Description
Duration: 5 days
The EC-Council Certified Penetration Tester (CPENT) is a 5-day course covering penetration testing methods and techniques across a broad set of environments, including networks, web applications, IoT, OT/SCADA, and cloud platforms. Topics include advanced areas such as binary exploitation, privilege escalation, defense evasion, and professional report writing. Graduates of this course are prepared to sit for the EC-Council CPENT certification exam.
Target Audience
- Ethical Hackers
- Penetration Testers
- Network Server Administrators
- Firewall Administrators
- Security Testers
- System Administrators and Risk Assessment Professionals
Prerequisites
What’s included?
- Authorized Courseware
- Intensive Hands on Skills Development with an Experienced Subject Matter Expert
- Hands on practice on real Servers and extended lab support 1.800.482.3172
- Examination Vouchers & Onsite Certification Testing – (excluding Adobe and PMP Boot Camps)
- Academy Code of Honor: Test Pass Guarantee
- Optional: Package for Hotel Accommodations, Lunch and Transportation
With several convenient training delivery methods offered, The Code Academy makes getting the training you need easy. Whether you prefer to learn in a classroom or an online live learning virtual environment, training videos hosted online, and private group classes hosted at your site. We offer expert instruction to individuals, government agencies, non-profits, and corporations. Our live classes, on-sites, and online training videos all feature certified instructors who teach a detailed curriculum and share their expertise and insights with trainees. No matter how you prefer to receive the training, you can count on The Code Academy for an engaging and effective learning experience.
Methods
- Instructor Led (the best training format we offer)
- Live Online Classroom – Online Instructor Led
- Self-Paced Video
Speak to an Admissions Representative for complete details
| Start | Finish | Public Price | Public Enroll | Private Price | Private Enroll |
|---|---|---|---|---|---|
| 5/25/2026 | 5/29/2026 | ||||
| 6/15/2026 | 6/19/2026 | ||||
| 7/6/2026 | 7/10/2026 | ||||
| 7/27/2026 | 7/31/2026 | ||||
| 8/17/2026 | 8/21/2026 | ||||
| 9/7/2026 | 9/11/2026 | ||||
| 9/28/2026 | 10/2/2026 | ||||
| 10/19/2026 | 10/23/2026 | ||||
| 11/9/2026 | 11/13/2026 | ||||
| 11/30/2026 | 12/4/2026 | ||||
| 12/21/2026 | 12/25/2026 | ||||
| 1/11/2027 | 1/15/2027 | ||||
| 2/1/2027 | 2/5/2027 | ||||
| 2/22/2027 | 2/26/2027 | ||||
| 3/15/2027 | 3/19/2027 | ||||
| 4/5/2027 | 4/9/2027 | ||||
| 4/26/2027 | 4/30/2027 |
Learning Objectives
- Conduct penetration tests against IoT systems
- Develop advanced binary exploits
- Evade defensive controls and weaponize exploits
- Perform penetration testing on Operational Technology (OT) environments
- Navigate target networks using pivoting and double pivoting techniques
- Execute advanced attacks against Windows environments
- Adapt and weaponize exploits for use in engagements
- Perform privilege escalation on compromised systems
- Automate attack tasks using custom scripts
- Produce professional-quality penetration testing reports
- Bypass filtered or restricted networks
- Apply techniques to evade detection and defensive mechanisms
- Reach hidden network segments through pivoting
Course Outline
Module 1: Penetration Testing Fundamentals
Introduces foundational penetration testing concepts, the LPT methodology, and established guidelines for planning and conducting penetration tests.
Module 2: Scoping and Engagement Planning
Addresses the RFP process, defining engagement requirements, establishing rules of engagement, setting up communication protocols, scheduling, identifying support personnel, handling legal considerations, pre-test preparation, and managing scope creep throughout an engagement.
Module 3: Open Source Intelligence (OSINT)
Examines OSINT collection via the web, website reconnaissance, DNS interrogation, and the use of tools, frameworks, and scripts to automate information gathering.
Module 4: Social Engineering Penetration Testing
Covers social engineering concepts and attack techniques delivered through email, phone, and physical vectors, as well as guidance on reporting findings and recommending countermeasures.
Module 5: External Network Penetration Testing
Covers port scanning, OS and service fingerprinting, vulnerability research, and exploit validation as applied to external network penetration testing scenarios.
Module 6: Internal Network Penetration Testing
Covers footprinting, network scanning, OS and service fingerprinting, enumeration, vulnerability assessment, exploitation of Windows and Unix/Linux systems, additional internal attack techniques, automation, post-exploitation activities, and advanced methodology tips.
Module 7: Perimeter Device Penetration Testing
Covers security assessment of perimeter devices including firewalls, intrusion detection systems (IDS), routers, and switches.
Module 8: Web Application Penetration Testing
Covers discovery of default and hidden content, web vulnerability scanning, SQL injection, cross-site scripting (XSS), parameter tampering, weak cryptography, security misconfigurations, client-side attacks, authentication and authorization flaws, session management weaknesses, web services security, business logic vulnerabilities, web server flaws, thick client vulnerabilities, and WordPress-specific testing.
Module 9: Wireless Penetration Testing
Covers penetration testing of wireless LAN (WLAN) environments, RFID systems, and NFC technologies.
Module 10: IoT Penetration Testing
Covers common IoT attack types and threats, along with structured methodologies for testing IoT devices and ecosystems.
Module 11: OT/SCADA Penetration Testing
Covers foundational OT/SCADA concepts, the Modbus protocol, and penetration testing approaches for industrial control systems (ICS) and SCADA environments.
Module 12: Cloud Penetration Testing
Covers general methodology for cloud penetration testing and platform-specific techniques for AWS, Microsoft Azure, and Google Cloud Platform.
Module 13: Binary Analysis and Exploitation
Covers binary coding fundamentals and a structured methodology for analyzing binaries to identify and exploit vulnerabilities at the binary level.
Module 14: Report Writing and Post-Engagement Actions
Covers penetration testing report formats, the stages of report development, report components, analysis of findings, report delivery, and recommended post-engagement steps for client organizations.
