My CompTIA PenTest+ Journey

Verify my CompTIA PenTest+ certification in this link!

Overview of My PenTest+ Journey Writeup:

  1. The Cost of Taking the CompTIA PenTest+
  2. My Hands-on Hacking Preparation
  3. My Theoretical Hacking Preparation
  4. My CompTIA PenTest+ Exam Experience
  5. Tips and Tricks to Conquer this Beast!

001: The Cost of Taking the CompTIA PenTest+

The CompTIA PenTest+ training with exam will cost you around USD949 or almost PHP48,000 but in my case, I just spend around PHP9,000!
How?
I just paid for the exam which is PHP10,000 but I also got a 10% OFF that’s why it became around PHP9,000 (I’ll tell you also how to get the discount). And yes, I didn’t purchase any training since I studied on my own. Don’t worry, I’ll show you in the next section what I did in my “Self-Paced” PenTest+ training.

002: My Hands-on Hacking Preparation

I created my own curriculum to effectively learn the hands-on part of the Pentest+ exam since I heard a lot from my friends that the exam relied so much in hands-on hacking techniques.
This curriculum will help you learn:
-How hacking techniques work and how to fix them
-How to use the tools that was within the PenTest+ curriculum
-Learn to analyze what is the best strategy to take in every penetration testing situations that you may encounter in real world

  1. If you are a beginner in ethical hacking, then finish the Complete Beginner path in TryHackMe. If you are already within intermediate or advance level of ethical hacking then you can skip this to save time.
    Warning! Make sure that you do the hands-on in each topic and you really understand what happens.

2. Finish the CompTIA PenTest+ learning path in TryHackMe. This is super helpful since this will make you do a lot of hacking techniques that will be covered in the exam objectives. The tools discussed here are also within the scope of the exam objectives.

Here’s the interesting part in finishing this learning path. You will get a certificate of completion and a 10% discount in the CompTIA PenTest+ exam!

3. And for the last one, you must do the Wreath Lab network in TryHackMe because of the following benefits:
-Pivoting, AV Evasion, Command and Control and many more (which is included in the exam objectives) are not tackled in CompTIA PenTest+ learning path and I found these topics in the Wreath Lab.
-Real life experience of hacking computers within the network using what you have learned in CompTIA PenTest+ learning path and the provided learning material in this lab.
-Penetration Testing report is also discussed here that can help you not just in the exam but also in the real world in converting all of those findings into a report, the right way.

The machines within the Wreath Lab network that you will encounter

4. Learn the basics of Bash, PowerShell, Python and Ruby scripting. Make sure you know how to use these to automate your attacks or to create a simple hacking tool like a simple scanner if ever that you hacked a machine and needs to scan the internal network but the machine you just hacked doesn’t have Nmap.

003: My Theoretical Hacking Preparation

Most of the theories that you need are already tackled in the 002, except in the following:
-Scope and Planning Engagements
-Communication Triggers
-Recommending Mitigation Strategies
-Goal Reprioritization
-Social Engineering
-Physical Facility Penetration Testing
-Analyzing Vulnerability Scans
-Key Legal Concepts
-Compliance-Based Assessment

I just read the 500+ pages of Sybex Pentest+ Study Guide book but in order for you to save time, you can just focus on the above topics if you are done already with the 002. Mostly, I just read quickly the other parts except those within our list above that must be focused on.
If you don’t have money to buy the book, you can just Google out those topics and most of the results alone will already help you understand the topic based on my experience.

004: My CompTIA PenTest+ Exam Experience

My exam is online but of course, proctored. The instructions for the online exam is pretty easy to follow so you don’t have to worry before the exam. Here are the following things that you must do:
-Prepare two valid government ID
-Make sure your desk is clean, just your laptop, or mouse/keyboard/webcam.
-Make sure you are alone in your examination room
-The proctor will require you to take a video and picture of your surroundings to make sure that you don’t have notes somewhere. They will also check the surroundings under your desk and the back of your mousepad.

The exam is most likely 2 hours and 45 minutes but I finished mine in just an hour or less. I was so nervous so after answering everything I review all of my answers before I submit it and end the exam.

Reviewing my answers, especially on the hands-on part is the best thing that I did in the exam since I saw a lot of mistakes and realization asking myself why did I answer it like that hahaha

After the review, I submit the exam, write some survey form and then the result, I passed!

005: Tips and Tricks to Conquer the Beast!

  1. If you do the tasks in 002 and you really understand and can perform the techniques in each of the topic then you’re good to go.
  2. Review your answers before you submit and end the exam! This is a must!
  3. Your first goal must be to LEARN. The second one is to PASS. I know some people who passed PenTest+ but still can’t conduct penetration testing mainly because they focused too much in answering multiple choice mock exams and memorization of terminologies instead of really learning the craft, hands-on, in-depth. Doing so will not just help you pass the exam but also help you in real life penetration testing working environment.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Alexis Lingad

Alexis Lingad

75 Followers

CEH | OSWP | eCPPT | eCDFP | eWPT | Author of Cyber Defender | Creator of Hackuna Anti-Hack | WTH Hacker Games Champion 2015&2017 | alexislingad.org