Pentest 2
Pentest 2
Disclaimer
This activity sheet is based on the learning objectives outlined by the CompTIA
PenTest+ certification. It is intended for educational purposes only and should be used
in a controlled environment under proper authorization. Unauthorized use of penetration
testing tools and techniques is illegal and unethical. Always adhere to your
organization’s policies and relevant legal frameworks.
Activity Objectives
By the end of this activity, participants will:
1. Be familiar with various scanning techniques, their purpose, and appropriate
tools.
2. Analyze reconnaissance results and explain the implications for penetration
testing.
3. Understand the use of post-exploitation techniques and wireless attack methods.
4. Identify and evaluate network traffic patterns and vulnerabilities.
Group Setup
Number of participants: 6
Time allocation: 1 hour
Materials needed: Pen and paper or digital devices for note-taking.
Scenario-Based Activities
Part 1: Vulnerability Scanning and Reconnaissance (15 minutes)
Scenario:
You are part of a penetration testing team hired to assess a medium-sized e-commerce
company’s network. The initial discovery scan reveals open ports and potential web
application vulnerabilities.
Tasks:
1. Scan Comparison: Compare the results of a discovery scan with a port scan.
Identify discrepancies and explain why these differences might occur.
2. Stealth Mode: Discuss the potential benefits and risks of performing a stealth
scan in this scenario.
3. Web Server Scan: Identify what information you might uncover when scanning
the company’s web server and its APIs. Why is examining API requests
significant?
Discussion Guidelines
1. Assign a team leader to moderate the discussion for each scenario.
2. Divide into pairs or small groups for each part and rotate through scenarios.
3. Reconvene as a larger group to present findings and insights.
Wrap-Up
Each group presents their solutions and justifications to the larger team.
Reflect on the tools and techniques discussed.
Highlight key takeaways and their real-world applications.