Penetration Testers are professional ethical hackers, responsible for assessing the security posture of applications and networks on behalf of their employers. This career path will prepare you for success as an entry-level Pentester.
Learners at 96% of Fortune 1000 companies trust Cybrary
Cybrary’s Penetration Tester career path and associated assessments will equip you with the knowledge and hands-on skills you need to launch your career as a Penetration Tester. Over the course of 20+ courses and hands-on virtual labs, you will learn how to successfully identify, exploit, and remediate security vulnerabilities, and build a strong foundation of ethical hacking knowledge and skills.
As you proceed through the path, your progress will be measured in real time using Experience Points (XP) that serve as a comprehensive capability score for each topic.
The Leadership and Management Career Path is expected to release in Q2 of 2025. Sign up now to explore our other leadership courses and content.
Start Learning for FreeLearn core concepts and get hands-on with key skills.
In this course, you will be introduced to fundamental offensive security concepts, legal and ethical issues, documents and agreements, and operational frameworks and methodologies.
In this course, you will delve into the concept of the "kill chain" and explore some well-known cyber kill chains, including the Cyber Kill Chain (CKC), the MITRE ATT&CK framework, and the Unified Kill Chain (UKC).
In this course, you will be introduced to reconnaissance and enumeration in the context of an offensive security engagement. You will learn the distinction between the terms, how they are related, and the basic techniques that support them in a offensive security context.
In this hands-on lab, you will learn the basics of Open-Source Intelligence (OSINT). You will practice gathering publicly available information about a target organization's assets and people from a number of sources.
In this lab, you will learn the basics of performing reconnaissance and enumeration on a target network. You will practice using Masscan and Nmap to scan and enumerate a network.
In this course, you will learn the basics of network-based attacks. You will learn about active and passive network attacks, as well as network devices, services, and protocols, and the common attack types and techniques directed at them.
In this hands-on lab, you will learn the basics of network sniffing, including passive and active sniffing techniques. You will practice using Wireshark to sniff network traffic, and retrieve and apply actionable information from a target network.
In this hands-on lab, you will learn the basics of Metasploit, a popular penetration testing tool. You will practice using some core features of Metasploit to identify and exploit vulnerabilities on a live server.
In this hands-on lab, you will learn the basics of password cracking. You will practice using Hashcat to crack passwords using both brute force and dictionary-based techniques.
In this course, you will learn the basics of evasion in the context of penetration testing. You will learn common evasion techniques and tools for networks, hosts, and applications.
In this hands-on lab, you will learn the basics of local host enumeration. You will practice enumerating a Linux system using built-in commands and a Windows system using the WinPEAS script.
In this hands-on lab, you will learn the basics of identifying ingress and egress rules on a firewall. You will practice using Nmap to probe a live firewall in a simulated network environment and gather information about its rule configuration.
In this hands-on lab, you will learn about tunneling and pivoting as tactics for traversing target networks. You will practice tunneling and pivoting using Metasploit and SSH Dynamic Port Forwarding.
In this hands-on lab, you will learn about evading Microsoft Defender. You will practice using process injection and obfuscation techniques to evade Microsoft Defender.
In this course, you will learn the basics of applications and how to attack them, including web application architecture, common vulnerablities, and mitigation strategies.
In this hands-on lab, you will learn the basics of Burp Suite, a popular web application penetration testing tool. You will practice using some core features of Burp Suite to identify and exploit vulnerabilities in a web application.
In this hands-on lab, you will learn about password spraying and credential stuffing. You will practice using Hydra and Burp Suite to perform password spraying and credential stuffing attacks.
In this hands-on lab, you will learn the basics of injection attacks. You will practice performing SQL injection, command injection, and XSS attacks against a vulnerable web application.
In this hands-on lab, you will learn the basics of Server-Side Request Forgery (SSRF) Attacks. You will practice performing live SSRF attacks against a vulnerable web application.
In this hands-on lab, you will learn about Web Application Firewalls (WAF) and common techniques for bypassing them. You will practice using manual testing techniques to bypass various WAF configurations.
In this hands-on lab, you will learn the basics of deserialization attacks. You will practice performing deserialization attacks using Python scripts and Burp Suite.
In this hands-on lab, you will learn the basics of API Attacks. You will practice exploiting some common API vulnerabilities in a REST-based web application.
Exercise your problem-solving and creative thinking skills with security-centric puzzles
In this hands-on challenge, you will practice using Nmap to identify and exploit simple vulnerabilities on target hosts.
In this hands-on challenge, you will practice performing local host enumeration and privilege escalation on a Linux system.
In this hands-on challenge, you will practice network sniffing. You will interpret and manipulate a packet capture to gain access to other hosts on a target network.
In this hands-on challenge, you will practice identifying and exploiting vulnerabilities on a target host, then using tunneling and pivoting to broker access to internal services
In this hands-on challenge, you will exercise your password cracking skills to defeat the security of an encrypted file.
In this hands-on challenge, you will exercise your password cracking and password spraying skills.
In this hands-on challenge, you will practice making changes to a malware sample in order to evade Microsoft Defender.
In this hands-on challenge, you will practice identifying potential egress points through intermediate devices and creating tunnels out of a network.
In this hands-on challenge, you will practice exploiting SSRF vulnerablities and converting binary output.
In this hands-on challenge, you will practice using Burp Suite to exploit a vulnerable web application.
Assess your knowledge and skills to identify areas for improvement and measure your growth
Test your Offensive Security Fundamentals knowledge to identify strengths, gaps, and weaknesses in areas like offensive security operations and cyber kill chains. Measure your mastery of Offensive Security Fundamentals and advance your career with targeted course recommendations.
Test your Reconnaissance and Enumeration knowledge and skills to identify strengths, gaps, and weaknesses in areas like OSINT, network reconnaissance, and local host enumeration.
Test your Network Attacks knowledge and skills to identify strengths, gaps, and weaknesses in areas like reconnaissance, enumeration, exploitation, and more. Measure your mastery of Network Attacks and advance your career with targeted course and virtual lab recommendations.
Test your Credential Attacks knowledge and skills to identify strengths, gaps, and weaknesses in areas like Password Cracking, Password Spraying, and Credential Stuffing.
Test your Evasion knowledge and skills to identify strengths, gaps, and weaknesses in areas like identifying ingress and egress rules, evading Microsoft Defender, and bypassing web application firewalls.
Test your Application Attacks knowledge and skills to identify strengths, gaps, and weaknesses in areas like web application vulnerabilities and Burp Suite. Measure your mastery of Application Attacks and advance your career with targeted course and virtual lab recommendations.
Cybrary’s expert-led cybersecurity courses help your team remediate skill gaps and get up-to-date on certifications. Utilize Cybrary to stay ahead of emerging threats and provide team members with clarity on how to learn, grow, and advance their careers within your organization.
Put your skills to the test in virtual labs, challenges, and simulated environments.
Track your skills development from lesson to lesson using the Cybrary Skills Tracker.
Connect with peers and mentors through our supportive community of cybersecurity professionals.
This career path is designed for learners with a solid grasp of foundational IT, cybersecurity, and defensive security concepts who are interested in pursuing an entry-level offensive security role. This includes current mid-career IT and defensive security practitioners who are interested in transitioning to an offensive security role.
Experienced offensive security practitioners will also benefit from reviewing core concepts and testing their skills in this path's Challenge and Assessment modules.
Penetration Testers seek to identify and resolve security vulnerabilities in an organization’s networks. This often involves creating new or improved security protocols.
Common Pentester tasks and responsibilities include:
Penetration testing is an essential tool for identifying vulnerabilities in systems, networks, and applications before malicious actors can exploit them. By understanding a hacker’s mindset and tools, Penetration Testers can simulate real-world attacks to expose weaknesses and fortify security measures before it’s too late.
Pentesting not only helps prevent data breaches and other cyber incidents — it also ensures compliance with industry regulations and enhances overall risk management.
Professionals trained in penetration testing can pursue a variety of cybersecurity roles, such as:
Pentesters are employed across various industries, including finance, healthcare, government, tech, and more.