CompTIA PenTest+ Certification Review

Introduction

PenTest+ is one of the most recent CompTIA cyber security certifications, it is designed for cyber security professionals or students who aspire to be in a role with an emphasis in penetration testing and the offensive side of cyber security.

It was initially released on the 31st July 2018 and since at the time I was preparing for OSCP and I had already done A+, Network+ and Security+ I thought this was the best way forward.

Pros

• It is a vendor-neutral certification
• Relatively inexpensive, at about 370 USD
• Great industry recognition
• No prerequisites to sign up for the certification
• Great amount of learning material online
• It only requires 60 continuing education units to renew the certification for three years
• It can be renewed by earning a higher-level CompTIA certification

Cons

• This certification by itself isn’t enough to get your foot in the door and land a job as penetration testing in and of itself is very practical, which is an aspect this certification lacks.
• Even though the exam contains performance-based questions, these aren’t even near the level of difficulty you would find in other certification exams such as eJPT or OSCP and in my opinion they fail to give you an accurate representation of what a real-life assessment looks like.
• Although it’s not as massive as something like CEH, at times it does feel like the certification wants you to become an encyclopedia rather than learning the practical applications of certain techniques or processes in real life scenarios.

Exam Objectives

What I really liked about this course, as opposed to other courses like CEH, is that the exam objectives were not as broad but still managed to properly explain all of the processes, tools and techniques that are involved in penetration testing. The course is divided in five sections, which are pretty much based on the phases of the penetration testing life cycle:

• Planning and Scoping
• Information Gathering and Vulnerability Identification
• Attacks and Exploits
• Penetration Testing Tools
• Reporting and Communication

Planning and Scoping

This section covers all of the processes required before the actual penetration test can commence (rules of engagement, point of contacts, budget, timelines, disclaimers etc.), legal concepts (such as statement of work, master service agreement, non-disclosure agreement, authorization etc.), project scoping and requirement gathering (type of assessment, targets, users, applications, threat actors etc.).

Information Gathering and Vulnerability Identification

This part is about how to conduct information gathering (scanning, enumeration, fingerprinting, open source intelligence etc.), vulnerability scanning (credentialed vs non-credentialed, types of scans, factors to take into account etc.), analyzing scan results (false positives, prioritization, types of vulnerabilities etc.), preparing exploitation (identifying exploits for the vulnerabilities found, prioritizing the next steps, setting up the exploits etc.) and understand how different systems are affected by vulnerabilities (ICS, SCADA, mobile, IoT, point of sales etc.).

Attacks and Exploits

This includes information regarding the various attack vectors of a penetration test, from social engineering techniques (phishing, impersonation, media drop etc.), network vulnerabilities (SMB, FTP, SMTP, man in the middle, DOS etc.), wireless vulnerabilities (evil twin, deauthentication, WPS PIN cracking, bluesnarfing etc.), web application vulnerabilities (injection, authentication, cross-site scripting, cross-site request forgery, file inclusion etc.), operating system vulnerabilities (services and protocols, privilege escalation, system hardening, sandbox escape, physical security etc.), physical security attacks (piggybacking, tailgating, dumpster diving, lock picking, badge cloning etc.) and post exploitation techniques (lateral movement, persistence, covering tracks etc.).

Penetration Testing Tools

This section talks about the actual tools used, such as Nmap (types of scans, port selection, service and version detection, OS fingerprinting, switches etc.), various types of tools to carry out different tasks (vulnerability scanners, password hacking tools, debuggers, wireless hacking tools, networking tools etc.), analyzing output from tools or data (credential cracking, injections, web shells, remote code execution etc.) and analyzing basic scripts for various scripting languages (if statements, loops, variables, comparisons, error handling, arrays etc.).

Reporting and Communication

This last fraction of the objectives covers what occurs after the penetration test has been concluded: report writing (executive summary, methodology, findings and remediation, risk matrix etc.) and handling of report, post report activities (clean-up, client acceptance, corrective actions and retest, attestation of findings etc.), mitigation strategies (people, processes, technologies, suggestions based on the vulnerabilities identified etc.) and communication during the testing phase (points of contact, contact triggers, goal prioritization etc.).

A full list of the exam objectives can be found here.

Exam Preparation

I started preparing for the exam around June 2019 and passed the exam on the first attempt in December.
In terms of learning material, I used the CompTIA PenTest+ (Ethical Hacking) Course & Practice Exam course on Udemy, which includes 8 hours of video lessons and a practice test that attempts to mimic the real exam.

I then bought a few Android apps , books and Udemy quizzes to do some more practice for the exam:

• Test prep. for CompTIA PenTest+ PT0-001. PRO
• CompTIA PenTest+ Practice Exam (PT0-001)
• CompTIA PenTest+ PT0-001 Cert Guide Premium Edition and Practice Tests

The Exam

The certification exam lasts about 160 minutes and it is made of 85 multiple choice questions and performance-based questions (which may require you to run certain commands or perform certain actions with penetration testing tools), the passing score is about 85% which makes it one of the toughest CompTIA certifications in terms of passing score.

I managed to pass the exam on my first attempt although I was only about 20 points above the passing score, as the last few weeks before the exam I was super busy and I didn’t have much time to do practice quizzes, nonetheless a pass is a pass.

Conclusion

I really enjoyed this certification and what it had to offer and I would definitely recommend it to anyone looking to start a career in penetration testing, although as much as this certification does a great job at teaching you all of the fundamentals and the theory behind pentesting, which are absolutely necessary for the job, do not expect this certification to guarantee you a job in the field as you will also require some practical training to be a successful penetration tester.