CPENT (Certified Penetration Testing Professional) The Ultimate Pentesting Certification

Course Description
EC-Council has introduced its new CPENT certification as the “Ultimate Penetration Certification.”

The announcement comes along with the retirement of 2 of EC-Council’s Programs: ECSA ( EC-Council Certified Security Analyst) and APT.

The certification attempts to narrow the skill gaps and map the job role of a penetration tester and security analyst. It also tries to provide real-world experience to the challenge takers. Out-of-box thinking is required as the challenges follow a progressive approach where the next challenge is more challenging than the previous one.

Course Objectives

CPENT certification consists of 14 modules and tests the abilities of a penetration tester in almost all the vectors of cybersecurity, some of which have been introduced for the first time in any penetration certification. Provided is a list of the domains:

• Introduction to Penetration Testing
• Penetration Testing Scoping and Engagement
• Open Source Intelligence (OSINT)
• Social Engineering Penetration Testing
• Network Penetration Testing – External
• Network Penetration Testing– Internal
• Network Penetration Testing – Perimeter Devices
• Web Application Penetration Testing
• Wireless Penetration Testing
• IoT Penetration Testing
• OT/SCADA Penetration Testing
• Cloud Penetration Testing
• Binary Analysis and Exploitation
• Report Writing and Post Testing Actions

What’s Different?

Advanced Windows Attacks: The challenge aims to test the knowledge of PowerShell of the candidate, where the latter is required to use PowerShell bypass techniques along with other methods to gain access to a windows machine that has defenses in place.

Attacking IoT Systems: CPENT is the first certification to introduce hacking IoT devices that starts with searching the device, gaining access, identifying firmware, extraction, and performing reverse engineering.

Advanced Binaries Exploitation: Penetration testers are required to gain access to the system and look for flawed binaries, use reverse engineering, and write exploits for privilege escalation.

Bypassing a Filtered Network: In a segmented architecture, the challenger has to identify the filtering of the architecture then leverage this to gain access to the web applications by compromising it and then extract the required data

Pentesting Operational Technology (OT): The challenge is again a first of its kind in a penetration testing certification. The tester has to gain access to a dedicated OT network and perform modifications in the existing data by penetrating from the IT network side.

Access Hidden Networks With Pivoting: Tester has to penetrate into the direct network by identifying the filtering rules and then attempt pivots, through a filter, into the hidden network using single pivoting methods.

Double Pivoting: Quoting EC-Council “CPENT is the first certification in the world that requires you to access hidden networks using double pivoting.” This challenge tests the skills of the tester as the pivot has to be set up manually.

Attack Automation with Scripts: The challenge requires the tester to use advanced penetration techniques and scripting using languages like Perl, Python, Ruby, PowerShell, BASH, and use techniques like Metasploit and Fuzzing techniques.

Weaponize Your Exploits: This provides a chance to the testers to use their coding skills, carry their own tools to complete the challenge.

Apart from these, the challenges also require the testers to evade various defense mechanisms, use the latest methods for privilege escalation and summarize everything in a report that, in the real world, could be presented to the client/higher management to take vital business decisions.

Target Audience

• Penetration Testers
• Ethical Hackers
• Information security Consultant
• Security Testers
• Security Analysts
• Security Engineers
• Network Server Administrators
• Firewall Administrators
• System Administrators
• Risk Assessment Professionals

Pre-Requisite

CPENT certification Course Needs:
Extensive knowledge of penetration testing across multiple disciplines extending from windows, IoTs, inline defenses to automation, operational technology, and advanced skills in binary exploitation. The certification tests the knowledge of tester not only on automated tools but manual testing skills as well.

Exam Info
CPENT is an entirely practical exam which is conducted online and is proctored remotely. The exam duration is 24 hours. The candidates have two options to proceed with the exam. They can either take the exam in one go, i.e., 24 hours straight, or go for 2-12 hour exams. Candidates are required to submit their penetration testing reports within 7 days post the completion of the exam.

One of the significant aspects of the certification is that the certification provides a chance to obtain 2 certificates from a single exam:

• If a candidate scores 70%, they become a CPENT
• If a candidate scores above 90%, they become LPT (Licensed Penetration Tester)

EC-Council is quite confident and sees a lot of potential in its CPENT certification. It could be verified by EC-Council’s #DareTochallengeTheCPENT challenge where EC-Council is challenging OSCPs, GPENs, or CREST certified professionals to take the CPENT challenge where the successful applicants will have their exam fee waived.

AUTHOR
Sonali Gaur ( )
Senior Security Engineer (CCSA | CompTIA Security+ | ECIH | EDRP | CSA | CEH)

“ Contributing in the field of Network security with over 5+ years of Industry experience with Routers, Firewalls, IDS, IPS, SIEM Solutions and Vulnerability Management, working towards making an organisation secure. Highly motivated experienced professional with excellent interpersonal, communication skills and analytical qualities. “