• Module 01: Introduction to Penetration Testing
• Module 02: Penetration Testing Scoping and Engagement
• Module 03: Open Source Intelligence (OSINT)
• Module 04: Social Engineering Penetration Testing
• Module 05: Network Penetration Testing – External
• Module 06: Network Penetration Testing – Internal
• Module 07: Network Penetration Testing – Perimeter Devices
• Module 08: Web Application Penetration Testing
• Module 09: Wireless Penetration Testing
• Module 10: IoT Penetration Testing
• Module 11: OT/SCADA Penetration Testing
• Module 12: Cloud Penetration Testing
• Module 13: Binary Analysis and Exploitation
• Module 14: Report Writing and Post Testing Actions

Course Objective

Advanced Windows Attacks

This zone contains an entire forest, which you must first acquire access to before executing Silver and Gold Ticket and Kerberoasting via PowerShell or any other method. Because the computers will be set with protections, you will have to employ PowerShell bypass techniques and other complex methods to score points within the zone.

Access Hidden Networks with Pivoting

According to our beta testing, pen testers fail to identify the rules in place when confronted with a tiered network. As a result, in this zone, you must first determine the filtering rules before entering the direct network. Candidates must then try pivots into hidden networks utilising single pivoting approaches, but only through a filter. Most certifications do not need a real pivot over heterogeneous networks, and few (if any) require input and output from a filtering device.

Attacking IOT Systems

The first certification requires you to find IoT devices and then acquire network access. Once in the network, you must locate the IOT device’s firmware, extract it, and then reverse engineer it.

Double Pivoting

The double pivot is the next obstacle once you have braved and mastered the trials of the pivot. This is not something that can be done using a tool; in most circumstances, the pivot must be set up manually. CPENT is the world’s first certification that requires you to access covert networks using double pivoting.

Writing Exploits: Advanced Binary Exploitation

Discovering flaws in code is a talent that all good pen testers must have. You will be needed to locate the defective binaries and reverse engineer them in order to create exploits to take control of the programme execution in this zone. The process is complicated by the need to penetrate the perimeter in order to get access and then discover the binaries. After that, you must reverse engineer the code. Unlike previous certifications, CPENT contains 32 and 64 bit code challenges, and some of the code will be generated with non-executable stack safeguards. To exploit these binaries, you must first develop a driver application and then figure out how to escalate privileges.This will need extensive binary exploitation abilities, including the most recent debugging principles and egg hunting techniques. You must create input code in order to first take control of programme execution and then map an area in memory in order for your shell code to operate and circumvent system defences.

Privilege Escalation

To get root/admin in this challenge, the most recent methods of privilege escalation reverse engineering code to take control of execution and subsequently break out of the constrained shell are necessary.

Evading Defense Mechanisms

The range necessitates that your exploits be tested against various defences that you are likely to encounter in the field. Applicants must weaponize their exploits in order to get past the defences.

Attack Automation with Scripts

Prepare for advanced penetration testing methodologies and scripts with seven self-study appendices: Ruby, Python, PowerShell, Perl, BASH, Fuzzing, and Metasploit penetration testing.

Weaponize Your Exploits

Create your own tools and armoury using your coding skills to hack the difficulties posed to you just like you would in real life.

Bypassing a Filtered Network

The CPENT certification includes web zone challenges that reside within a segmentation architecture, so you must identify the architecture’s filtering and then use this knowledge to get access to web apps. The next step is to reach a compromise and then extract the necessary data from the web apps to get points.

Pentesting Operational Technology (OT)

The CPENT range includes a zone devoted to ICS SCADA networks, which the applicant must enter from the IT network to acquire access to the OT network. Once there, you must locate the Programmable Logic Controller (PLC) and adjust the data to affect the OT network. Intercepting the Mod Bus Communication protocol and communication between the PLC and other nodes is required.

Write Professional Reports

To truly make an effect, see how a pen tester may eliminate risks and confirm the data delivered to the customer. Without a carefully documented report, great pen testing means little to clients!