Introduction:

The Practical Network Penetration Tester (PNPT) certification offered by TCM Security is an examination that assesses one’s ability to perform a penetration test. This comprehensive exam is based on five key courses: Practical Ethical Hacking (PEH), Windows Privilege Escalation, Linux Privilege Escalation, Open Source Intelligence (OSINT), and the External Penetration Testing Playbook.

My Top Takeaways from the PNPT Courses:

1. In-Depth Active Directory Knowledge: The courses place a significant emphasis on Active Directory testing, which is a critical skill for any cybersecurity professional.
2. Engaging Capstone Experiences: The vulnerable machines you use in the course are not only informative but also highly interactive and enjoyable, which enhances the learning experience.
3. Home Lab Setup Guidance: Detailed instructions on creating a home lab are provided, which is invaluable for hands-on learning and practice. This by far was one of the biggest values of this course. Creating the active directory lab and then testing out the techniques does wonders for solidifying the concepts.
4. Heath Adams’ Instructional Expertise: Heath’s teaching style is both accessible and thorough, making complex concepts easier to grasp. He also gives reference articles and further learning for many of the videos.

The Arsenal of Attacks You’ll Learn:

Heath Adams meticulously covers a wide range of attacks, equipping students with a formidable toolkit, including:

• Kerberoasting
• LLMNR Poisoning via Responder
• SMB-Relaying
• MitM6 Techniques
• Pass-the-Ticket and Pass-the-Hash Attacks
• Password Hash Cracking
• Using CrackMapExec and BloodHound
• Using Impacket Toolkit
• Network Pivoting Tactics
• Token Impersonation
• GPP Password Retrieval
• SecretsDump Usage
• NTDS.dit Extraction
• Golden Ticket Attack Execution
• Using Mimikatz
• And many more…

Demystifying the PNPT Exam:

The PNPT exam is an immersive, five-day engagement that simulates real-world penetration testing. It involves:

1. OSINT and External Assessment: Conducting Open Source Intelligence gathering and external vulnerability assessment.
2. Internal Network Analysis: Executing an internal network penetration test to achieve domain administrator access and establish persistence.
3. Professional Reporting: You’re given two days post-assessment to craft a comprehensive penetration testing report detailing your findings and methodologies. Remember the point of a pentest is not only to find vulnerabilities, but to show the clients how they can improve their security and remediate issues.
4. Final Debrief: The process culminates in a 15-minute debrief with the TCM Security team to discuss the penetration test. For me this was very beneficial because it gives you an opportunity to practice presentation skills, which are a huge part of pentesting that does not get talked about enough.

This rigorous process is designed to mimic actual penetration testing engagements, providing invaluable experience in both the technical and communicative aspects of the job.

My background:

Currently, I am a system/network administrator in the finance industry. Since entering the field of information technology, I have developed increasing interest in cybersecurity and ethical hacking. I am an avid user of TryHackMe and HackTheBox for training, which have been invaluable in preparing for certifications such as the PNPT. The PNPT was my second penetration testing certification, the first being eLearnSecurity’s Junior Penetration Tester (eJPT). My next goal is to earn the Offensive Security Certified Professional (OSCP) certification, followed by the Certified Red Team Operator (CRTO).

Strategies for Success:

1. K.I.S.S: Aka “keep it simple stupid” My initial approach was overly complex, I tried to try insane exploits and go way deeper than I needed to. It was not until someone close to me said “You may be overthinking this.” that I reevaluated and it all became clear.
2. Real-World Simulation: The PNPT is not a typical Capture The Flag (CTF) challenge; it mirrors real-world scenarios and and common administrator behaviors. Things that happen because it’s easy to just go with the defaults instead of being secure.
3. OSINT Challenges: The OSINT component is unique and engaging, though I wished it went a little further in depth. There are not many exams that deal with OSINT and I wish there were. (Callout to the internet: please create an OSINT course/exam)
4. Enumerate Thoroughly: Taking a step back and being able to view the bigger picture is huge step in this exam. A crucial part of that is enumerating thoroughly to gather the pieces that make up that picture. Make sure to take good notes with these pieces highlighted on them.
5. Trust Your Instincts: If something stands out during the exam, investigate it. The PNPT aims to test your practical skills, not trying to trick you. Focus on what the course teaches you, everything you need to know to pass is in the course material.
6. Master Pivoting: Familiarity with network pivoting is crucial. I recommend Heath’s tutorials and additional practice through platforms like TryHackMe. The Holo network and the Wreath network on TryHackMe are great places to get practice and try out the techniques/tools.
7. Enjoy the Process: While hard work and the “grind” are important, so is enjoying the journey. A balanced approach ensures a more pleasant and potentially successful experience.

Preparation Tips:

Begin with the PEH course to establish a solid foundation. The techniques taught here are critical for the PNPT exam. Additionally, walkthroughs of specific HackTheBox challenges such as Active, Monteverde, and Scrambled offer practical insights into Active Directory attacks, reinforcing the course material and providing alternate perspectives.

Closing Thoughts:

The PNPT certification is more than just a testament to your technical prowess; it’s a comprehensive educational experience that prepares you for real-world cybersecurity challenges. My journey through its material really clarified concepts and tools, and I highly recommend it to any aspiring penetration tester.