Force7 Training
FRCCOM-10CompTIA

CompTIA PenTest+ (PT0-003)

This five-day instructor-led course prepares cybersecurity professionals to plan, scope, conduct, analyze, and report penetration testing engagements in modern enterprise environments.

Duration · 5 daysVirtual + In-PersonInstructor-Led

Course Description

This five-day instructor-led course prepares cybersecurity professionals to plan, scope, conduct, analyze, and report penetration testing engagements in modern enterprise environments. Students learn offensive security techniques used to identify, validate, and communicate security weaknesses across networks, systems, web applications, cloud environments, wireless networks, and enterprise infrastructure. The course combines lecture, demonstrations, and hands-on labs aligned with the CompTIA PenTest+ (PT0-003) certification objectives.

— Be First in Line —

Register Your Interest

We're finalizing the schedule for CompTIA PenTest+ (PT0-003). Add your details below and we'll notify you the moment a session opens for registration — no payment or commitment required.

Audience Profile

This course is intended for:

  • Penetration Testers
  • Security Consultants
  • Vulnerability Assessment Analysts
  • Ethical Hackers
  • Security Engineers
  • SOC Analysts
  • Cybersecurity Professionals seeking offensive security skills

Prerequisites

Before enrolling, you should have:

  • CompTIA Security+ or equivalent knowledge
  • Familiarity with networking, operating systems, and security concepts
  • Basic scripting and command-line experience
  • Recommended 3–4 years of hands-on cybersecurity experience

— What You'll Learn —

Learning Objectives

In this course, you will learn to:

  • 1Plan and manage penetration testing engagements.
  • 2Conduct reconnaissance, scanning, and enumeration activities.
  • 3Identify and validate security vulnerabilities.
  • 4Assess web applications, cloud environments, and enterprise infrastructure.
  • 5Perform controlled exploitation and post-exploitation activities.
  • 6Analyze and communicate security risks effectively.
  • 7Develop professional penetration testing reports.
  • 8Prepare for and confidently attempt the CompTIA PenTest+ (PT0-003) certification exam.

— Day-by-Day —

Course Outline

Day 1: Engagement Management, Scoping, and Reconnaissance

Module 1

Introduction to Penetration Testing

  • Penetration testing methodologies
  • Ethical hacking principles
  • Rules of engagement
  • Legal and compliance considerations
  • Penetration testing standards and frameworks
  • Engagement lifecycle overview

Module 2

Planning and Scoping

  • Defining engagement objectives
  • Scope determination
  • Risk assessment considerations
  • Authorization and documentation
  • Stakeholder communication
  • Compliance and regulatory requirements

Module 3

Information Gathering and Reconnaissance

  • Passive reconnaissance techniques
  • Open-source intelligence (OSINT)
  • Public information collection
  • Domain enumeration
  • DNS analysis
  • Social media intelligence gathering

Module 4

Active Reconnaissance

  • Network discovery
  • Host identification
  • Service enumeration
  • Banner grabbing
  • Port scanning techniques
  • Network mapping

Day 2: Enumeration and Vulnerability Discovery

Module 5

Enumeration Techniques

  • User and group enumeration
  • Directory service enumeration
  • SMB enumeration
  • SNMP enumeration
  • Cloud resource discovery
  • Application fingerprinting

Module 6

Vulnerability Assessment

  • Vulnerability scanning methodologies
  • Credentialed and non-credentialed assessments
  • Vulnerability validation
  • False positive identification
  • Risk prioritization
  • CVSS scoring concepts

Module 7

Application Assessment Fundamentals

  • Web application architecture
  • API security testing
  • Authentication mechanisms
  • Session management testing
  • Input validation testing
  • Business logic vulnerabilities

Module 8

Wireless and Cloud Assessments

  • Wireless security fundamentals
  • Wireless reconnaissance
  • Cloud service assessment techniques
  • Identity and access assessment
  • Cloud storage security review

Day 3: Exploitation Techniques

Module 9

Exploitation Fundamentals

  • Exploitation methodology
  • Vulnerability verification
  • Safe exploitation practices
  • Exploitation planning
  • Risk management during testing

Module 10

Network Exploitation

  • Service exploitation concepts
  • Authentication attacks
  • Credential attacks
  • Misconfiguration exploitation
  • Network service weaknesses

Module 11

Web Application Exploitation

  • Injection attacks
  • Cross-site scripting concepts
  • Authentication weaknesses
  • Access control bypasses
  • File handling vulnerabilities
  • API exploitation techniques

Module 12

Host and Endpoint Exploitation

  • Operating system weaknesses
  • Endpoint security bypass concepts
  • Privilege escalation fundamentals
  • Local exploitation opportunities
  • Persistence concepts

Day 4: Post-Exploitation and Advanced Techniques

Module 13

Post-Exploitation Activities

  • Post-exploitation objectives
  • Data discovery techniques
  • Lateral movement concepts
  • Network pivoting
  • Impact assessment
  • Maintaining operational awareness

Module 14

Enterprise Environment Assessments

  • Active Directory security testing
  • Identity infrastructure assessment
  • Enterprise attack paths
  • Security control validation
  • Segmentation testing

Module 15

Specialized Testing Areas

  • Cloud penetration testing
  • Container security assessment
  • Mobile application testing concepts
  • IoT and embedded device considerations
  • Operational technology environments

Module 16

Evasion and Detection Awareness

  • Security control evaluation
  • Logging and monitoring considerations
  • Detection engineering awareness
  • Defensive countermeasures
  • Purple team concepts

Day 5: Reporting, Communication, and Exam Preparation

Module 17

Analysis and Reporting

  • Documentation throughout engagements
  • Risk analysis techniques
  • Vulnerability impact assessment
  • Executive reporting
  • Technical reporting
  • Remediation recommendations

Module 18

Communication and Stakeholder Engagement

  • Presenting findings
  • Managing client expectations
  • Remediation discussions
  • Lessons learned sessions
  • Professional ethics

Module 19

Penetration Test Deliverables

  • Executive summaries
  • Technical findings reports
  • Risk matrices
  • Evidence collection
  • Remediation roadmaps

Module 20

PT0-003 Certification Preparation

  • Review of exam objectives
  • Performance-based question strategies
  • Scenario-based analysis
  • Practice assessments
  • Exam readiness evaluation

— Additional Details —

What else is included

Hands-On Activities Included

  • Engagement planning exercise
  • OSINT collection and analysis
  • DNS and domain reconnaissance
  • Network discovery and scanning
  • Service enumeration activities
  • Enumeration exercises
  • Vulnerability scanning and validation
  • Web application assessment
  • API testing activities
  • Wireless assessment scenarios
  • Cloud security evaluation
  • Exploitation framework exercises
  • Credential attack simulations
  • Web application exploitation labs
  • Privilege escalation exercises
  • Validation of vulnerabilities
  • Active Directory assessment
  • Lateral movement scenarios
  • Cloud penetration testing exercises
  • Container security review
  • Enterprise attack path analysis

Note: Course outlines are provided as a general guide. Content, pacing, labs, and instructional emphasis may vary based on instructor expertise, student experience levels, and customer-specific learning objectives.

— Keep Exploring —

Need a different angle?

Browse the full CompTIA catalog or chat with an advisor about a custom training plan for your team.