My PNPT Experience

Introduction

Recently, I obtained my Practical Network Penetration Tester (PNPT) certification from TCM Security
The course consited of five parts:

• Practical Ethical Hacking
• Windows Privilege Escalation
• Linux Privilege Escalation
• OSINT
• The External Pentest Playbook
  
  The exam consists of three parts: A five-day external penetration test on a company, two days to write a pentest report, and then a 15 minute debrief going over all of the findings.

My Experience

The exam is much more of a real-life engagement scenario, and not at all similar to a CTF, which threw me off a bit at the beginning. However, I found everything pretty straightforward, and was able to use everything I learned in the course to compromise the domain controller and complete the exam.

The biggest thing is to enumerate, as always. Every time I got stuck, I just needed to look a little harder, and I’d find something interesting I could use to advance.
The report writing was relatively easy, since I took a lot of screenshots and documented every small thing I did. I recommend anyone who wants to take the PNPT to do the same, since you cannot go back and take screenshots after the five-day lab period expires.
The debrief was pretty relaxed as well. I prepared some slides to go over my steps to domain admin, but it wasn’t required. Once I completed the debrief, I was immediately reward my certification!

What’s next?

The OSCP or CRTO are next on my list! Once I graduate this year and have some more free time, I’ll start working on one of those!