Passing the PNPT (Practical Network Penetration Tester)

Posted on Oct 29, 2021

Have you heard about the Practical Network Penetration Tester (PNPT) certification by TCM Security? If you haven’t then it’s definitely worth looking into due to it’s fantastic price point and excellent dedication to being a fair, realistic challenge to test External and Internal Penetration Testing techniques. There are lengthier posts around the PNPT which I will post at the end, however this is designed to be a quick and to the point entry around what you should know around what it is, my own story, and recommendations to take and pass the exam.

The Summary

Below are the key facts surrounding the PNPT, true at the date this article has been published:

  • $299 USD to take including a retake
  • Emphasis on Active Directory and reporting/note taking
  • A lengthy exam time of five days to exploit the network in the exam, with two days to complete reporting
  • A exam requirement to present your report to the TCM Security team before passing.
My Journey

During a partial lockdown of the city I was living in at the time, and a desire to increase my knowledge of network penetration testing, I decided to undertake a penetration testing based certification. Initially after some weighing up between certs I decided to go with the PNPT seeing how new the content is, price point, and positive feedback this has had.

I have at this point two and a bit years of cybersecurity experience and would confidently be at a level of a professional technical consultant (definitely have a lot to learn though and a ton to improve on). Either way though I have the ability to break web applications of poor design, map networks, and identify security issues at a professional level. For someone at a senior level this exam may have been a cake walk, however from what I have been told if you are just starting out and haven’t much security work, I would recommend at the least passing something like the eJPT and some practical experience before moving onto the PNPT, least you like sufference.

Benefits of things to know if you are on your journey into this exam is that basic networking is mandatory, Active Directory is a plus (although this will be taught in the PEH if this is new to you), and web application testing and OSINT and useful to know (OSINT only needs to be at a very basic level).

The Exam

So now I get into the exam on a Saturday quite late (remember to note the timezone you book the exam in) and at this point you have five days to break into the network and ultimately complete the assigned objectives in your exam information packet (which in the theme of this being a ‘real pentest’ reads more like a statement of work) at the start of the exam. At this point you need to start external to the network and using the skills taught during the PEH course as well as any others on the academy and during practice labs.

I required four of the five days however I definitely sunk a lot of time in the environments through trial and error. Even the initial stages got me stumped longer than they should have (Very key to read carefully that brief TCM gives you at the start). Overal after the network was pwned (here’s hoping you took good notes throughout), the next stage was reporting. If I didn’t use Greenshot throughout my time during the exam this would have been difficult however this emphasises the ‘why’ on good note taking. The report doesn’t have to be a professional 80 page behemoth as you might have commitments and work outside of the exam, however it is more key to be able to break the attack down logically and have the ability to explain findings to a lay man. The debrief was fair and it was an honor to meet Heath Adam’s himself. Guy seemed tired however I would be too with that sort of workload. The debrief consisted of a handful of core questions, and then a quick confirmation that I met the requirements for his exam.

Recommendations

Now this is my own personal opinion however I am convinced that the only course you need to pass that is TCM specific is the Practical Ethical Hacker (PEH). This is a 25 hour course is designed to go right through the beginning and build you up to where you know basic exploit development, web application, and Active Directory attacks. This will take everyone a different amount of time. With the curriculum contents available to view here.

After you have completed the Practical Ethical Hacker certification you should then move onto the TryHackMe Active Directory labs. The ones in particular to look at are Throwback and Wreath. Wreath will teach you vital pivoting skills, whereas Throwback will help reinforce those fundamentals adopted around the Exploitation and Active Directory skills encountered during the PEH.

Now comes the short period of time between jumping into the exam environment. I would say at this point the two things that will help you in passing is having a battle buddy, and keeping good notes.

A battle buddy is someone that you can hang around with to learn from, and that keeps you on the right track. The best way to get a battle buddy is to engage on the Discord, ask questions, participate, and find someone taking the PNPT as well. At this point you can trade procedures and tactics, making you both stronger.

Along with this, you need to have a knowledge management system to go through the exam on as well as remind yourself what you studied during the many hours of TCM training. To this end you need something along the lines of some note taking software. There are many options including but not limited to:

  • Cherry Tree - Evernote - Notion - Obsidian - OneNote

Personally I used OneNote and Obsidian during my time preparing for the exam, with Obsidian being my note taking tool of choice now (thanks Joseph!).

Okay so now you’ve done the PEH, follow up courses/labs, have a battle buddy that you trade tactics with, and a book full of notes. Now comes the exam. At this point you are best to just relax, take your time, be methodical, and also watch out for rabbit holes during the exam. There are things that might be in there to throw you off much like a real test, and if you treat the exam less like a CTF, and more like a real-world assessment, you should be fine at this point.

Best of luck