Taking the beta of CompTIA’s new Pentest+

Glenn at work

Pre-test: March 11, 2018

Okay: going in to take the beta of CompTIA’s new Pentest+ exam. There are no materials to study yet, so it’s pretty much a crapshoot. In theory it’s harder than the CEH (which I have), so we’ll see.
It was funny to realize as I dug through Reddit looking for info that I’m a “Trifecta Instructor”: A+, Network+, Security+.

Post-test

Oh, am I ever glad I’ve done a lot of coding/scripting, and reviewed my PHP, Python and Ruby before the test. Right off the bat I got a long series of long, detailed scenario and “drag and drop” questions that I let suck up too much time. One involved dragging lines or blocks of code from a random assortment into working locations in a script. Recognizing the language was instantly critical. Another “interactive” section comprised ten questions where I needed to identify one-liner payloads and the right control to block them. Be sure you’re very clear on the different types of SQL injection and XSS.
The multiple-choice questions were, for a relief, pretty normal. Some did make clear to me some of the things I’ve never done: creating a sandbox, and setting up persistence on a target once it’s been compromised.
I know the CEH pretty well (I’m on the review board), and no it is not particularly similar to this test. The CEH concentrates on higher-level tools, like gui exploit tools and specific-function apps. The Pentest+ seems much more focused on knowing low-level tools like nc and nmap, sometimes deeply into the switches and syntax. Definitely spend time working/playing with these so the long, complex multiple choices don’t become a blur.
I got 120 question for my 165 minutes, plus a lengthy pre-test agreement and a fairly quick post-test review, both off the clock. It was a race all the way, especially with the intricately detailed commands to pick in multiple-choice questions. I only finished 105, racing to the end, though since I got so many questions maybe I’ll get some slack for that. 😉
Notably, I did NOT see any policy, risk calculations, subnetting or crypto, and no SOAP or REST. Reading other people’s experiences, though, I’m betting there’s a huge question pool (that will hopefully get trimmed down) and your mileage will likely differ.
Do I think I passed? I practically never think so walking out of a test, but I practically always do pass.
Is it a good alternative to the CEH? I’d say it’s more similar than different. Both certs are really much more focused on defense than offense. It still looks like the OSCP is the big dog of real pen testing, and that’s okay. We all need ladders with more rungs above us.

[ How to Teach Hacker Highschool: Unit 3 ]

Hacker Girl

This is the third unit of my course for teachers, which brings together a lot of material I generated while working as Project Manager for the Hacker Highschool v2 Rewrite Project, 2012-2016. This session offers some hints on conducting classes, and help for you to be a great teacher of hacking. Polish your Google Hacking skills, learn to search more safely, show your students easy ways to start coding and start getting familiar with your eyes and ears on the network: Nmap and Wireshark.

Here’s the video of Unit 3, with the links it mentions below. Tell me what you think in the Comments, and thanks for taking a look.

Powerpoint: http://gnorman.org/HHS/Teacher_Training_Unit_2_GN_017-11-20.pdf

Uncut Lessons: http://gnorman.org/2017/05/16/hacker-highschool-download-uncut-lessons/

School for Hackers: https://schoolforhackers.com for Hacker Night School and Hacking 101

Hacker Highschool (http://www.hackerhighschool.org/) is a free, open curriculum from ISECOM (http://www.isecom.org/). Uncut lessons are available at http://gnorman.org/2017/05/16/hacker-highschool-download-uncut-lessons/.

Google Advanced Search Operators: http://www.googleguide.com/advanced_operators_reference.html

DuckDuckGo Search Engine: http://DuckDuckGo.com

http://www.ikeahackers.net/

https://www.buzzfeed.com/readcommentbackwards/40-creative-food-hacks-that-will-change-the-way-yo-dmjk?utm_term=.ve0pYaR41#.oy7357LoM

https://www.wikihow.com/Hack-an-Xbox-Controller-Into-a-PC-Gamepad

https://www.wikihow.com/Create-a-Fake-and-Harmless-Virus

https://www.wikihow.com/Write-a-Batch-File

https://www.wireshark.org/

https://nmap.org/

–Musical Credits–
Opening and Closing: Loops by Mark D’Angelo, copyright 2017
Cold Funk – Funkorama by Kevin MacLeod is licensed under a Creative Commons Attribution license (https://creativecommons.org/licenses/…)
Source: http://incompetech.com/music/royalty-…
Artist: http://incompetech.com/
Music promoted by Audio Library https://youtu.be/Vhd6Kc4TZls

[ How to Teach Hacker Highschool: Unit 2 ]

Hacker Girl

This is the second unit of my course for teachers, which brings together a lot of material I generated while working as Project Manager for the Hacker Highschool v2 Rewrite Project, 2012-2016. This session discusses some of the issues you may deal with in proposing and setting up a Hacker Highschool class.

So here’s the video of Unit 2, with the links it mentions below. Tell us what you think in the Comments, and thanks for taking a look.

POWERPOINT: http://gnorman.org/HHS/Teacher_Training_Unit_2_GN_017-11-20.pdf

Uncut Lessons: http://gnorman.org/2017/05/16/hacker-highschool-download-uncut-lessons/School for Hackers: https://schoolforhackers.com for Hacker Nightschool and Hacking 101

ISECOM: http://isecom.org

Hacker Highschool: http://hackerhighschool.org

Hacker Highschool (http://www.hackerhighschool.org/) is a free, open curriculum from ISECOM (http://www.isecom.org/). Uncut lessons are available at http://gnorman.org/2017/05/16/hacker-highschool-download-uncut-lessons/.

–Musical Credits–
Cold Funk – Funkorama by Kevin MacLeod is licensed under a Creative Commons Attribution license (https://creativecommons.org/licenses/…)
Source: http://incompetech.com/music/royalty-…
Artist: http://incompetech.com/
Music promoted by Audio Library https://youtu.be/Vhd6Kc4TZls

Online victim resources:
https://www.hackthissite.org

https://www.root-me.org/

http://scanme.nmap.org/

[ How to Teach Hacker Highschool: Unit 1 ]

We’re getting started with this course for teachers, which brings together a lot of material I generated while working as Project Manager for the Hacker Highschool v2 Rewrite Project, 2012-2016. This session discusses some of the issues you may deal with in proposing and setting up a Hacker Highschool class.

So here’s the video of Session 1, with the links it mentions below. Tell us what you think in the Comments, and thanks for taking a look.

POWERPOINT: http://gnorman.org/HHS/Teacher_Training_Unit_1_GN_2017-09-09.pdf

Uncut Lessons: http://gnorman.org/2017/05/16/hacker-highschool-download-uncut-lessons/School for Hackers: https://schoolforhackers.com for Hacker Nightschool and Hacking 101

ISECOM: http://isecom.org

Hacker Highschool: http://hackerhighschool.org

Hacker Highschool (http://www.hackerhighschool.org/) is a free, open curriculum from ISECOM (http://www.isecom.org/). Uncut lessons are available at http://gnorman.org/2017/05/16/hacker-highschool-download-uncut-lessons/.

–Musical Credits–
Cold Funk – Funkorama by Kevin MacLeod is licensed under a Creative Commons Attribution license (https://creativecommons.org/licenses/…)
Source: http://incompetech.com/music/royalty-…
Artist: http://incompetech.com/
Music promoted by Audio Library https://youtu.be/Vhd6Kc4TZls