☕
Brinkles Pentesting Notebook
  • Introduction
    • My Journey to Pentesting
    • Twitter
    • Github
  • Certification Reviews
    • OSEP Review
    • CISSP Review
    • OSCP Review
    • RTJC Review
    • RTAC Review
    • CEH Review
    • CRTO Review
    • PNPT Review
    • eWPT Review
    • eJPTv1 Review
    • CCNP Security Review
    • CCNA Review
    • CompTIA Net +, A+ Review
  • C2 and Payloads
    • Sliver C2
    • Cobalt Strike
      • BOFs and Aggressor Scripts
        • Situational Awareness BOF
        • HOLLOW BOF
        • DLL_Version_Enumeration_BOF
        • InlineExecute-Assembly BOF
        • BOF.NET
        • C2-Tool-Collection BOFs
        • Inline-Execute-PE
      • Payloads
  • Tools
    • Internal Tools
      • BloodHound
      • Certi
      • Coercer
      • CrackMapExec
      • DCSync
      • DFSCoerce
      • DonPAPI
      • WMIEXEC
      • Kerberoasting
      • Lsassy
      • mitm6
      • Pcredz
      • PowerSploit
      • PrivExchange
      • Responder / RunFinger
      • Rubeus
      • Seatbelt
      • Seth
    • Web App Pentesting
      • Payload All The Things
        • Directory traversal
          • Deep Traversal
          • More Directory Traversal Payloads
        • SAML Injection
        • XXE - XML External Entity
        • XSS - Cross Site Scripting
        • XSLT Injection
        • XPATH injection
        • Upload Insecure Files
        • SQL injection
          • MSSQL Injection
          • MYSQL Injection
          • Oracle SQL Injection
          • PostgreSQL injection
          • SQLite Injection
        • Server Side Templates Injections
        • Server-Side Request Forgery
          • Payloads Included in Server-Side Request Forgery
        • Request Smuggling
        • OAuth
        • NoSQL injection
        • LDAP injection
        • Kubernetes
        • JSON Web Token
        • HTTP Parameter Pollution
        • GraphQL injection
        • CORS Misconfiguration
        • CRLF
        • Cross-Site Request Forgery
        • CSV Injection (Formula Injection)
        • File Inclusion
          • PHPINFOlfi.py
          • uploadlfi.py
  • Network Security
    • DMVPN GRE NHRP IPsec Profiles
    • Flex VPNs
    • GET VPN with Key Server
    • IKE Site to Site w/ IPSec
    • Point to Point GRE over IPSec
    • Remote Access VPN
    • Helpful Cisco Firewall CLI Commands
Powered by GitBook
On this page
  • Introduction
  • Study Plan
  • Exam
  • Report
  • Debrief
  • Overview
  • Summary

PNPT Review

Introduction

This exam overall was worth the price, effort, and time invested into it. If you are someone who is either new to pentesting or focused on getting some more AD pentesting knowledge, I would highly recommend this certification.

Study Plan

My study plan was overall simple though yours may be different. I went through the three courses apart of the PNPT bundle that was recommended to do before the test. I took notes and did all the labs plus I also went through the windows priv escalation course, skipping only the linux priv escalation. Now, I am coming at this test with previous pentesting experience and a few certs under my belt so everyone might be different in this regard. The course structure is built so you can definitely pass the test however if you feel weak on certain topics, go out and do some tryhackme or hacktheboxes. With this being said, I believe you can pass the test with just his coursework.

Exam

The exam was 5 days long with 2 days to write the report. It was set up to test on OSINT of the external network and taking that information to get to the internal network. From there, you will need to pivot and hop from machines to finally get DA of the DC. The time given to do this is a good amount of time as it reflects a "quick" real world pentest. The exam went smoothly and I thought the internal infrastructure of the exam was really well built and easy to follow. In most real world cases, this would NOT be true however the exam was set up helps out newcomers alot, making paths easily to follow and to understand. I can't go into details because of obvious reasons but for anyone taking the exam, you will understand! Also, make sure to follow the scope as you can fail if going outside of it.

Report

TCM gives you a perfect report template to use. I went above and beyond to add in a couple more sections within the report like an attack path. I always highly recommend taking screenshots and creating an attack path throughout the test. Not only is this a great add to the report, but ended up helping me a lot on creating a PowerPoint for my debrief. I recommend just using the TCM report template as its easy to follow and edit. If you have other resources like Attack Forge that can help bust out a report in no time, for sure use that however I thought the TCM template given was plenty.

Debrief

Unlike most certifications, not only did this test require a report but also included a presentation to one of the staff members! Its a quick 15 minute meeting and the goal is to give your best debrief on how the pentest went and what were the most important findings. In real world scenarios, a debrief could last hours and hours with a customer so 15 minutes is very doable. (It actually made it harder for me personally to fit everything in that I wanted to talk about haha)

Overview

There were a lot of great things about this test. The course plan was set up well, lots of videos to help out people who need to visualize concepts to understand, as well as the support was awesome. I do have some personal negatives I would like to talk about however I wanted to make clear, these are based on my own opinion. Compared to other exams, TCM has been one of the best overall companies that I have dealt with and would definitely take another exam from them in the near future!

Positives

Course was laid out perfectly. Super simple to follow, videos are always an added plus, and the labs were very engaging. I actually loved how this course went into creating your own AD lab as this could be a big step for newcomers. For me personally, my AD lab was all over the place so it was nice to scratch it and build a new one following Heath's steps. The support is great, didn't need to use them but I saw how much value they added in their discord and other programs. The exam was super stable and had no issues whatsoever connecting to it and all the machines within the network. The OSINT was a great add as well! OSINT is such a valuable skill to have the is not really recognized in the industry. I have seen very little certs test on it or even talk about OSINT, so I enjoyed that portion of the exam very much. This priv esclation courses were also informational and I learned a few techniques from there as well! Another thing to point out is the report / debrief. For me, it wasn't a benefit as I already have experience in the industry writing reports and debriefing. However, if I put myself into a newcomer's shoes, the experience gained from doing the report and debrief helps immensly to entry people. It helps give them a taste of what actual pentesting is and the procedure to lead to a successful engagement.

Negatives

Now, for my small gripes :) This test is definitely focused for the beginner. Initially, I wanted to take this course because I wanted to increase my AD skills tenfold. I have heard and seen from others/marketing that this exam was focused more for newcomers however felt that the information within the exam could help teach me new things. It did in some categories like priv escalation in windows, however the main focus for taking this test was specifically for the AD portion. I already had experience on the job and have seen a lot of different AD pentesting techniques from dirkjan, hausec, and more but I was curious on what TCM had up their sleeve. When I got to the AD section, I was disappointed. The AD knowledge was perfect for a beginner but a waste of time for someone more intermediate or advanced. (Or really anyone with minimal experience with pentesting internal) A lot of the main topics/tools were mentioned however lacked greatly in detail. Two tools that immediately came to mind was cme and bloodhound. The videos showed how to install them and briefly talked about some basic functions with each one... but then left it at "Go play around with the tool and see what you can do!". I was really hoping for a lot more content as those tools are HUGE in the internal pentesting world and have so much functionality that was not even mentioned. Multiple topics like Kerberoasting and others were barely talked about with an example of one command to the concept and that was it. I was expecting a lot more content in regard to the AD section however was let down.

Now for beginners, this is a ton of information right off the bat and how the test was made for the more entry person, I totally understand if this is the design they were going for. It was just disappointing to see the lack of content/knowledge being put out for these topics. It would be cool to see TCM put out a more advanced certification course that talked in depth of these concepts.

(I am currently doing the CRTO course now and I highly recommend people take it to expand their AD knowledge. Even though it is C2 focused within CobaltStrike, the AD/Internal pentesting knowledge you learn in that course was more what I was hoping the PNPT would provide.)

Summary

Overall, PNPT was an awesome course and I had a blast taking it. Like I said up above, if you are getting interested in Pentesting for a career, I highly recommend this course. If you are more intermediate / advanced, I still recommend this course for the content as I did learn some new techniques from it. (Especially from the windows priv esc course!)

PreviousCRTO ReviewNexteWPT Review

Last updated 1 year ago

Page cover image