My CPENT Journey - Part two “The Course Contents”
The E-book runs in the Bookshelf E-book reader and although you do need a license key for each EC-Council course you have, it is a lot more flexible than the previous DRM protected books. There is a wealth of information in the book beyond what you find in the accompanying video course. You can check out the complete course outline at ECCs website. Pentesting methodologies, scoping & reporting are some of the more important elements of penetration testing and the included templates have helped me in scoping and preparing real pentest reports.
The three basic phases of a test are well covered. Pre-testing reconnaissance, testing and post testing but it is the testing phase that has a broader playing field. Sure, networks are covered well and deeply, web servers and web applications are just as comprehensive, but it is the IoT, Operational Technology, Scada and Binary Analysis that make this course interesting. I was impressed with the appendix which is more of an additional course in itself. Fuzzing, mastering Metasploit, PowerShell and Bash scripting with considerations towards Python, Perl and Ruby coding for exploitation. Lastly, a deep dive into Active Directory exploitation of the golden and silver tickets. This AD part was helpful because in the exam there is an entire section on Active Directory exploitation.
Next up… The labs