Pentest+ study plan and materials

wannabeanOSCPwannabeanOSCP Member Posts: 17 ■■□□□□□□□□
So any of you guys have any plans or materials to prepare for pentest+ i heard you need to review codes and exploits also
Please share
«1

Comments

  • EnderWigginEnderWiggin Member Posts: 551 ■■■■□□□□□□
    Study plan: Conduct extensive penetration tests
    Materials: Computers
  • tedjamestedjames Member Posts: 1,182 ■■■■■■■■□□
    Download the objectives and use that as your plan. If it's in the objectives, it's likely going to be on the test.
  • wannabeanOSCPwannabeanOSCP Member Posts: 17 ■■□□□□□□□□
    anyone recommend the video course that kind of covers the objectives.
  • EnderWigginEnderWiggin Member Posts: 551 ■■■■□□□□□□
    A video course won't get you a pass. Either get yourself hands-on experience with pen testing tools, or you're wasting your time and money taking this test. Plain and simple.
  • wannabeanOSCPwannabeanOSCP Member Posts: 17 ■■□□□□□□□□
    how about books like hackers playbook 2 and web application hackers handbook will it be enough?
  • PC509PC509 Member Posts: 804 ■■■■■■□□□□
    A video course won't get you a pass. Either get yourself hands-on experience with pen testing tools, or you're wasting your time and money taking this test. Plain and simple.

    I figured as the PenTest+ is multiple choice, that it'd focus more on theory and procedure and less of the hands on (which is where the eJPT/OSCP would come into play). It seemed like it would be out of place and more equate to the CEH style of exam, which I didn't care for (again - theory and procedure and less of the hands on).

    The more I hear about the exam, the less sure I am of where it fits in the certification realm. Better than CEH, but not the practical stuff like eJPT/OSCP?
  • EnderWigginEnderWiggin Member Posts: 551 ■■■■□□□□□□
    how about books like hackers playbook 2 and web application hackers handbook will it be enough?
    A book won't get you a pass. Either get yourself hands-on experience with pen testing tools, or you're wasting your time and money taking this test. Plain and simple.
    PC509 wrote: »
    I figured as the PenTest+ is multiple choice, that it'd focus more on theory and procedure and less of the hands on (which is where the eJPT/OSCP would come into play). It seemed like it would be out of place and more equate to the CEH style of exam, which I didn't care for (again - theory and procedure and less of the hands on).

    The more I hear about the exam, the less sure I am of where it fits in the certification realm. Better than CEH, but not the practical stuff like eJPT/OSCP?
    While this exam is multiple choice, you need to have practical experience to be able to answer the questions.
  • meni0nmeni0n Member Posts: 68 ■■■□□□□□□□
    To prepare I'm reading The Hacker Playbook 2 and also doing vulnhub machines. I'll use that as preparation for OSCP as well.
  • JollyFrogsJollyFrogs Member Posts: 97 ■■■□□□□□□□
    Thanks for this thread - I've signed up for the Beta exam. This is a much cheaper way (although a little more risky) to get the Comptia Certs for sure :)
  • wannabeanOSCPwannabeanOSCP Member Posts: 17 ■■□□□□□□□□
    meni0n wrote: »
    To prepare I'm reading The Hacker Playbook 2 and also doing vulnhub machines. I'll use that as preparation for OSCP as well.

    I will be doing this as well i have 2 month still exam is on april 23
  • wannabeanOSCPwannabeanOSCP Member Posts: 17 ■■□□□□□□□□
    JollyFrogs wrote: »
    Thanks for this thread - I've signed up for the Beta exam. This is a much cheaper way (although a little more risky) to get the Comptia Certs for sure :)


    I'm a big fan of yours .When are you taking exam?
  • wannabeanOSCPwannabeanOSCP Member Posts: 17 ■■□□□□□□□□
    A book won't get you a pass. Either get yourself hands-on experience with pen testing tools, or you're wasting your time and money taking this test. Plain and simple.


    While this exam is multiple choice, you need to have practical experience to be able to answer the questions.


    Understood mate.I know it will be hard or impossible to pass but i want to give it a good fight
  • Doc1500Doc1500 Member Posts: 4 ■□□□□□□□□□
    I also signed up for the Beta exam in 2 weeks for $50 probably not ready for it been busy with work but really curious to see what its about. icon_profileleft.gif Also I would love to quit paying my annual fee for my CEH and I think this one could be a good sub or better until I could get the OCSP. Dollar wise at $50 buck the beta has really good value for cost compared to the CEH or some of the other expensive ones.


    Hack the box HTB and Vuln Hub walk through are probably the best bet starting out taking stuff learned from books to actual labs. https://forum.hackthebox.eu/discussion/128/best-machines-to-start-for-a-beginner
    "Make everything as simple as possible, but not simpler." - Albert Einstein (1879-1955)
  • stryder144stryder144 Member Posts: 1,684 ■■■■■■■■□□
    I am following this thread. I signed up for the exam and then cancelled once I started reading that it was way more than a simple CEH-style theory exam. I've decided that I'll wait until the next version of the exam comes into beta and take that one. By then (three years or so from now), I should have theory and tools usage knowledge to help me pass this one.
    The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia

    Connect With Me || My Blog Site || Follow Me
  • yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
    1) Prior experience.
    I've got about 3 years of infosec exp. and some of that was vulnerability assessments, vulnerability management, and penetration testing.

    2) The PenTest+ Exam Objectives.
    This is THE most important resource.

    3) GPEN course books.
    Borrowed a copy of the 2016 version and will read through once, probably at a pace of 30 pages per day.

    4) Prior programming experience.
    I know Python and bash, though I haven't touched Ruby or PowerShell in years.


    At that point whatever is left on the exam objectives I haven't used or heard of, I'll read up on it, watch Youtube vids on it, and lab with it.

    No CEH materials for me.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • JollyFrogsJollyFrogs Member Posts: 97 ■■■□□□□□□□
    I'm a big fan of yours .When are you taking exam?
    Hey, Scheduled for the 19th of March currently :)
  • airzeroairzero Member Posts: 126
    JollyFrogs wrote: »
    Hey, Scheduled for the 19th of March currently :)

    Holy smokes, @JollyFrogs lives! icon_cheers.gif
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    Start with eJPT and move from there
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • c5rookiec5rookie Member Posts: 53 ■■■□□□□□□□
    After taking the exam this week, I would feel more confident in pen testing skills and knowledge, knowing that I passed this exam compared to C|EH. When I passed the C|EH in 2013, I was disappointed in what EC-Council felt someone needed to know to be considered a hacker from the questions they asked. Anyway, this was definitely an exam based on knowing processes, procedures, documentation, tools, reporting, information gathering, vulnerability analysis, etc. Like any exam environment, knowing acronyms and terms will only get you so far. Then again, it could give you those extra few points to make it over the mark. After studying the exam objectives for a few weeks, I felt better about what I was getting into. One thing to mention, the test details listed in the Exam Objectives PDF v3.0 do not match the Test Details on CompTIA's website. They did a good job of giving you enough time for the exam and review. If you're weak in one of the domains listed (I do not do any programming), ensure you are strong in the other four. This should help get you over the cut off score when the Beta is over. I plan on re-taking the exam this summer if I find out I didn't make the initial cut.
  • julioiglesiaspjulioiglesiasp Member Posts: 5 ■□□□□□□□□□
    PC509 wrote: »
    I figured as the PenTest+ is multiple choice, that it'd focus more on theory and procedure and less of the hands on (which is where the eJPT/OSCP would come into play). It seemed like it would be out of place and more equate to the CEH style of exam, which I didn't care for (again - theory and procedure and less of the hands on).

    The more I hear about the exam, the less sure I am of where it fits in the certification realm. Better than CEH, but not the practical stuff like eJPT/OSCP?
    Sorry, but I don't share your opinion on comparing eJPT with OSCP, I know that e-learnsec are hands'on based, but, they are too far from the Offensive Security Courses and Certifications level. I see your point, hands-on vs multiple choices, but, ECSA also is hands-on, but the level compared with OSCP (or OSCE, and so for) is poor.
    Anyway, there are a lot of Pentesting / "Hacking" certifications now, specially because when Microsoft or Cisco promotes their Certifications, the situtation is clear, you must know to admin and configure those technologies, but with pentesting the thing is different, there are Offsec, EC Council, E-Learnsec, SANS, Comptia+, EXIN, and many others; so, which cert you must take?. The best answer for that now, on 23/03/2018 is sharing this Job Position Req:
    "MWR Info Security - London
    OSCP & OSCE won’t hurt your chances, CEH might. We have openings for all grades (Junior to Senior) of consultant in our London, Manchester and Basingstoke... "Right now, you can see this Job on: https://www.indeed.co.uk/Ceh-jobs-in-London
    Offsec guys were real Hackers in the past and in the present: better known as Milw0rm: https://en.wikipedia.org/wiki/Milw0rm
    Only hackers can teach you hacking!
    Best regards.
  • JollyFrogsJollyFrogs Member Posts: 97 ■■■□□□□□□□
    So I did the Pentest+ exam last Friday. It wasn't too difficult but the questions can be tricky... one of the questions I only had right because it asked for a single answer (radio buttons) but two were obviously correct so I was confused (If only one was "correct" I would have clicked it and never looked back). Then I re-read the question and found that those were actually both wrong and there was another, much less obvious answer that was correct after I dismissed it originally. So yes, I suggest to read the questions well. My biggest tip is to simply study the acronyms in the exam objectives (imo just looking up what they mean in wikipedia will be sufficient to answer the questions relating to those acronyms). There were a few tricky questions that I agree one wouldn't know without either being a pentester or having completed the OSCP but they were far and few between and even then you still have a chance to get them right since it's multiple choice. Most questions are straightforward and some required a crystal ball (aka - the answer CompTIA believes is best). The downside of the beta is that the comments count as part of the exam time, but I still commented on quite a few of the questions, whether they were bad questions, ambiguous or good questions. I'm not too worried about passing or failing but if I had to guess I'd say I might score around 80-85%. I'll know in 6 months :D

    Good luck to whoever is going for this one - it's only 50 bucks and it's entirely doable, especially if you already completed OSCP or did some vulnhubs.
  • yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
    JollyFrogs wrote: »
    . . . My biggest tip is to simply study the acronyms in the exam objectives (imo just looking up what they mean in wikipedia will be sufficient to answer the questions relating to those acronyms). . .

    I didn't even think about this. Thanks!
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • JollyFrogsJollyFrogs Member Posts: 97 ■■■□□□□□□□
    False alarm - I got an email from Comptia saying I passed, I thought it was the Pentest+ exam from a few weeks ago. But it turns out it was an email for an exam I passed in August 2016 (CySA+) :)
  • shochanshochan Member Posts: 1,014 ■■■■■■■■□□
    wow, they are kicking out results much faster than I have ever seen...coolio
    CompTIA A+, Network+, i-Net+, MCP 70-210, CNA v5, Server+, Security+, Cloud+, CySA+, ISC² CC, ISC² SSCP
  • meni0nmeni0n Member Posts: 68 ■■■□□□□□□□
    Did you have a CySA+? I got one too but it was just because they were issuing the new CySA+ certificate. The Beta is done on the 25th. They don't even know what questions to take out in order to come out with a score.
  • JollyFrogsJollyFrogs Member Posts: 97 ■■■□□□□□□□
    Oh that's interesting - yes I passed the CySA+ Beta exam in 2016. The email didn't specify WHICH exam I passed but since I've only done one (this Pentest+ beta exam) since 2016 I assumed it was the Pentest+ exam results.... you think the congratulations email I received was from a beta exam in 2016? How confusing, especially since they don't mention which exam you passed in the email, they just say "Congratulations! You have successfully passed your CompTIA certification exam". They say it will take 5 days for the website to update, so I'll know in 5 days whether this email was about Pentest+ or about my 2016 exam :D
  • yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
    Yeah compare the pdfs for the CSA+ you had downloaded back in 2016-17 (if you did) to the one you can download now. My bet is it now says CySA+. I've got two certs printouts, identical dates, but one without the "y" in the middle.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • meni0nmeni0n Member Posts: 68 ■■■□□□□□□□
    Yea mine also didn't specify which exam I passed when I got the email yesterday. It's just the way that they reissue the certificate I guess.
  • JollyFrogsJollyFrogs Member Posts: 97 ■■■□□□□□□□
    Ok - the official results did came in today via email: I passed :)
  • jamsubjamsub Registered Users Posts: 3 ■□□□□□□□□□
    I cut a 711 out of 750. I was barely studying for it as I have other things to work through so I actually feel okay about my score. Me and BurpSuite need to spend some time together before the next go around.
Sign In or Register to comment.