The Practical Network Penetration Tester (PNPT) certification exam is an intermediate-level ethical hacking certification that evaluates a student’s ability to perform external and internal network penetration tests at a professional level. Key details are as follows:
- Certification Requirements: To obtain the certification, a student must demonstrate the ability to perform Open-Source Intelligence (OSINT) to gather information for network attacks, leverage Active Directory exploitation skills for A/V and egress bypassing, and perform lateral and vertical network movements to compromise the exam Domain Controller. A detailed, professionally written report must be provided, and a live 15-minute report debrief in front of senior penetration testers is required.
- Realistic Simulation: The exam is designed to simulate a real-world penetration testing engagement and doesn’t include multiple-choice questions.
- Experience Level: This certification is considered intermediate, and students are given five full days to complete the assessment, along with an additional two days for writing a professional report.
- Prerequisites: It is recommended to have intermediate IT knowledge and a strong desire to learn.
- Pricing: The exam voucher is available for $399.99, with other packages that include training and career services.
- Training Material: The package includes access to 50+ hours of course materials from TCM Academy, covering practical ethical hacking, privilege escalation for Linux and Windows, open-source intelligence (OSINT) fundamentals, and an external penetration test playbook.
- Career Support: The certification package also offers career services, including resume review, mock job application and interview simulations, and access to employer and social networks.
- Industry Recognition: Compared to other industry-recognized ethical hacking certifications, the PNPT exam offers a realistic experience that simulates a real penetration testing engagement.
The PNPT certification is designed for those with intermediate IT knowledge who want to validate their skills in network penetration testing at a professional level.
Difficulty: 3 out of 5.
For rating the difficulty, I'll add that I work professionally as a penetration tester.
This is overall was a great experience. The exam environment was extremely stable and highly reflective of things I've seen on real penetration tests. I actually saw my shells last overnight if that's any indication of how little network latency there was.
There are plenty of easter eggs to keep you amused as you pivot through the environment. I think the course material mostly will prepare you but some things may require a little experience to naturally know to look for. The exam itself is a week long so there's very little time pressure. I think I completed it in 2 days of testing total with the second day being mostly going through and screenshotting things I missed.
I do know that a lot of people fail this exam. I can appreciate why because if you've never lived in an enterprise environment and seen what users do, it might not be obvious to check for certain things even if they're alluded to in the course material.
One thing I'll disagree with is that this is marketed as an intermediate skill level certification. I think that since there's no AV evasion required it's still in the beginner area.
Naturally the biggest competitor to this certification is OSCP. I think the training material is very similar now that OSCP has caught up in the latest release. PNPT still seems to be more realistic because you're not gunning for flags, you're aiming for compromising a domain controller and achieving the crown jewels... NTDS.dit.
I've seen that TCM released the PJPT certification as the little brother to PNPT. While I love the company and what they do, I do question that as PNPT already felt easy enough given that pentesting is a fairly senior role in almost every organization I've seen. Adding a stepping stone certification seemed a little unnecessary but I guess some people might want a baby step first.
I highly recommend this for anyone interested in seeing what pentesting is all about.