using the appropriate tools.

Attack types and Tools

4.9 Explain common attacks against specialized systems.

Attack types and Tools

4.10 Given a scenario, use scripting to automate attacks.

Attack types and Tools

5.0 Post-exploitation and Lateral Movement

5.1 Given a scenario, perform tasks to establish and maintain persistence.

Scheduled tasks/cron jobs

Service creation

Reverse and Bind Shell

Add new accounts and Obtain valid account credentials

Registry keys

Command and control (C2) frameworks

Backdoor and Rootkit

Browser extensions

Tampering security controls

5.2 Given a scenario, perform tasks to move laterally throughout the environment.

Pivoting

Relay creation

Enumeration

Service discovery

Window Management Instrumentation (WMI)

Window Remote Management (WinRM)

Tools

5.3 Summarize concepts related to staging and exfiltration.

File encryption and compression

Covert channel

Email

Cross-account resources

Cloud storage

Alternate data streams

Text storage sites

Virtual drive mounting

Remove persistence mechanisms

Revert configuration changes

5.4 Explain cleanup and restoration activities.

Remove tester-created credentials

Remove tools

Spin down infrastructure

Preserve artifacts

Secure data destruction