Pentesting

How to Pentest

There are a ton of resources for learning. My favorite is TryHackMe, which is a cyberrange that plenty of rooms that will walk you through the entire process of an exercise and has more that will challenge you to do it on your own.

For a more complete list of resources, take a look at the one on my GitHub: adamkadaban/CTFs

If you want to get serious about pentesting, I think the Practical Ethical Hacking Course by Heath Adams is amazing. You can pay for the course on the TCM security website or can get slightly older versions for free on YouTube, and sometimes on Udemy. This course aligns with a certification called the PNPT that, in my opinion, is much better than the OSCP while being much cheaper.

How to Practice for CPTC

Of course, cyberranges like HackTheBox, TryHackMe, and VulnLab are great for general practice and will build on your skills well.

However, if you and your team want more CPTC-specific practice, the CPTC VM images are available online: http://cptc.rit.edu

As of 2023, CPTC has included Cloud with AWS or Azure/Entra in its environment. Cloudfoxable, CloudGoat, AWSGoat, AzureGoat, and GCPGoat are fantastic resources for practicing here.

howtowincptc

Pentesting

How to Pentest

How to Practice for CPTC