CompTIA Pentest+ PT0-002 – Section 3: Scooping an Engagement Part 5

22. Limitations and Permission (OBJ 1.1 and OBJ 1.3) During your penetration test, you may also find a lot of confidential information about the target organization. Remember, it is your responsibility to safeguard this information, and if you’re able to access an area of their network you think you shouldn’t be in, it’s important to… Read More »

CompTIA Pentest+ PT0-002 – Section 3: Scooping an Engagement Part 4

20. Assessment Types (OBJ 1.2) There are many different types of penetration tests and assessments, including goals-based, objectives-based, compliance-based, premerger, supply chain and red team assessments. A goals-based assessment is designed with a specific goal in mind. In this case, the penetration tester may attempt to define as many unique ways as possible to achieve… Read More »

CompTIA Pentest+ PT0-002 – Section 3: Scooping an Engagement Part 3

18. Identifying Restrictions (OBJ 1.2) Every organization has a different risk tolerance threshold. This risk tolerance threshold will become a big point of contention during the planning of the timing, the tempo, and the scope of your engagement. If the organization is quite risk averse, you’re going to need to be extra careful not to… Read More »

CompTIA Pentest+ PT0-002 – Section 3: Scooping an Engagement Part 2

16. Adversary Emulation (OBJ 1.2) When you’re conducting an engagement, sometimes you might be asked to perform adversary emulation. Now, adversary emulation is a specialized type of penetration testing where you’re trying to mimic the tactics, techniques and procedures of a real-world threat actor during your penetration test. For example, maybe you’re conducting a penetration… Read More »

CompTIA Pentest+ PT0-002 – Section 3: Scooping an Engagement Part 1

14. Scoping an Engagement (OBJ 1.1, 1.2, and 1.3) In this section of the course we’re going to cover the various considerations that you need to think of when scoping an engagement. Now, when we use the term scope in the world of penetration testing, we’re referring to the combined objectives and requirements needed to… Read More »

CompTIA Pentest+ PT0-002 – Section 2: Planning an Engagement Part 5

12. Regulatory Compliance (OBJ 1.1) When working as a penetration tester, you need to be familiar with a wide range of basic laws and regulations, especially for performing a compliance-based assessment. There are numerous laws and regulations that organizations may be subject to. And it’s our job to help test or prove their compliance with… Read More »

CompTIA Pentest+ PT0-002 – Section 2: Planning an Engagement Part 4

10. Planning a Test (OBJ 1.2) When it comes to penetration testing, planning is incredibly important. There are three major factors for any assessment, time, cost, and quality. These three factors are always in competition with each other, and decisions on their priority have to be agreed upon between the penetration tester and the organization… Read More »

CompTIA Pentest+ PT0-002 – Section 2: Planning an Engagement Part 3

8. PenTest Methodologies (OBJ 1.2) Every penetration test should follow a specific methodology. Now, a methodology is defined as “a system of methods used in a particular area of study or activity.” In terms of penetration testing, it refers to the systematic approach that a penetration tester is going to use before, during, and after… Read More »

CompTIA Pentest+ PT0-002 – Section 2: Planning an Engagement Part 2

6. Risk Handling (OBJ 1.2) When we talk about risk, we have to think about what we can do about risk as an organization. After you conclude your penetration test, one of the biggest deliverables you’re going to have is a final report to your client’s organization that lists all the vulnerabilities you found, how… Read More »

CompTIA Pentest+ PT0-002 – Section 2: Planning an Engagement Part 1

4. Planning an Engagement (OBJ 1.1, 1.2, and 1.3) In this section of the course, we’re going to cover the various considerations that you need to think of when you’re planning an engagement. in the world of penetration testing, the term engagement simply means a singular penetration testing project that has been planned and scoped… Read More »