About performance based test for PenTest+

newguy2000newguy2000 Member Posts: 8 ■■□□□□□□□□
Hi,
I have sat Pentest+ twice but failed.
Yes, my knowledge wasn't enough to pass but 20 to 30 more points to pass this.
Anyone would like to tell me how you guys managed to study/learn/understand how to tackle the performance-based test part?
I cannot find suitable material or past/similar questions/answers to get myself prepared.

regards

Comments

  • ElitisElitis S+ Pentest+ CCENT CCNA eJPT eCPPT OSCP Member Posts: 49 ■■■□□□□□□□
    I think the best way to study for the exam in general (beyond just the performance scenarios) is to get familiar with the tools and attacks. TryHackMe has a Pentest+ path available and you could also play around in any of the rooms there or use another hands-on resource like HackTheBox, Virtual Hacking Labs, Pentester Academy, VulnHub, etc.
  • shochanshochan Member Posts: 955 ■■■■■■■□□□
    Yeah, I would suggest doing a practical pentesting exam instead...passing a hands on exam would be more valuable than taking an multiple choice exam IMO...I've taken the Pentest+ before and yes, it was a booger, don't plan on taking it again...and I agree with Elitis, subscribing to a few of those sites before tackling either of the types of exams you plan to take again.  Good luck!
    2021 Goal ~ OSCP

    Urban Achiever~ A+, Network+, i-Net+, MCP 70-210, CNA v5, Server+, Security+, Cloud+, CySA+
    A.A.S - CIS
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 12,075 Admin
    My weakest area that I could tell was in tool use. I can also see how non-programmers might have problems in the code items.
  • shochanshochan Member Posts: 955 ■■■■■■■□□□
    @JDMurray
    Yeah, someone on YouTube or Online training site needs to sift through all the Kali programs & spend like an hour dissecting the in's and out's of EACH tool...It would definitely be a great money maker for them if they can pull it off well.
    2021 Goal ~ OSCP

    Urban Achiever~ A+, Network+, i-Net+, MCP 70-210, CNA v5, Server+, Security+, Cloud+, CySA+
    A.A.S - CIS
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 12,075 Admin
    edited December 2020
    Coincidentally enough, I was contracted by Pluralsight back in 2015 to make several courses explaining how to use the digital forensics tools included with Kali. I made an initial course detailing the basics of DF and basic imaging tools. PS decided not to pursue making courses on the more advanced DF tools--at least not with me--but the two courses I did make are excellent examples of what tools courses for cert prep would look like.

  • newguy2000newguy2000 Member Posts: 8 ■■□□□□□□□□
    Dear All

    Thanks for your helpful advice and really appreciate your kindness.
  • FluffyBunnyFluffyBunny CISSP, OSCP, CEH, RHCE, GCCC, Pentest+, PSM-1, alphabet soupMember Posts: 116 ■■■■□□□□□□
    edited January 6
    The others are correct that you'll do well to try and get practice with a few pentest learning boxes.

    Aside to that I would recommend getting acquainted with the basic grammar of at least the following: Python, Javascript, PHP, Bash, Ruby, Perl, Powershell. And when I say "basic" I do mean basic: know how each language structures things like loops (for, while, etc.) and tests (if/then/else, case/switch, etc.) and how they set and call variables. 

    For example -> https://dev.to/rattanakchea/for-loop-for-different-programming-languages-bgb

    Not knowing something simple as the following can trip you up:
    • Bash: VAR="bla"; echo ${VAR}
    • Powershell: $Var="bla"; echo ${Var}
    • Python: var="bla"; print(var)
    • PHP: $var="bla"; echo $var
    • Javascript: var var="bla"; console.log(var)
    • Ruby: Is a mess! Vars either start with $, @ or nothing and get called with or without #.
    And those aren't even 100% correct ;)
    CISSP, OSCP, CEH, GCCC, RHCSA, RHCE, Pentest+, Linux+, PSM-1, alphabet soup...

    2020: Renew RHCE (with EX407), CompTIA CTT+, Autopsy forensics, Purple teaming training All done!
    2021: Modern Web-app pen-testing (BHIS), Docker DCA, PortSwigger Burp Suite class.
  • shochanshochan Member Posts: 955 ■■■■■■■□□□
    The others are correct that you'll do well to try and get practice with a few pentest learning boxes.

    Aside to that I would recommend getting acquainted with the basic grammar of at least the following: Python, Javascript, Bash, Ruby, Perl, Powershell. And when I say "basic" I do mean basic: know how each language structures things like loops (for, while, etc.) and tests (if/then/else, case/switch, etc.) and how they set and call variables. 

    For example -> https://dev.to/rattanakchea/for-loop-for-different-programming-languages-bgb
    It's probably why I failed the PenTest+, as I am no programmer...it's probably my weakness whilst trying to get into pentesting, though I have over 20yrs of sys admin experience.  I will eventually "get it" it just takes more experiences.
    2021 Goal ~ OSCP

    Urban Achiever~ A+, Network+, i-Net+, MCP 70-210, CNA v5, Server+, Security+, Cloud+, CySA+
    A.A.S - CIS
  • FluffyBunnyFluffyBunny CISSP, OSCP, CEH, RHCE, GCCC, Pentest+, PSM-1, alphabet soupMember Posts: 116 ■■■■□□□□□□
    shochan said:
    It's probably why I failed the PenTest+, as I am no programmer...
    You and me both! :D I'm just very happy I can plod my way through someone else's Java code well enough if I know there's a vulnerability in there.
    CISSP, OSCP, CEH, GCCC, RHCSA, RHCE, Pentest+, Linux+, PSM-1, alphabet soup...

    2020: Renew RHCE (with EX407), CompTIA CTT+, Autopsy forensics, Purple teaming training All done!
    2021: Modern Web-app pen-testing (BHIS), Docker DCA, PortSwigger Burp Suite class.
  • newguy2000newguy2000 Member Posts: 8 ■■□□□□□□□□
    By the way, does following is useful for passing the exam? I sat yesterday for my 3rd trial and scored 730(pass mark is 750...damm it!!)

    <CompTIA CertMaster Learn for PenTest+ (PT0-001) – Individual License >
    https://jp-store.comptia.org/p/PEN-001-CMLR-2018 
Sign In or Register to comment.