• Security professionals, penetration testers, ethical hackers, or vulnerability analysts
• IT or cybersecurity practitioners aiming to validate offensive security skills
• Those seeking a vendor-neutral credential in penetration testing
• Participants preparing to take the CompTIA PenTest+ exam

• 3–4 years of hands-on experience in information security, vulnerability assessment, or related roles
• Strong understanding of networking, systems (Windows, Linux), and security fundamentals
• Familiarity with basic scripting or programming (e.g. Python, Bash)
• Experience with or exposure to security tools and methodologies (scanning, enumeration, exploitation)

• Plan, scope, and manage a penetration testing engagement in compliance with ethical and legal constraints
• Conduct passive and active reconnaissance to gather intelligence on target environments
• Execute vulnerability scans, analyze results, and enumerate systems and services
• Perform exploitation, lateral movement, and post-exploit tasks across different platforms (network, host, app, cloud)
• Use and adapt appropriate tools and scripts to support penetration testing workflows
• Interpret and consolidate findings into professional reports with remediation recommendations
• Communicate effectively with both technical teams and management-level stakeholders
• Demonstrate an ethical hacking mindset and maintain integrity throughout engagements
• Be fully prepared to sit for and pass the CompTIA PenTest+ certification exam
  

• Define scope, rules of engagement, contracts, NDAs
• Identify in-scope assets, exclusion zones, environment constraints
• Ensure legal, compliance, and ethical considerations
• Plan resource allocation, timelines, escalation paths
• Collaboration and stakeholder communication

• Passive reconnaissance (OSINT, metadata, public sources)
• Active reconnaissance (network scans, enumeration)
• Vulnerability scanning & analysis
• Analyze output results, fingerprinting, host enumeration
• Tool selection and strategy for scanning

• Exploit techniques across network, systems, applications
• Lateral movement, privilege escalation, pivoting
• Exploiting cloud, web, wireless, APIs
• Post-exploitation tasks (maintaining access, cleanup)
• Attack planning in hybrid environments

• Analyze and interpret findings
• Structure and compose professional pen test reports
• Prioritize remediation, risk levels, business impact
• Communicate to technical and non-technical stakeholders
• Executive summaries, mitigation strategies

• Tool selection and use across pen test phases (e.g., Nmap, Metasploit, Burp, etc.)
• Basic scripting logic: loops, conditionals, arrays
• Read, analyze or modify small code snippets or automation scripts
• Use tools in code scanning, payloads, exploits
• Integrate tools into workflow effectively