Why this guide
- Built from the CompTIA PenTest+ PT0-002 exam objectives — 5 weighted domains, no filler
- Tools cheat sheet — Nmap, Burp, Metasploit, Wireshark, SQLmap, and when each is the right tool
- Reporting template — executive summary, technical findings, risk score, and remediation roadmap
- Designed for printing — full guide, two 1-page cheat sheets, and a 1-page pocket card
Who this is for
- Junior penetration testers building a repeatable, reportable testing workflow
- Security analysts expanding from vulnerability scanning into offensive security
- Red-team aspirants who need a vendor-neutral pentest methodology
- Vulnerability assessment engineers validating findings and writing remediation guidance
- Compliance auditors who must understand offensive testing within rules of engagement
What you'll learn
- Domain 1 — Planning and Scoping (15%): Rules of engagement, scoping, legal/contracts, compliance considerations, risk management, engagement documentation
- Domain 2 — Information Gathering and Vulnerability Scanning (22%): Reconnaissance, OSINT, scanning, enumeration, vulnerability scanning, valid findings, false positives/negatives
- Domain 3 — Attacks and Exploits (30%): Social engineering, network attacks, wireless attacks, application attacks, cloud attacks, post-exploitation, lateral movement
- Domain 4 — Reporting and Communication (18%): Analysis, scoring, business impact, remediation recommendations, reporting structure, lessons learned
- Domain 5 — Tools and Code Analysis (15%): Nmap, Nikto, Burp Suite, Wireshark, Metasploit, SQLmap, PowerShell, Python, Bash, code review basics
- Core attack categories: web app (SQLi, XSS, CSRF, LFI/RFI), network (MitM, password attacks), wireless (evil twin, WPA cracking), social engineering
- Compliance and risk context: CVSS scoring, risk ratings, responsible disclosure, scoping boundaries
What you're getting
- 6 printable PDFs: cover, course notice, full study guide, two condensed cheat sheets, and an exam-day pocket card.
- Content built from the public syllabus and real test-taker accounts.
- No fake "actual exam" content — honest, source-cited study aids.
"Attacks and Exploits is 30% of the exam. Know the OWASP Top 10 and common network attacks."
— paraphrased from public test-taker accounts
