1. Operates using ethical hacking standards during all risk assessment operations
2. Defines the scope Of testing, statement of work, and rules Of engagement and understands the risks associated with the testing
3. Identifies the designated points of contact within the organization being penetrated, along with the mode of contact
4. Establishes timeline for testing phases and tasks
5. Obtains written permission from the organization to perform testing
6. Collects stakeholder data to evaluate risk and mitigation strategies
7. Collaborates with internal and external partner organizations on target access and operational issues
8. Develops testing methodologies, such as wireless, data networks, application, and telecommunication security tests

1. Gathers information about known threats to the organization and industry to identify current vulnerabilities
2. Conducts passive reconnaissance within the scope of work by searching publicly available information, including Domain Name System (DNS) records, websites, social media, tax, and other publicly available information
3. Conducts active reconnaissance within the scope of work, including working with the network, operating system, user accounts, mail servers, Cloud footprints, and web domains

1. Analyzes physical and logical digital technologies to identify potential avenues of access
2. Runs discovery scans Of the network to identify connected systems
3. Performs vulnerability scans Of discovered assets to determine system weaknesses
4. Conducts network and security system assessments using reconnaissance and tools
5. Tests the security Of the network by using social engineering strategies
6. Prioritizes identified avenues of attack based on their value and potential impact

1. Evaluates vulnerability assessments of local computing environments, networks, infrastructures, or segmentation boundaries using either automated or manual processes
2. Identify security system weaknesses to be exploited and evaluate the associated risks from vulnerabilities using the National Vulnerability Database (NVD)
3. Demonstrates understanding of tools and setting/safety protocols before running production testing, including third-party systems
4. Identifies the existence of vulnerabilities using tools and manual techniques
5. Identifies environmental and mitigating factors that may influence the severity of vulnerabilities
6. Researches exploits to determine risk and relay to the client before performing exploitation attempts

1. Conducts network and security system assessment using ethical specialized tools
2. Develops and executes infiltration tests that simulate the techniques of known cyber threat actors to exploit device vulnerabilities
3. Tests the security of systems by attempting to gain access to networks, web-based applications, or computers
4. Avoids detection during exploitation by using strategies such as living off the land, data exfiltration, covering tracks, steganography, or establishing a covert channel
5. Deploys Command-and-Control (C2) framework for remote control and access of exploited system(s)
6. Attempts various techniques for lateral movement through compromised systems to discover other systems and penetrate deeper into the target environment
7. Handles all sensitive data ethically by proper protocols
8. Documents exploitation attempts, including steps taken to gain access

1. Identifies any systemic root causes of security system weakness using penetration test results
2. Interprets design or operational test results
3. Determines severity Of identified risks using the Common Vulnerability Scoring System (CVSS) and prioritizes vulnerabilities
4. Tests computer system operations to ensure proper functioning and removes any system or network alterations made during exploitation
5. Collaborates with IT team to ensure vulnerabilities are appropriately patched and mitigated
6. Conducts post report delivery activities
7. Demonstrates understanding of post engagement clean-up, client acceptance, follow-up actions, and retests
8. Identifies data remnants and demonstrates an understanding of the data destruction process

1. Writes reports for appropriate audiences (e.g., executives, third-party stakeholders, technical staff, and developers)
2. Develops an executive summary presentation on threat intelligence
3. Prepares operational, analytical, or technical reports or presentations
4. Develops and submits reports documenting and describing the results of security fixes
5. Recommends remediations on security solutions to information technology teams or management
6. Makes recommendations on design or technical features of products or services with technical personnel

1. Stays informed about current industry-specific developments
2. Keeps up with new penetration testing tools and methods
3. Maintains up-to-date skills in hacking trends; demonstrates an understanding of the current threat actors and tactics, techniques, procedures
4. Maintains up-to-date skills in networking and network authentication protocols and systems such as Lightweight Directory Access Protocol (LDAP), Kerberos, New Technology LAN Manager (NTLMv2), Link-Local Multicast Name Resolution (LLMNR), and other active directory services
5. Maintains advanced skills in internal network architecture, boundaries, zone, cloud environments, Internet Of Things (IOT), and zero trust architecture
6. Maintains cloud specific knowledge of accounts/projects, users, Identity and Access Management ('AM), Kubernetes, serverless computer, and storage

Sample learning objectives  Demonstrate the ability to send and receive phone calls, emails, text messages, instant messages, and other forms of electronic communication  Compose emails, formal letters, memorandums, and reports using appropriate format, spelling, capitalization, grammar, and punctuation  Provide detailed instructions verbally and in writing to explain how a particular process is done, how a product is made, or to explain decision logic  Describe effective strategies for engaging in active listening and assessing whether another party understands your message  Work as part of a team to create a report or complete a project  Demonstrate effective strategies for managing conflict and maintaining calmness and composure under stressful conditions

Sample learning objectives § Describe the basic elements of computer systems typically used in homes, offices, small businesses, large companies, manufacturing facilities, academic institutions, and government agencies. § Describe the purpose of computer software and the basic processes used to develop, test, and implement various software packages. § Explain the advantages and disadvantages of open-source software. § Discuss the principles of Cloud computing as well as the advantages and disadvantages of using Cloud-based systems, software, and storage solutions. § Discuss the basic processes used to develop, test, and launch new software and applications. § Compare and contrast computers, tablets, and smartphones. § Explain the strategies used by individuals, organizations, system and network specialists, and software developers to improve data and system security.

Sample learning objectives  List and explain the three principles of cybersecurity.  Explain the types of vulnerabilities that cyber attackers can leverage to penetrate computer systems, steal data, shut down computer-operated equipment or machines, or render computers/computer systems inoperable.  Identify instances of attempted cyberattacks, such as phishing, ransomware, password attack, malware, spyware, disruption of service, man-in-the-middle attack, denial of service attack, structured query language (SQR), injection, zeroday exploit, and Domain Name System (DNS) tunneling.  Explain the strategies used to prevent cyberattacks.  Explain the importance of passwords in reducing cyber threats.  Describe the purpose of the National Institute for Science and Technology (NIST) Cybersecurity Framework and demonstrate the ability to use the framework to manage cybersecurity risk.  Describe the purpose of ISO/IEC 29001 standards for information security controls.

Sample learning objectives  Differentiate between system software, programming software, application software, and embedded software and provide examples of languages and platforms used to create each.  Demonstrates basic application computing and architectural concepts such as layered architecture types vs. Service Oriented Architectures (SOA) and Microservice environments and how they have evolved over time.  Demonstrates understanding of consumer applications vs. enterprise application environments.  Identify software tools used most to develop apps on Windows, Android, iOS, macOS, and Linux platforms and compare and contrast the advantages and disadvantages.  Describe the role of linkers, compilers, code editors, GUI designers, assemblers, debuggers, IDEs, static code analysis, code coverage tools, and performance analysis tools in developing software.  Compare and contrast commonly used software development tools such as application lifecycle management (ALM), Integrated Development Environments (IDE), Source Code Management (SCM), Test Management, Application Performance Monitoring (APM), Test Automation, Static Analysis, and other application development and delivery toolsets.  Explain how software developers ascertain and document client, end user, or other stakeholder specifications or standards that software must meet.  Discuss ways in which data can be migrated to use or update software from existing applications or data sources.  Explain the purpose of relational vs. nonrelational database technologies.  Describe the use of Relational Database Management Systems in creating database objects and tables, and demonstrate the ability to create a basic database in MySQL, SQL Server, MS Access, Oracle, Sybase, Informix, PostgreSQL or other database systems.

Sample learning objectives § Explain the purpose of penetration testing § Discuss the importance of ethics in using penetrating testing methods for authorized purposes § List and describe the key stages of effective penetrating testing, including preengagement and planning, intelligence gathering, vulnerability analysis and exploitation, postexploitation (remediation), and reporting and certification. § Develop a penetrating testing framework for different aspects of testing: discovery, proving reconnaissance, enumeration, and vulnerability assessments. § Define and demonstrate the ability to use an Open-Source Security Testing Methodology Manual. § Explain the purpose of and demonstrate the ability to use the Open Web Application Security Project to identify critical threats. § Explain the purpose of and demonstrate the ability to use NIST penetration testing methodologies. § Demonstrate the ability to follow Penetrating Testing Execution Standards to conduct penetrating testing. § Demonstrate the ability to use the Information System Security Assessment Framework to conduct penetration testing and explain the utility of the Information Systems Security Assessment Framework (ISSAF) in the future, since it is no longer being updated.

Sample learning objectives § List and explain the advantages and disadvantages of using automated or software-driven penetration testing tools. § Perform intelligence gathering on a variety of systems or software products using automated and manual tools to identify potential vulnerabilities or entry points. § Demonstrate the ability to use various testing tools for intelligence gathering (i.e., Recon-Ng, Spiderfoot, Metasploit, Wireshark, etc.). § Demonstrate the ability to enter a system based on the potential vulnerabilities identified during intelligence gathering. § Prepare a complete and accurate vulnerability assessment report to identify the steps, tools used, location, and methods of entry for a particular issue. § Demonstrate the ability to use the CVSS to rank the severity of vulnerabilities. § Rank security concerns based on their ease of exploitation and the damage they can cause § Propose solutions to fix vulnerabilities. § Explain the key components of a penetration test report and strategies for writing effective and informative reports. § Create accurate and thorough penetrating testing reports that can be used by technical and nontechnical personnel (e.g., executives, compliance teams, advertising and marketing personnel, etc.) to improve security and user confidence. § Issue certificates upon completion of a penetrating testing audit.

Sample learning objectives  Describe the uses and functionalities of various programming languages, such as Python, Java, JavaScript, Golang, C#, C++, R, Swift, Kotlin, Ruby, etc.  Describe the use of JavaScript in programming for the Web and demonstrate the ability to write basic code in JavaScript.  Demonstrate the ability to write simple code in one or more languages.  Demonstrate the ability to identify code errors in one or more languages.  Explain the sources of vulnerability associated with different programming languages.  Describe the various strategies a penetration tester would use based on the programming language used to create the software or application being tested.

Sample learning objectives § Explain the fundamentals of Cloud computing and describe the challenges clients may face when transitioning to the Cloud environment. § Differentiate between Amazon Web Services (AWS), Azure, Microsoft 365, and Google Cloud Platform services, explaining the optimal uses and challenges. § Describe the different forms of cloud computing, such as infrastructure as a service (IaaS), platform as a service (PaaS), software as a service (SaaS), and serverless. § Explain the ways in which cloud computing services can be used to support web, app, database, mobile, analytics, networking, blockchain, development, and security services.

<html>(These learning objectives align with the Global Information Assurance Certification—GIAC Penetration Tester Practitioner Certification Exam, <u>https://www.giac.org/certifications/cloudpenetrationtester-gcpn</u>) Sample learning objectives § Demonstrate an understanding of the AWS authentication methods as well as privilege escalation in the AWS environment. § Demonstrate an understanding of Azure Functions capability and code execution in the Azure environment. § Demonstrate an understanding of AWS and Azure Command-line Interface (CLI) structure and application mapping through Application Program Interface (API)s and HTTP requests. § Demonstrate an understanding of examples of cloud-native applications and CI/CD pipelines and finding vulnerabilities in them. § Demonstrate an understanding of the fundamentals of penetration testing applied to cloud applications, including recon, assessment, discovery, and restrictions of cloud environments. § Demonstrate an understanding of the structure and configurations of public cloud infrastructures. § Discover and identify sources of exposure in cloud environments, including exposed ports, services, databases, secrets, and developer tools and repositories. § Explain Microsoft Azure cloud services web identity management and authentication standards and attacks against Azure users and services. § Demonstrate an understanding of username harvesting and password attack methodologies and tools. § Demonstrate understanding of Red Team penetration testing processes, including exploitation and payload development. § Demonstrate an understanding of the process of obfuscation of commands and attack structure through domain fronting and other tools and pivoting using the proxies and other methods. § Demonstrate an understanding of common web application attacks and how they impact cloud-native applications and serverless functions.</html>