All Training Courses

COMP-203

CompTIA PenTest+ Bootcamp

Description

CompTIA PenTest+ Bootcamp and exam validate your ability to identify, mitigate, and report system vulnerabilities. This course covers all stages of penetration testing across attack surfaces (including cloud, web apps, APIs, and IoT) and emphasizes hands-on skills such as vulnerability management and lateral movement. This course equips you with the expertise to advance your career as a penetration tester or security consultant.

U.S. DoDM 8140.03 APPROVED BY DEPARTMENT OF DEFENSE

Prerequisite

Recommended experience:  3–4 years in a penetration tester job role, with Network+ and Security+ or equivalent knowledge.

Objectives

By the end of this course, participants will:

  • Plan, scope, and perform information gathering as part of a penetration test.
  • Perform attacks that are aligned to and fulfill legal and compliance requirements.
  • Perform each phase of a penetration test using and modifying appropriate tools, tactics, techniques, and procedures.
  • Analyze the results of each phase of a penetration test to develop a written report, effectively communicate findings to stakeholders, and provide practical recommendations.

Key Takeaways

  • Latest techniques in artificial intelligence (AI), hands-on inventory, scanning and analysis, attacks, lateral movement, as well as planning, scoping, and vulnerability management
  • Demonstrate key pen testing skills for all attack surfaces, including the cloud, web apps, APIs, IoT, on-premises, and hybrid network environments
  • Develop a robust security strategy
  • Determine the resiliency of any network

Who Is This For

Cybersecurity professionals tasked with penetration testing and security consulting.

Certificate of Completion

  • Certificate of Completion issued after successful completion of all chapters, hands-on exercises, and course evaluation.
  • Certificate is downloadable from the Ghost Team Academy Education Portal.

Training Outline

Day 1 – Introduction, Planning, & Scoping

Morning:

  • Welcome, course overview, and exam objectives
  • The role and ethics of a penetration tester
  • Legal considerations and compliance (contracts, NDAs, authorization, data privacy laws)
  • Rules of engagement and scope definition

Afternoon:

  • Pen testing methodologies and frameworks (PTES, OWASP, MITRE ATT&CK)
  • Scoping exercises and target identification
  • Lab Setup: Building your test environment (Kali Linux, Metasploitable, DVWA)
  • Labs: Defining scope and creating a pen test plan

End of Day Review:

  • Domain 1 practice quiz and discussion

Day 2 – Information Gathering & Vulnerability Scanning

Morning:

  • Reconnaissance types: active vs. passive
  • OSINT techniques and tools (WHOIS, the Harvester, Shodan, Maltego)
  • Network mapping and enumeration (Nmap, Netcat, SMB enumeration)

Afternoon:

  • Vulnerability scanning concepts and best practices
  • Using Nessus, OpenVAS, and Nikto
  • Labs: Performing reconnaissance and scanning a simulated network
  • Identifying and prioritizing vulnerabilities

End of Day Review:

  • Domain 2 review quiz and walkthrough of scan analysis

Day 3 – Attacks and Exploits (Part 1)

Morning:

  • Network attacks: sniffing, spoofing, and MITM
  • Exploiting services: SMB, FTP, SSH, and web servers
  • Exploit frameworks: Metasploit fundamentals

Afternoon:

  • Web application attacks (SQLi, XSS, command injection)
  • Credential attacks: brute force, password spraying, hash cracking
  • Labs: Exploiting web and network vulnerabilities using Metasploit

End of Day Review:

  • Scenario-based review and knowledge check

Day 4 – Attacks and Exploits (Part 2) & Post-Exploitation

Morning:

  • Wireless attacks and assessment tools (Aircrack-ng, Reaver)
  • Social engineering techniques and payload delivery
  • Privilege escalation techniques on Windows and Linux

Afternoon:

  • Lateral movement, persistence, and data exfiltration
  • Post-exploitation cleanup and covering tracks
  • Labs: Privilege escalation and pivoting through compromised hosts

End of Day Review:

  • Domain 3 practice questions and instructor debrief

Day 5 – Reporting, Communication, & Exam Prep

Morning:

  • Reporting structure and best practices
  • Writing professional pen test reports
  • Communicating findings to management and technical teams
  • Labs: Create and present a penetration testing report

Afternoon:

  • Tools and scripting review (Python, PowerShell, Bash basics)
  • Comprehensive practice exam simulation
  • Review of difficult exam objectives and test-taking strategies
  • Final Q&A and readiness assessment

End of Day:

  • Course wrap-up, key takeaways, and certification next steps

Quick Info
  • Type: Hands-On
  • Delivery: In Person, Virtual, Hybrid, Self-Paced
  • Level: Intermediate
  • Duration: 5 days (8 hours per day)
  • CEU Hours: 40
Go to All Trainings