pentest+ - d3adair.xyz

## background This is my most recent CompTIA certification that I obtained back in January of 2020 and have since renewed in 2024. I obtained this cert after the Net+, Sec+, and CySA+ certifications. It was also the CompTIA certification that I scored the highest on. ## my_experience I primarily used Jason Dion's PenTest+ course on Udemy. As I have stated previously, I highly recommend Jason Dion's certification courses. I watched Dion's entire course while taking handwritten notes on nearly everything. I did this for about 5 days. The next few days I was able to obtain the Sybex 1000 Practice Question book from a friend as a gift. This book while helpful in some aspects, was very similar to the book that I had purchased for CySA+ also from Sybex. The questions are much more difficult than what is on the test, and introduce too much unnecessary information that is not included in the PenTest+ exam objectives. After skimming through the practice question book, I scheduled the test a few days in advance. On test day, I finished the exam with about an hour to spare. This test along with CySA+ gives you 2 hours and 45 minutes to complete the exam. I passed with an 807. ## tips - Know and understand Python & Bash primarily. I did not get any questions where you were expected to make sense of a Ruby script. I believe I did have one question in regards to a Powershell script. To be safe however, just make sure you know how to spot the differences between them. - Know how to spot and remediate specific browser vulnerabilities. This will be important for your PBQ's. - Know your Nmap! I didn't get bombarded with Nmap commands, but I did definitely have a few. Know the major flags (-sS -sT -O -A -p- --script) along with a few others. It helps to simply practice the commands in a Kali VM or however you choose. - This is probably the most important tip, and it is similar to that advice I gave for the CySA+ exam. You must possess a very strong grasp of offensive security and pentesting methodology. A very large portion of the questions on the test simply throw you into a scenario where you're a penetration tester, and you're expected to make the next step. For example, you may run into a question like, "You're a penetration tester who has been hired by a corporation to test their network security. You were able to successfully compromise a remote host on the target's network, however after attempting to pivot to another host, you ran into X problem. What would be your next step?" - CTFs for practice. CTFs (Capture the Flag) are vulnerable machines that you can mock pentest. They can either be spun up in a VM using an ISO you downloaded (Vulnhub) or boxes provided by a CTF platform like HackTheBox that allows you to connect to their network and spin up boxes at your whim. CTFs help immensely with putting you in the "hacker mindset" and I highly recommend them. ## links https://www.udemy.com/course/pentestplus/?couponCode=ST17MT31325G3 https://a.co/d/gxJJrcb https://partners.comptia.org/docs/default-source/resources/comptia-pentest-pt0-002-exam-objectives-(4-0) https://www.vulnhub.com/ https://www.hackthebox.eu/ https://tryhackme.com/