Ethical Hacking Dual Certification Boot Camp (CEH and PenTest+)

Discover vulnerabilities before cybercriminals do! Our most popular information security and hacking training goes in-depth into the techniques used by malicious, black-hat hackers with attention-getting lectures and hands-on labs.

★★★★★

4.7

(8,755 ratings)

Earn your CEH and PenTest+, guaranteed!

Five days of live, expert ethical hacking instruction
Exam Pass Guarantee
Exam voucher
Unlimited practice exam attempts
100% Satisfaction Guarantee
Free annual Infosec Skills subscription ($599 value!)
1-year access to all boot camp video replays and materials
Onsite proctoring of exam
Knowledge Transfer Guarantee

Authorized training partner

Infosec is an authorized training partner of EC-Council and CompTIA, and we’ve won awards from both organizations for our boot camps. The EC-Council Certified Ethical Hacker (CEH) and CompTIA PenTest+ are two of the most in-demand hacking certifications. Infosec instructors found around 80% of the material overlaps and students get the best value by training for both certifications at the same time.

View full course schedule

Training overview

This boot camp teaches you how to use the tools and techniques used by cybercriminals to perform a white-hat, ethical hack on your organization. You’ll learn ethical hacking methodologies and gain hands-on hacking experience in our cloud-hosted cyber range, including reconnaissance, gaining access to systems, exploiting vulnerabilities and exfiltrating data.

You’ll leave with the ability to quantitatively assess and measure threats to information assets — and discover where your organization is most vulnerable to hacking. This boot camp also prepares you to earn two in-demand certifications: EC-Council Certified Ethical Hacker (CEH) and CompTIA PenTest+.

Learn by doing in the cyber range

Hundreds of exercises in over 20 separate hands-on labs bring you up to speed with the latest threats to which your organization is most vulnerable. Practice penetration testing in our virtualized environment that simulates a full range of servers and services used in a real company. Learn how to compromise web servers, virtual machines, databases, routers and firewalls, and then put it all together in an unscripted evening Capture the Flag (CTF) exercise.

CTF exercises are an opportunity for you to practice your hacking skills in a real-world environment. Infosec sets up a mock company that you can freely attack without having to worry about damaging production systems. The purpose of the CTF exercises is to ensure you understand how to apply the skills you learned during the day to a real-world, ethical hacking scenario.

Who should attend

Penetration and vulnerability testers
Cybersecurity analysts
Cybersecurity consultants
Offensive security professionals
Anyone with a desire to learn about ethical hacking
and develop their penetration testing skills

Prerequsites

Firm understanding of the Windows Operating System
Exposure to the Linux Operating System or other Unix-based operating system
Grasp of the TCP/IP protocols

Meets 8570.1 requirements

Attention DoD Information Assurance workers! This boot camp helps meet U.S. Department of Defense Directive 8570.1 requirements for department employees or contractors engaged in work related to information security. The directive specifies Certified Ethical Hacker (CEH) as an approved baseline certification for CCSP Analyst, CSSP Infrastructure Support, CSSP Incident Responder and CSSP Auditor.

It also lists PenTest+ as approved for three 8570.1 job categories: Cybersecurity service provider (CSSP) analyst, CSSP incident responder and CSSP auditor.

Everything you need to earn your CEH and PenTest+

Five days of live, expert ethical hacking instruction
Exam Pass Guarantee
Exam voucher
Unlimited practice exam attempts
100% Satisfaction Guarantee
Free annual Infosec Skills subscription ($599 value!)
1-year access to all boot camp video replays and materials
Onsite proctoring of exam
Knowledge Transfer Guarantee

View Pricing

Exam Pass Guarantee

We guarantee you’ll pass your exam on the first attempt. Learn more.

Ethical Hacking training schedule

Infosec’s Ethical Hacking training is more than just a boot camp. We support you before, during and after your live training to ensure you’re fully prepared for your exam — and get certified on your first attempt.

Before your boot camp
- Start learning now. You’ll get immediate access to all the content in Infosec Skills, including an in-depth ethical hacking prep course, the moment you enroll. Prepare for your live boot camp, uncover your knowledge gaps and maximize your training experience.
During your boot camp
- Day 1
  The first half of day one focuses on learning the job duties required of a penetration tester. You will learn the ins and outs of the various penetration testing methodologies required in order for an ethical hack to be used in a business or government setting. You will also delve deep into technical material, learning how to perform network reconnaissance against modern infrastructure.
  
  Lectures include:
  
  Security testing methodologies
  
  The ethical hacking profession
  
  Planning and scoping an engagement
  
  Legal and compliance considerations
  
  Ethical hacking methodologies
  
  Tools of the trade
  
  Linux overview
  
  Passive intelligence gathering
  
  Abusing DNS
  
  Abusing SNMP
  
  Security testing methodologies
  
  Some of the instructor-led hands-on lab exercises:
  
  Linux fundamentals
  
  Passive intelligence gathering
  
  Understanding the Domain Naming System
  
  Enumerating DNS entries to develop a focused attack strategy
  
  Attacking the Domain Naming System
  
  Discovering SNMP vulnerabilities and flaws
  
  Enumerating SNMP information
  
  Brute forcing SNMP community strings
  
  Capture the Flag exercises
  
  Day 2
  
  Having learned how to gather information about several targets, we begin day two with narrowing our attack by finding potentially vulnerable systems/services. You will master the art of network scanning and service identification, and gain a deeper understanding of how systems
  communicate using the TCP and UDP protocols
  
  Lectures include:
  
  Understanding TCP packets and structuresPassive network discovery and scanning
  
  TCP scanning
  
  Using differences in RFC implementations to your advantage
  
  Scanning through firewalls
  
  How to prevent the discovery of your reconnaissance activities
  
  Using zombies to mask network scanning
  
  Avoiding IDS/IPS detection
  
  Proper identification of services
  
  Vulnerability identification
  
  Some of the hands-on lab exercises include:
  
  Packet analysis
  
  Obtaining authentication credentials via packet capture
  
  Network scanning
  
  Target scanning of potentially vulnerable targets
  
  Remaining undetected while performing a network scan
  
  Enumerating services and identifying vulnerabilities
  
  Capture the Flag exercises
  
  Day 3
  
  After gathering information about your target system, you will put all that hard work to use when you learn how to exploit those vulnerabilities. You will learn the skills to demonstrate a successful exploit of a vulnerability as well as how to gather additional credentials to exploit vulnerabilities in other systems. You will also learn useful social engineering techniques, including phishing, and methods of attacking physical security.
  
  Lectures include:
  
  Vulnerability life cycles
  
  Types of vulnerabilities
  
  Flaws in encryption
  
  Configuration errors
  
  Buffer overflows
  
  Stack overflows
  
  Vulnerability mapping
  
  Exploit utilization and delivery methods
  
  Client side exploits
  
  Server side exploits
  
  Password security
  
  Social engineering techniques
  
  Attacking physical controls
  
  Hashing
  
  Rainbow tables
  
  Attacking Windows password security
  
  Weaknesses in Windows authentication protocols
  
  Rainbow tables
  
  Some of the hands-on lab exercises include:
  
  Gaining unauthorized access to systems
  
  Use of various payloads to increase privileges
  
  Keystroke logging
  
  DLL injection attack
  
  Exploit server side applications
  
  Gather password hashes
  
  Exploit weaknesses in authentication protocols
  
  Capture the Flag exercises
  
  Day 4
  
  After compromising a target, you will extend your access to all vulnerable systems at your target organization and learn how to covertly exfiltrate data. The second half of day four covers attacking web-based applications and understanding SQL injection.
  
  Lectures include:
  
  Use of Trojans
  
  Redirecting ports to thwart firewall rules
  
  Avoiding anti-virus detection
  
  Lateral movement and persistence
  
  Use of keyloggers
  
  IDS operations and avoidance
  
  Encrypting your communications
  
  Protocol abuse for covert communications
  
  Creating custom encryption tunneling applications
  
  E-shoplifting
  
  XSS attacks
  
  Cross site forgery
  
  Circumventing authentication
  
  SQL injection discovery and exploitation
  
  SQL data extraction
  
  Some of the hands-on lab exercises include:
  
  Use of Trojans
  
  IDS usage and avoidance
  
  Data transmission encryption techniques
  
  Creating a custom covert channel
  
  Web application parameter tampering
  
  Cross site scripting attacks
  
  SQL injection
  
  Chaining exploits
  
  Exploiting extended stored procedures
  
  Capture the Flag exercises
  
  Day 5
  Day five is dedicated toward wireless security, using basic scripts for ethical hacking, covering your tracks and post-engagement activities. You will master the ability to sniff data, clean up all traces of your activities and learn best practices for writing reports and recommending mitigation strategies.
  
  Lectures include:
  
  Sniffing in different environments
  
  Attack sniffers
  
  Man-in-the-middle attacks
  
  Wireless networking
  
  Shared key authentication weaknesses
  
  WEP/WPA/WPA2 cracking
  
  Anti-forensics
  
  Log modification/deletion
  
  Rootkits
  
  Introduction to scripting
  
  Common script components
  
  Writing effective reports
  
  Providing mitigation recommendations
  
  CEH exam review
  
  PenTest+ exam review
  
  Some of the hands-on lab exercises include:
  
  ARP spoofing and man in the middle
  
  Specialized sniffing
  
  DNS spoofing
  
  Phishing attacks
  
  The day finishes with the CEH examination given on-site at the training location or online from home. You will receive an exam voucher to take the PenTest+ exam.
After your boot camp
- Your boot camp includes a 1-year subscription to Infosec Skills, so you can take additional time to prepare for your exam, get a head start on your next certification goal or start earning CPEs.

Free Ethical Hacking training resources

What’s new in ethical hacking: Latest careers, skills and certifications

Want to be an ethical hacker? Find out everything you need to know in this webinar featuring Infosec instructor Keatron Evans.

Watch now

How to become a penetration tester

It’s been a while since we’ve talked penetration testing and offense-oriented network security on the show, and I know some of you have been asking for it, so today’s your lucky day!

On the show we have Dr. Wesley McGrew, the director of Cyber Operations for HORNE Cyber. We’re going to talk about going on the offense as a good defense, the current state of pentesting and the raw work of reverse engineering malicious software and vulnerability testing. If you’re looking for the type of job that gets you out on the cybersecurity battlefield and fighting the bad guys, you’re going to want to give this episode your undivided attention!

Wesley McGrew is the author of penetration testing and forensic tools used by many practitioners. He is a frequent presenter at DEF CON and Black Hat USA. At the National Forensics Training Center, he provided digital forensics training to law enforcement and wounded veterans. As an adjunct professor he designed a course he teaches on reverse engineering to students at Mississippi State University, using real-world, high-profile malware samples. This effort was undertaken as part of earning National Security Agency CAE Cyber Ops certification for the university. He has presented his work on critical infrastructure security to the DHS joint working group on industrial control systems. Wesley earned his Ph.D. in computer science at Mississippi State University for his research in vulnerability analysis of SCADA HMI systems used in national critical infrastructure. He served as a research professor in MSU’s Department of Computer Science & Engineering and Distributed Analytics and Security Institute.

Listen Now

PenTest+: Everything you need to know about CompTIA’s new certification

CompTIA’s new PenTest+ certification validates your knowledge around identifying, exploiting, reporting and managing vulnerabilities.