Sign in Subscribe
Certification

Practical Network Penetration Tester (PNPT) Review

Rashpal Mediratta

2 min read
Practical Network Penetration Tester (PNPT) Review
PNPT

I recently passed the PNPT certification by TCM security and decided to review it with an aim to help anyone else in their preparation for the exam. I'd like to keep the review brief and straight to the point.

Preparation

The content for the exam consists of five courses:

  • Practical Ethical Hacking (PEH)
  • Linux Privilege Escalation
  • Windows Privilege Escalation
  • Open-Source Intelligence (OSINT)
  • External Pentest Playbook

Each course plays their part within the exam, but a focus should be placed onto the PEH, OSINT and External Pentest Playbook courses.

The course material provided is more than sufficient to pass the exam and external material is not needed to do so. However, I did decide to re-do the Wreath network from tryhackme to learn a few more concepts.

TryHackMe | Wreath
Learn how to pivot through a network by compromising a public facing web machine and tunnelling your traffic to access other machines in Wreath’s network. (Streak limitation only for non-subscribed users)
TryHackMe

Apart from that, the course material was all that I went through, and it is genuinely all that is needed to pass the exam.

Exam

The exam consisted of a penetration test with various components as well as a goal that was outlined in the rules of engagement (ROE) document. TCM provides a VPN as well as an ROE that has to be adhered to.

I took three days to reach the goal that was outlined in the ROE. In hindsight, the entire exam was quite straightforward, and the goal could have been met a lot sooner if it wasn't for me over complicating certain tasks. The VPN was incredibly stable and held the connection throughout.

Advice

  • Use the course material and study it in-depth.
  • Ensure that you're comfortable with the tools in the courses and understand their capabilities and functions well.
  • Keep it simple.
  • Be patient.
  • Don't overthink it, take a break or step back if you are and come back later 😃
  • Do not treat this as a CTF as it will make everything difficult

Do the wreath and or holo network on tryhackme if you're not yet confident in doing the exam. In addition to this, the compromising AD module on the website could also be done as extra practice for the exam. But again, the course material is sufficient.

Conclusion

The courses were quite in-depth and had covered a lot of information that can be used on a real-world engagement. The exam was fun and was not CTF like and the exam environment was super stable.