First official blog post (outside of HTB writeups) since I created this site and what a better way than to start it off with a review of the Pratical Network Penetration Tester (PNPT) certification! This certification is the third one I’ve obtained, and the second related to cybersecurity. Out of the three, or I guess two, this one has to be the best I’ve obtained, both in testing my skillset and overall fun.

whoami#

I’m balejin, a network engineering student who wants to make a breakthrough into penetration testing and eventually red team. It may be a little bit weird or a bit too ambitious to want to break into the cybersecurity realm starting as a network engineering major, however I believe in setting up a strong foundation to set myself up for a future in this industry.

The PNPT Certification#

Offered by TCM Security, the PNPT is a fully hands-on certification, meaning that you are assessed within an simulated pentest environment. You’re given 5 days to perform the assessment and 2 additional days to create a report and eventually a debrief if you pass both. It tests you on Active Directory (AD) exploitation which is huge in businesses, as it’s estimated that 90% of fortune 1000 companies use AD over Linux.

Their certification can be found here

How does it compare with other certs?#

I’ve read many blog posts, Reddit posts/comments, and watched various Youtube videos comparing this cert to others and is given nothing but high praises and for very good reason!

I cannot give an exact answer on comparison since I only held the eJPTv2 from INE at the time and I was split between getting this and the eCPPTv2, but I decided I’d pursue both in preparation for the OSCP. I will say however it is the best bang for your buck in terms of what you get in knowledge/course material plus it’s life time, so you can go back and review the material whenever you want. I would recommend to anyone trying to break into the industry to have this, or at least take it in preparation for the OSCP.

How difficult is it?#

A lot of people have different experiences and ratings on difficulty when it comes to the exam. My opinion?

I found the PNPT to be moderately difficult, and no I don’t have professional experience in IT nor pentesting, the only experience I have is working as an intern at a SOC. I do Hack the Box quite frequently, so by the time of this blog post I’ve solved 82 boxes already and that experience did come in handy. I’ve also done the eJPTv2, so I have a rough idea on what kind of tools to work with and how a basic pentest is performed.

A numerical rating? Probably a 6 or maybe even a 6.5/10 and I’ll explain why in the next section.

The exam#

So as previously mentioned, I did find the exam to be moderately difficult. In fact, I actually failed the first time and not by what you would have expected. I’ve compromised the domain controller on my first attempt, but the report is what I ultimately failed on.

I’ve never actually written a professional pentest report, so I had to take a lot of my time going back and review the videos related to report writing. I even went as far as looking into publicly available pentest reports to get a better idea on how to construct a better one. TCM does provide you templates, which is what I used for both attempts. The problem was how I should present my findings in written format.

In the end, my second report ended up being 43 pages in total. Once I received the notification that I passed, I was invited to a 15 minute debrief for which I did do a power point presentation and practiced a few times as rehearsal. Once I finished presenting, I was given notification that I passed and was given the PNPT role on the Discord server. I received the PNPT certification through email.

What can I do to prepare for the exam?#

This might be a bit cliche, but everything in the course material is all you need to pass the exam. The one thing that can’t be taught, but for you to develop is the mindset of ‘thinking outside the box’. The three courses OSINT Fundamentals, PEH, and External Pentest Playbook is all you will need to pass. The PEH course alone is probably enough.

People have recommended the Wreath room from THM as well, but I didn’t do that since I was comfortable performing pivoting using various tools like Metasploit, Chisel + Proxychains, and ssh/sshuttle. I actually practiced pivoting through a home lab environment I created on Virtual Box, which I do plan to create a Blog Post soon on.

I’ve also done Hack the Box rooms to prepare such as:

Granny (easy)
Active (easy)
Blue (easy)
Jerry (easy)
Forest (easy)
Monteverde (medium)
Authority (medium)
Escape (medium)
Manager (medium)

The rooms do require you to have VIP subscription, which in my opinion is very well worth it if you can get one.

Conclusion#

Overall, I have nothing but positive things to say about this certification as well as the TCMS team for their overall support during training and the exam. If you’re looking for a certification that’s heavily focused on Active Directory, then the PNPT is the best!

Final pieces of advice:

The PNPT is not a certification that should be compared to others, but rather you should look to getting it to compliment your current skillset
Do the PEH, OSINT Fundamentals, and the External Pentest Playbook. You can do Windows/Linux Privilege Escalation for Beginners, however that’s not needed to pass!
Build and Practice in the lab environment you created
Practice writing a report and if possible get peer feedback!
Take good notes while doing the course and during the exam! Take screenshots as well! A LOT OF SCREENSHOTS
Keep things simple, don’t go beyond scope of what is taught in the courses
Practice pivoting in your lab environment
Enumerate, enumerate, enumerate, enumerate, enumerate, enumerate. Did I mention enumerate?

With that being said, thank you for reading and happy hacking!