PASSED PENTEST+ (2026) !!!!
Passed Pentest and officially done and obtaining my degree!
I wanted go list some of the links that I found and used that helped me pass before I forget.
Videos: Used wgu.percipio and Hank Hackerson. Percipio was nice to visualize the command prompts, outputs and general idea of how the tool/attack works. Hank felt more relaxed and chill. Try to use both and flip flop to whatever fits best for you.
Links:
Excel Master Sheet - Detail Heavy
Excel High level Domain review + Tools + Robots.txt
Practice Exams: Little bit of Jason Dion / PocketPrep (All domains) / CrucialExams
PBQs: I can't say word for word what I saw but know your HTTP headers, Outputs for OSINT/Passive Recon/Robots.txt.
Advice: Study outputs from various tools. Know the common web based attacks. Understand Wifi cracking. Be able to differentiate between bASH/Python/Powershell.
Look, a few days ago I was reading all the horror stories from Reddit on this exam. I think I tried using every single source POSSIBLE for this exam, at the end of the day, it comes down to you and what you prefer. I started bitching and complaining that we have to take the exam considering CompTIA recommends 2-4 years worth of Pentesting experience and knew this was not going to be possible to pass.
Instead, I started saying to myself to be confident and excited to learning the knowledge required for the course so I started to cool down and became more interested. Yes, you have to know the outputs for a wide array of tools and the strings worth of commands look terrifying - this is where I would use Hank Hackerson where he helped me break down each part of the output to get a big picture understanding.
Tips? I installed Linux Mint on my laptop, installed a few tools.... bEEF, nmap, inSSider, etc and started to play around. I found a random company and performed some passive recon and made a list of my findings (nmap outputs, harvester domains, dnsdumper intel, etc).
Don't look at it like it's a waste of time, or stupid or think hey I'm never gonna be a PenTester so this is a waste. See it more as a learning experience that could be directly applied onto a new job that you get in Security.
You might get a job and focus on VM or GRC or a SOC and you'll be steps ahead because at least you know what CAN happen, you can actually EXPLAIN why a machine has to be patched because of an attack vector besides saying, oh hey, cvss score of 9, must remediate.
Don't go hard on yourself, take time, dedicate a week (or less) depending on your schedule to each step of the pentest process and start to love it because you will.
Sure knowing 50+ tools won't do much, but knowing how to utilize and run scans in NMAP could really help if you land that Security job that requires internal vm scanning/remediation.