EC-Council Certified Penetration Tester (CPENT)
The EC-Council Certified Penetration Tester (CPENT) program provides advanced, hands-on training in penetration testing, focusing on real-world scenarios and multi-disciplinary environments like IoT and OT networks. It teaches skills beyond traditional penetration testing, including exploit development, advanced pivoting to access hidden networks, and bypassing filtered networks. The comprehensive curriculum emphasizes deep practice through cyber ranges, live labs, and CTF challenges, culminating in a 100% practical, performance-based 24-hour exam that tests candidates' ability to think on their feet in a complex, multi-stage attack environment.
During this course you will learn about these topics:
- Attack IoT Systems
- Writing Advanced Binary Exploits
- Evade Defense Mechanisms & Weaponize Exploits
- Pentest Operational Technology (OT)
- Accessing through Pivoting & Double Pivoting
- Advanced Windows Attack
- Weaponize Your Exploits
- Privilege Escalation
- Attack Automation with Scripts
- Write Professional Reports
- Bypassing a Filtered Network
- Evading Defense Mechanisms
- Access Hidden Networks With Pivoting
Ethical Hackers Penetration Testers Network server administrators Firewall Administrators Security Testers System Administrators and Risk Assessment professionals
The CPENT course doesn't have strict prerequisites but recommends advanced knowledge in networking, Kali or ParrotOS, penetration testing tools, Windows and Linux host exploitation, privilege escalation, web application testing, and wireless penetration testing
- Penetration Testing Concepts
- LPT Penetration Testing Methodology
- Guidelines and Recommendations for Penetration Testing
- Request for Proposal
- Preparing Response Requirements for Proposal Submission
- Setting the Rules of Engagement
- Establishing Communication Lines
- Timeline
- Time/Location
- Frequency of meetings
- Time of Day
- Identifying Personnel for Assistance
- Handling Legal Issues in Penetration Testing Engagement
- Preparing for the Test
- Handling Scope Creeping During Pen Testing
- OSINT through the WWW
- OSINT through Website Analysis
- OSINT through DNS Interrogation
- Automating the OSINT Process using Tools/Frameworks/Scripts
- Social Engineering Penetration Testing Concepts
- Social Engineering Penetration Testing Using E-mail Attack Vector
- Social Engineering Penetration Testing Using Telephone Attack Vector
- Social Engineering Penetration Testing Using Physical Attack Vector
- Reporting and Countermeasures/Recommendations
- Port Scanning
- OS and Service Fingerprinting
- Vulnerability Research
- Exploit Verification
- Footprinting
- Network Scanning
- OS and Service Fingerprinting
- Enumeration
- Vulnerability Assessment
- Windows Exploitation
- Unix/Linux Exploitation
- Other Internal Network Exploitation Techniques
- Automating Internal Network Penetration Test Effort
- Post Exploitation
- Advanced Tips and Techniques
- Assessing Firewall Security Implementation
- Assessing IDS Security Implementation
- Assessing Security of Routers
- Assessing Security of Switches
- Discover Web Application Default Content
- Discover Web Application Hidden Content
- Conduct Web Vulnerability Scanning
- Test for SQL Injection Vulnerabilities
- Test for XSS Vulnerabilities
- Test for Parameter Tampering
- Test for Weak Cryptography Vulnerabilities
- Tests for Security Misconfiguration Vulnerabilities
- Test for Client-Side Attack
- Tests for Broken Authentication and Authorization Vulnerabilities
- Tests for Broken Session Management Vulnerabilities
- Test for Web Services Security
- Test for Business Logic Flaws
- Test for Web Server Vulnerabilities
- Test for Thick Clients Vulnerabilities
- Wordpress Testing
- Wireless Local Area Network (WLAN) Penetration Testing
- RFID Penetration Testing
- NFC Penetration Testing
- IoT Attacks and Threats
- IoT Penetration Testing
- OT/SCADA Concepts
- Modbus
- ICS and SCADA Pen Testing
- Cloud Penetration Testing
- AWS Specific Penetration Testing
- Azure Specific Penetration Testing
- Google Cloud Platform Specific Penetration Testing
- Binary Coding Concepts
- Binary Analysis Methodology
- Penetration Testing Report: An Overview
- Phases of Report Development
- Report Components
- Penetration Testing Report Analysis
- Penetration Testing Report Delivery
- Post-Testing Actions for Organizations