Pentest+ study plan and materials

So any of you guys have any plans or materials to prepare for pentest+ i heard you need to review codes and exploits also
Please share

Find more posts tagged with

Comments

EnderWiggin

Study plan: Conduct extensive penetration tests
Materials: Computers

tedjames

Download the objectives and use that as your plan. If it's in the objectives, it's likely going to be on the test.

wannabeanOSCP

anyone recommend the video course that kind of covers the objectives.

EnderWiggin

A video course won't get you a pass. Either get yourself hands-on experience with pen testing tools, or you're wasting your time and money taking this test. Plain and simple.

wannabeanOSCP

how about books like hackers playbook 2 and web application hackers handbook will it be enough?

PC509

EnderWiggin wrote: »

A video course won't get you a pass. Either get yourself hands-on experience with pen testing tools, or you're wasting your time and money taking this test. Plain and simple.

I figured as the PenTest+ is multiple choice, that it'd focus more on theory and procedure and less of the hands on (which is where the eJPT/OSCP would come into play). It seemed like it would be out of place and more equate to the CEH style of exam, which I didn't care for (again - theory and procedure and less of the hands on).

The more I hear about the exam, the less sure I am of where it fits in the certification realm. Better than CEH, but not the practical stuff like eJPT/OSCP?

EnderWiggin

wannabeanOSCP wrote: »

how about books like hackers playbook 2 and web application hackers handbook will it be enough?

A book won't get you a pass. Either get yourself hands-on experience with pen testing tools, or you're wasting your time and money taking this test. Plain and simple.

PC509 wrote: »

I figured as the PenTest+ is multiple choice, that it'd focus more on theory and procedure and less of the hands on (which is where the eJPT/OSCP would come into play). It seemed like it would be out of place and more equate to the CEH style of exam, which I didn't care for (again - theory and procedure and less of the hands on).

The more I hear about the exam, the less sure I am of where it fits in the certification realm. Better than CEH, but not the practical stuff like eJPT/OSCP?

While this exam is multiple choice, you need to have practical experience to be able to answer the questions.

meni0n

To prepare I'm reading The Hacker Playbook 2 and also doing vulnhub machines. I'll use that as preparation for OSCP as well.

JollyFrogs

Thanks for this thread - I've signed up for the Beta exam. This is a much cheaper way (although a little more risky) to get the Comptia Certs for sure

wannabeanOSCP

meni0n wrote: »

To prepare I'm reading The Hacker Playbook 2 and also doing vulnhub machines. I'll use that as preparation for OSCP as well.

I will be doing this as well i have 2 month still exam is on april 23

wannabeanOSCP

JollyFrogs wrote: »

Thanks for this thread - I've signed up for the Beta exam. This is a much cheaper way (although a little more risky) to get the Comptia Certs for sure

I'm a big fan of yours .When are you taking exam?

wannabeanOSCP

EnderWiggin wrote: »

A book won't get you a pass. Either get yourself hands-on experience with pen testing tools, or you're wasting your time and money taking this test. Plain and simple.

While this exam is multiple choice, you need to have practical experience to be able to answer the questions.

Understood mate.I know it will be hard or impossible to pass but i want to give it a good fight

Doc1500

I also signed up for the Beta exam in 2 weeks for $50 probably not ready for it been busy with work but really curious to see what its about. Also I would love to quit paying my annual fee for my CEH and I think this one could be a good sub or better until I could get the OCSP. Dollar wise at $50 buck the beta has really good value for cost compared to the CEH or some of the other expensive ones.

Hack the box HTB and Vuln Hub walk through are probably the best bet starting out taking stuff learned from books to actual labs. https://forum.hackthebox.eu/discussion/128/best-machines-to-start-for-a-beginner

stryder144

I am following this thread. I signed up for the exam and then cancelled once I started reading that it was way more than a simple CEH-style theory exam. I've decided that I'll wait until the next version of the exam comes into beta and take that one. By then (three years or so from now), I should have theory and tools usage knowledge to help me pass this one.

yoba222

1) Prior experience.
I've got about 3 years of infosec exp. and some of that was vulnerability assessments, vulnerability management, and penetration testing.

2) The PenTest+ Exam Objectives.
This is THE most important resource.

3) GPEN course books.
Borrowed a copy of the 2016 version and will read through once, probably at a pace of 30 pages per day.

4) Prior programming experience.
I know Python and bash, though I haven't touched Ruby or PowerShell in years.

At that point whatever is left on the exam objectives I haven't used or heard of, I'll read up on it, watch Youtube vids on it, and lab with it.

No CEH materials for me.

JollyFrogs

wannabeanOSCP wrote: »

I'm a big fan of yours .When are you taking exam?

Hey, Scheduled for the 19th of March currently

airzero

JollyFrogs wrote: »

Hey, Scheduled for the 19th of March currently

Holy smokes, @JollyFrogs lives!

UnixGuy

Start with eJPT and move from there

c5rookie

After taking the exam this week, I would feel more confident in pen testing skills and knowledge, knowing that I passed this exam compared to C|EH. When I passed the C|EH in 2013, I was disappointed in what EC-Council felt someone needed to know to be considered a hacker from the questions they asked. Anyway, this was definitely an exam based on knowing processes, procedures, documentation, tools, reporting, information gathering, vulnerability analysis, etc. Like any exam environment, knowing acronyms and terms will only get you so far. Then again, it could give you those extra few points to make it over the mark. After studying the exam objectives for a few weeks, I felt better about what I was getting into. One thing to mention, the test details listed in the Exam Objectives PDF v3.0 do not match the Test Details on CompTIA's website. They did a good job of giving you enough time for the exam and review. If you're weak in one of the domains listed (I do not do any programming), ensure you are strong in the other four. This should help get you over the cut off score when the Beta is over. I plan on re-taking the exam this summer if I find out I didn't make the initial cut.

julioiglesiasp

PC509 wrote: »

I figured as the PenTest+ is multiple choice, that it'd focus more on theory and procedure and less of the hands on (which is where the eJPT/OSCP would come into play). It seemed like it would be out of place and more equate to the CEH style of exam, which I didn't care for (again - theory and procedure and less of the hands on).

The more I hear about the exam, the less sure I am of where it fits in the certification realm. Better than CEH, but not the practical stuff like eJPT/OSCP?

Sorry, but I don't share your opinion on comparing eJPT with OSCP, I know that e-learnsec are hands'on based, but, they are too far from the Offensive Security Courses and Certifications level. I see your point, hands-on vs multiple choices, but, ECSA also is hands-on, but the level compared with OSCP (or OSCE, and so for) is poor.
Anyway, there are a lot of Pentesting / "Hacking" certifications now, specially because when Microsoft or Cisco promotes their Certifications, the situtation is clear, you must know to admin and configure those technologies, but with pentesting the thing is different, there are Offsec, EC Council, E-Learnsec, SANS, Comptia+, EXIN, and many others; so, which cert you must take?. The best answer for that now, on 23/03/2018 is sharing this Job Position Req:
"MWR Info Security - London
OSCP & OSCE won’t hurt your chances, CEH might. We have openings for all grades (Junior to Senior) of consultant in our London, Manchester and Basingstoke... "Right now, you can see this Job on: https://www.indeed.co.uk/Ceh-jobs-in-London
Offsec guys were real Hackers in the past and in the present: better known as Milw0rm: https://en.wikipedia.org/wiki/Milw0rm
Only hackers can teach you hacking!
Best regards.

JollyFrogs

So I did the Pentest+ exam last Friday. It wasn't too difficult but the questions can be tricky... one of the questions I only had right because it asked for a single answer (radio buttons) but two were obviously correct so I was confused (If only one was "correct" I would have clicked it and never looked back). Then I re-read the question and found that those were actually both wrong and there was another, much less obvious answer that was correct after I dismissed it originally. So yes, I suggest to read the questions well. My biggest tip is to simply study the acronyms in the exam objectives (imo just looking up what they mean in wikipedia will be sufficient to answer the questions relating to those acronyms). There were a few tricky questions that I agree one wouldn't know without either being a pentester or having completed the OSCP but they were far and few between and even then you still have a chance to get them right since it's multiple choice. Most questions are straightforward and some required a crystal ball (aka - the answer CompTIA believes is best). The downside of the beta is that the comments count as part of the exam time, but I still commented on quite a few of the questions, whether they were bad questions, ambiguous or good questions. I'm not too worried about passing or failing but if I had to guess I'd say I might score around 80-85%. I'll know in 6 months

Good luck to whoever is going for this one - it's only 50 bucks and it's entirely doable, especially if you already completed OSCP or did some vulnhubs.

yoba222

JollyFrogs wrote: »

. . . My biggest tip is to simply study the acronyms in the exam objectives (imo just looking up what they mean in wikipedia will be sufficient to answer the questions relating to those acronyms). . .

I didn't even think about this. Thanks!

JollyFrogs

False alarm - I got an email from Comptia saying I passed, I thought it was the Pentest+ exam from a few weeks ago. But it turns out it was an email for an exam I passed in August 2016 (CySA+)

shochan

wow, they are kicking out results much faster than I have ever seen...coolio

meni0n

Did you have a CySA+? I got one too but it was just because they were issuing the new CySA+ certificate. The Beta is done on the 25th. They don't even know what questions to take out in order to come out with a score.

JollyFrogs

Oh that's interesting - yes I passed the CySA+ Beta exam in 2016. The email didn't specify WHICH exam I passed but since I've only done one (this Pentest+ beta exam) since 2016 I assumed it was the Pentest+ exam results.... you think the congratulations email I received was from a beta exam in 2016? How confusing, especially since they don't mention which exam you passed in the email, they just say "Congratulations! You have successfully passed your CompTIA certification exam". They say it will take 5 days for the website to update, so I'll know in 5 days whether this email was about Pentest+ or about my 2016 exam

yoba222

Yeah compare the pdfs for the CSA+ you had downloaded back in 2016-17 (if you did) to the one you can download now. My bet is it now says CySA+. I've got two certs printouts, identical dates, but one without the "y" in the middle.

meni0n

Yea mine also didn't specify which exam I passed when I got the email yesterday. It's just the way that they reissue the certificate I guess.

JollyFrogs

Ok - the official results did came in today via email: I passed

jamsub

I cut a 711 out of 750. I was barely studying for it as I have other things to work through so I actually feel okay about my score. Me and BurpSuite need to spend some time together before the next go around.