EC-Council Certified Penetration Tester (CPENT)

$3,495.00 USD

5 Days


Delivery Methods
Virtual Instructor Led
Private Group

Course Overview

EC-Council’s Certified Penetration Tester (CPENT) program teaches you how to perform an effective penetration test in an enterprise network environment that must be attacked, exploited, evaded, and defended. If you have only been working in flat networks, CPENT’s live practice range will teach you to take your skills to the next level by teaching you how to pen test IoT systems, OT systems, how to write your own exploits, build your own tools, conduct advanced binaries exploitation, double pivot to access hidden networks, and also customize scripts/exploits to get into the innermost segments of the network.

Course Objectives

During this course you will learn about these topics:
  • Attack IoT Systems
  • Writing Advanced Binary Exploits
  • Evade Defense Mechanisms & Weaponize Exploits
  • Pentest Operational Technology (OT)
  • Accessing through Pivoting & Double Pivoting
  • Advanced Windows Attack
  • Weaponize Your Exploits
  • Privilege Escalation
  • Attack Automation with Scripts
  • Write Professional Reports
  • Bypassing a Filtered Network
  • Evading Defense Mechanisms
  • Access Hidden Networks With Pivoting
  • Who Should Attend?

  • Ethical Hackers
  • Penetration Testers
  • Network server administrators
  • Firewall Administrators
  • Security Testers
  • System Administrators and Risk Assessment professionals
    • Top-rated instructors: Our crew of subject matter experts have an average instructor rating of 4.8 out of 5 across thousands of reviews.
    • Authorized content: We maintain more than 35 Authorized Training Partnerships with the top players in tech, ensuring your course materials contain the most relevant and up-to date information.
    • Interactive classroom participation: Our virtual training includes live lectures, demonstrations and virtual labs that allow you to participate in discussions with your instructor and fellow classmates to get real-time feedback.
    • Post Class Resources: Review your class content, catch up on any material you may have missed or perfect your new skills with access to resources after your course is complete.
    • Private Group Training: Let our world-class instructors deliver exclusive training courses just for your employees. Our private group training is designed to promote your team’s shared growth and skill development.
    • Tailored Training Solutions: Our subject matter experts can customize the class to specifically address the unique goals of your team.

    Course Prerequisites

    We recommend that attendees of this course have taken the following courses or equivalent knowledge:
  • EC-Council Certified Ethical Hacker (CEH)
  • EC-Council Certified Network Defender (CND)
  • Agenda

    1 - Introduction to Penetration Testing

    • Penetration Testing Concepts
    • LPT Penetration Testing Methodology
    • Guidelines and Recommendations for Penetration Testing

    2 - Penetration Testing Scoping and Engagement

    • Request for Proposal
    • Preparing Response Requirements for Proposal Submission
    • Setting the Rules of Engagement
    • Establishing Communication Lines
    • Timeline
    • Time/Location
    • Frequency of meetings
    • Time of Day
    • Identifying Personnel for Assistance
    • Handling Legal Issues in Penetration Testing Engagement
    • Preparing for the Test
    • Handling Scope Creeping During Pen Testing

    3 - Open Source Intelligence (OSINT)

    • OSINT through the WWW
    • OSINT through Website Analysis
    • OSINT through DNS Interrogation
    • Automating the OSINT Process using Tools/Frameworks/Scripts

    4 - Social Engineering Penetration Testing

    • Social Engineering Penetration Testing Concepts
    • Social Engineering Penetration Testing Using E-mail Attack Vector
    • Social Engineering Penetration Testing Using Telephone Attack Vector
    • Social Engineering Penetration Testing Using Physical Attack Vector
    • Reporting and Countermeasures/Recommendations

    5 - Network Penetration Testing – External

    • Port Scanning
    • OS and Service Fingerprinting
    • Vulnerability Research
    • Exploit Verification

    6 - Network Penetration Testing– Internal

    • Footprinting
    • Network Scanning
    • OS and Service Fingerprinting
    • Enumeration
    • Vulnerability Assessment
    • Windows Exploitation
    • Unix/Linux Exploitation
    • Other Internal Network Exploitation Techniques
    • Automating Internal Network Penetration Test Effort
    • Post Exploitation
    • Advanced Tips and Techniques

    7 - Network Penetration Testing – Perimeter Devices

    • Assessing Firewall Security Implementation
    • Assessing IDS Security Implementation
    • Assessing Security of Routers
    • Assessing Security of Switches

    8 - Web Application Penetration Testing

    • Discover Web Application Default Content
    • Discover Web Application Hidden Content
    • Conduct Web Vulnerability Scanning
    • Test for SQL Injection Vulnerabilities
    • Test for XSS Vulnerabilities
    • Test for Parameter Tampering
    • Test for Weak Cryptography Vulnerabilities
    • Tests for Security Misconfiguration Vulnerabilities
    • Test for Client-Side Attack
    • Tests for Broken Authentication and Authorization Vulnerabilities
    • Tests for Broken Session Management Vulnerabilities
    • Test for Web Services Security
    • Test for Business Logic Flaws
    • Test for Web Server Vulnerabilities
    • Test for Thick Clients Vulnerabilities
    • Wordpress Testing

    9 - Wireless Penetration Testing

    • Wireless Local Area Network (WLAN) Penetration Testing
    • RFID Penetration Testing
    • NFC Penetration Testing

    10 - IoT Penetration Testing

    • IoT Attacks and Threats
    • IoT Penetration Testing

    11 - OT/SCADA Penetration Testing

    • OT/SCADA Concepts
    • Modbus
    • ICS and SCADA Pen Testing

    12 - Cloud Penetration Testing

    • Cloud Penetration Testing
    • AWS Specific Penetration Testing
    • Azure Specific Penetration Testing
    • Google Cloud Platform Specific Penetration Testing

    13 - Binary Analysis and Exploitation

    • Binary Coding Concepts
    • Binary Analysis Methodology

    14 - Report Writing and Post Testing Actions

    • Penetration Testing Report: An Overview
    • Phases of Report Development
    • Report Components
    • Penetration Testing Report Analysis
    • Penetration Testing Report Delivery
    • Post-Testing Actions for Organizations

    Get in touch to schedule training for your team
    We can enroll multiple students in an upcoming class or schedule a dedicated private training event designed to meet your organization’s needs.


    Do You Have Additional Questions? Please Contact Us Below.

    contact us contact us 
    Contact Us about Starting Your Business Training Strategy with New Horizons