Hey I wanted to put a quick blog together regards the PNPT exam, a short brief about me, I’ve worked in IT for 15 years now give or take, started off as a field engineer and worked up through the call centre, desktop support and so on, I have worked in IT Security for around 5 years now as an analyst with a view to moving into Red Teaming / Pen Testing at some point. I’ve completed a few pro labs on HTB, the VHL, Elearn’s eJPT and a few others. I also have more than a few failed attempts at the OSCP to my name too.
I am continuing my quest to complete the OSCP as I have started it and now must finish it but that said there are multiple other courses out there that in my opinion are much better and more suited to the aspiring or established pen tester, my good friend @RastaMouse has produced the fine cRTO course for example https://www.zeropointsecurity.co.uk/red-team-ops/overview unfortunately as OffSec were first to the gate many organisations and HR departments fail to see past candidates not having an OSCP but times are changing.
Enter Heath Adams CEO of TCM and his offering the PNPT (Practical Network Penetration Tester)
You have 2 options the standalone exam or the exam with training material, I had the training materials before hand so I just purchased the exam, however the options are they to suit your needs.
So the PNPT is a 5 day live penetration test with 2 further days to complete a professional report this is followed by a live debrief with the TCM team. You must complete OSINT, compromise an external network, compromise an internal network and finally gain admin rights over the DC, much more real world and worlds apart from the multiple CTF based exams out there currently.
TCM do offer multiple other course’s a handful can be seen below, check out https://academy.tcm-sec.com/courses for more info, its recommended that you take TCM’s PEH, OSINT and External Pentest courses prior to attempting the PNPT if you don’t have a good foundational to mid level hacking knowledge base already. The suggested courses are included in the package shown.
I completed the PEH and the other 2 courses mentioned above despite having a good foundational knowledge and then booked in for the PNPT exam.
Exam Day
On exam day you will receive a SOW (statement of work) that must be adhered to and of course your vpn connection for the lab environment.
Within the SOW you are provided with the target information, the fun then begins. You must apply the knowledge gained from the OSINT course to find your foothold into the network and from there pivot and complete multiple different attack methods to eventually complete your goal of gaining domain admin. I obviously can’t and wont go into detail on this to maintain the integrity of the exam and Heaths livelihood 😊. What I will say is that this is no OSCP exam. You have plenty of time, you can take breaks, you have time to get up walk around and clear your head. You can even get a good nights sleep and eat all with the knowledge that you still have time to spare.
This is a real world pen test and not at all close to any CTF related system that you have completed previously, if you apply the CTF mindset in this exam you wont fair well. This is why I believe this exam will gain traction quickly among the community, your skills are tested across a replica active directory environment consisting of multiple systems.
One final word is that I had fun during this exam, I was rarely stressed and when I was that was down to my own stupidity, if something isn’t working then move on don’t do the same thing over and over in the hope that it will magically work.
Once your exam time is over you will then be given the opportunity to submit your report, if you do not manage to get DA the first time around, at this point you can still provide a report of your progress to date and you will be provided with a small hint on where to look next on your retake.
That’s right you get a hint and guess what the retake is free, you get a free retake as part of the initial exam purchase.
At this point I had provided my report and supporting evidence and to my joy I had successfully completed the practical part of the exam. What happens next is that you then have to complete a live debrief via video call where you go over your report and detail what you did and how you did it.
I don’t know if Heath is always part of the debrief however I was lucky enough to have him on my call and he was lovely and friendly, you don’t need to get all worked up over the debrief its not informal however it is relaxed and you should enjoy the experience and learn from it. I for one just talked at him for 15 mins but I think during all the verbal garage I was spouting I must have got enough information out to gain my PNPT, Thanks Heath.
Finally, you are then provided with your PNPT certificate and badge, there is one other surprise but I wont spoil that for you.
Congratulations you are now a PNPT holder or hopefully soon will be.
Have a great day