Course: WSQ CompTIA PenTest+ Training Course Code: TGS-2024044563 Register here: https://www.tertiarycourses.com.sg/wsq-comptia-pentest-exam-prep.html
These are the official hands-on lab exercises for the WSQ CompTIA PenTest+ Training course delivered by Tertiary Infotech Academy Pte Ltd.
A complete set of 37 step-by-step labs aligned to the CompTIA PenTest+ PT0-003 exam objectives (Version 3.0). The labs are designed to run on Kali Linux — use any of:
- Kali Linux Killercoda playground (free, browser-based): https://killercoda.com/cmnatic/scenario/kali-linux
- Kali Linux VM in VirtualBox / VMware: https://www.kali.org/get-kali/
- Kali in WSL2 on Windows:
wsl --install -d kali-linux - Kali Docker image:
docker run -it kalilinux/kali-rolling
A handful of labs use vulnerable targets (DVWA, OWASP Juice Shop, Metasploitable3) that are launched as Docker containers inside the same Kali host.
Legal notice. All offensive techniques in these labs must only be executed against systems you own or have written authorization to test. Unauthorised access to a computer system is a criminal offence under the Singapore Computer Misuse Act and equivalents in most jurisdictions.
- Spin up a Kali Linux environment from the options above.
- Pick a lab from the list below and follow the steps in order.
- Reset / re-deploy the lab target between exploit labs that change system state.
- See labs/tools.md for every free tool used (with install commands and download links).
- Lab 1 — Scoping a Pentest: SoW, NDA and RoE
- Lab 2 — Threat Modeling with STRIDE and DREAD
- Lab 3 — Mapping a Pentest to MITRE ATT&CK
- Lab 4 — Risk Scoring with CVSS, CWE and EPSS
- Lab 5 — Writing a Penetration Test Report
- Lab 6 — Passive OSINT with theHarvester and Recon-ng
- Lab 7 — WHOIS, DNS Recon and Zone Walking
- Lab 8 — Subdomain Enumeration with Amass and Subfinder
- Lab 9 — Shodan, Censys and Certificate Transparency
- Lab 10 — Network Scanning with Nmap
- Lab 11 — Service Enumeration with Nmap NSE
- Lab 12 — Traffic Capture and Analysis with Wireshark and tcpdump
- Lab 13 — Web Enumeration: Gobuster, Wfuzz, WhatWeb
- Lab 14 — Recon Scripting with Bash and Python
- Lab 15 — Vulnerability Scanning with Greenbone/OpenVAS
- Lab 16 — Web Vulnerability Scanning with Nikto and ZAP
- Lab 17 — Container Image Scanning with Trivy and Grype
- Lab 18 — Secrets Scanning with TruffleHog
- Lab 19 — Validating Findings and Public Exploit Selection
- Lab 20 — Exploitation with Metasploit Framework
- Lab 21 — Bind and Reverse Shells with Netcat and Socat
- Lab 22 — LLMNR/NBT-NS Poisoning and SMB Relay with Responder
- Lab 23 — Online Password Attacks with Hydra and Medusa
- Lab 24 — Offline Hash Cracking with hashcat and John
- Lab 25 — Linux Privilege Escalation with LinPEAS
- Lab 26 — Windows Privilege Escalation and Kerberoasting
- Lab 27 — SQL Injection with sqlmap
- Lab 28 — XSS, CSRF and SSRF with Burp Suite
- Lab 29 — File Inclusion, Directory Traversal and Web Shells
- Lab 30 — Cloud Attacks: S3 and IAM with Pacu and ScoutSuite
- Lab 31 — Wireless Attacks: WPA Cracking with Aircrack-ng
- Lab 32 — Social Engineering with GoPhish and SET
- Lab 33 — Establishing Persistence (cron, systemd, web shell)
- Lab 34 — Lateral Movement with CrackMapExec and Impacket
- Lab 35 — Pivoting with sshuttle, Chisel and Proxychains
- Lab 36 — Data Exfiltration over DNS, ICMP and HTTPS
- Lab 37 — Cleanup, Restoration and Artifact Preservation
The full WSQ courseware is generated from a single source of truth (the courseware-build skill at .claude/skills/courseware-build/build/) so the slide deck, Lesson Plan, Learner Guide and labs stay 100% aligned across the five PT0-003 exam domains and all 37 labs:
courseware/CompTIA PenTest+ (PT0-003)-v1.1.pptx/.pdf— course slide deck (411 slides, Tertiary house style)courseware/LP-CompTIA PenTest+ (PT0-003).docx/.pdf— 3-day Lesson Plan (8 training hours/day)courseware/LG-CompTIA PenTest+ (PT0-003).docx/.pdfand LG-CompTIA PenTest+ (PT0-003).md — Learner Guide (step-by-step for every lab)
To regenerate after editing course content: edit .claude/skills/courseware-build/build/course_data.py + data_domainN.py, then run bash .claude/skills/courseware-build/build/build_courseware.sh (builds the PPT, LP and LG as DOCX + PDF with page-numbered TOCs).
The Written and Practical assessments (and their answer keys) are confidential and are not published to this repository.
- labs/README.md — Lab index grouped by domain with exam-objective mapping
- labs/tools.md — Complete list of free tools (Kali + external)
CompTIA PenTest+ PT0-003 Exam Objectives.pdf— Official exam blueprint
All tooling is 100% free. The vast majority is pre-installed in Kali Linux (apt available for anything missing). External targets used:
- DVWA, OWASP Juice Shop, Metasploitable3 — vulnerable practice apps via Docker.
- TryHackMe / HackTheBox free rooms — for labs where a full AD lab is required.
- AWS Free Tier or localstack — for the cloud lab (Lab 30).
Full tool list: labs/tools.md.