Hey everyone,
I just had to share my recent experience with the PNPT exam and as I sit down to reflect on my PNPT journey, I'm flooded with a mix of emotions. From frustration and self-doubt, to triumph and resilience.
For those who aren't familiar, PNPT stands for The Practical Network Penetration Tester™ certification. It's an intermediate-level penetration testing exam that really puts your skills to the test. In order to receive the certification, a student must:
Perform Open-Source Intelligence (OSINT) to gather intel on how to properly attack the network
Leverage their Active Directory exploitation skillsets to perform A/V and egress bypassing, lateral and vertical network movements, and ultimately compromise the exam Domain Controller
Provide a detailed, professionally written report
Perform a live 15-minute report debrief in front of our assessors, comprised of all senior penetration testers
After failing twice, I finally managed to pass, and I want to give you all a rundown of what went wrong, what I learned, and how I finally succeeded.
First off, let's talk about PREPARATION.
I had previously passed the PJPT, a beginner-level exam, which gave me a good foundation on Active Directory and Hacking in general. However, the PNPT is a whole different ball game. I spent about a month gearing up for the exam, focusing primarily on OSINT (Open-Source Intelligence) and EPP (External Pentest Playbook), two areas I felt were crucial for success since I still have the Active Directory experience fresh from the PJPT. I can't stress enough how important it is to be well-prepared before diving into this exam.
When the big day arrived in September, things didn't go as smoothly as I had hoped. External access was a challenge, and despite my efforts, I couldn't make much progress. It was frustrating, to say the least. After three days of struggling, I ended up failing the exam out of sheer frustration. It was disheartening, especially considering the support I had from my family and friends who believed in me.
The second attempt didn't go any better. Despite revisiting the training material and putting in extra effort, I still couldn't leverage what I was upon and having a glance back at it now, I'll say it's due to having clouded thought. It was a tough pill to swallow, and I decided to take a break. Taking breaks is essential, folks. It gives you time to recharge and gain perspective, a whole new perspective.
After failing the PNPT twice, I was at a crossroads. Doubt crept in, and I questioned whether I had what it takes to succeed. The support from my loved ones kept me going, but deep down, I felt like a disappointment. It's a feeling that's hard to shake off, especially when you're passionate about something.
After a five-month hiatus, I felt ready to tackle the exam once again. This time, I approached it with renewed determination. And guess what? I finally managed to gain access to the network on the first day! It was a huge relief, but the journey was far from over.
Enumeration became my best friend during those intense five days. I dug deep, uncovered crucial information, and eventually made my way to the Domain Controller. It was a moment of triumph, as I did some funny dance moves.
Submitting the report and debriefing went smoothly, and although I didn't get Heath as my assessor (maybe next time, right?), I felt confident in my performance.
Now, for some advice for those considering taking the PNPT exam:
1. Take thorough notes. Seriously, invest in a good note-taking tool like Cherrytree or Notion. It'll make a world of difference.
2. Prioritize enumeration. The more information you gather, the better equipped you'll be to tackle the pentest. Enumerate more than you attack. Your ability to uncover information and make use of the information you have should be high, that’s why breaks are needed.
3. Don't underestimate the extra resources provided. They're there for a reason, so make the most of them.
4. Make sure your tools are up to par. PimpMyKali script by Dewalt is a lifesaver.
5. Treat it like a pentest, not just an exam. This mindset shift can make all the difference.
6. Think outside the box. try not to have clouded thought. if an attack you’re sure of isn’t getting you the right result, that means you’re in a rabbit hole, think differently and think like a hacker would do.
And finally, don't forget to take care of yourself. This journey can be mentally and physically taxing, so be sure to take breaks and prioritize self-care.
Thanks for joining me on this rollercoaster ride. If you're considering taking the PNPT exam, I hope my experience has given you some valuable insights. And hey, don't forget to subscribe to my YouTube channel for more content!
Until next time,
Christopher Essien
TOFA Security.
Commentaires