Course DescriptionEC-Council has introduced its new CPENT certification as the “Ultimate Penetration Certification.”
This announcement is made along with the retirements of 2 EC-Council Programs: ECSA ( EC-Council Certified Security Analyst ) and APT.
The certification aims to reduce the gap in skills and map the job roles of security analysts and penetration testers. It also provides real-world experience for the challengers. As the challenges are progressive, it is important to think outside the box. Each challenge will be more difficult than the one before.
The CPENT certification is made up of 14 modules. It tests the penetration tester’s abilities in almost all vectors of cybersecurity. Some of these have never been seen before in any penetration certification. Here is a list:
Introduction to Penetration Testing
Penetration Testing Scoring and Engagement
Open Source Intelligence (OSINT)
Social Engineering Penetration Testing
Network Penetration Testing – External
Network Penetration Testing- Internal
Network Penetration Testing – Perimeter Devices
Web Application Penetration Testing
Wireless Penetration Testing
IoT Penetration Testing
OT/SCADA Penetration Testing
Cloud Penetration Testing
Binary Analysis and Exploitation
Report Writing and Post Testing
Advanced Windows Attacks: This challenge tests the candidate’s knowledge of PowerShell. The candidate must use PowerShell bypass techniques and other methods to gain access on a windows machine with defenses in place.
Attacking IoT Systems – CPENT is the first certification that allows you to hack IoT devices. It starts by searching the device, identifying the firmware, extracting it, and then performing reverse engineering.
Advanced Binaries Exploitation – Penetration testers must gain access to the system to look for flaws in binaries, reverse engineer and create exploits for privilege escalation.
To bypass a Filtered Network: The challenger must identify the filtering in the architecture and then leverage it to gain access to web applications by compromising it and extract the data.
Pentesting Operational Technology: This is a new challenge in a penetration test certification. The tester must gain access to a dedicated OT network to modify existing data and penetrating the IT network side.
Access Hidden Networks with Pivoting: The tester must identify the filtering rules in order to gain access to the direct network. After that, he or she will attempt pivots through a filter into the hidden network using only one pivoting method.
Double Pivoting: Quoting EC-Council, “CPENT” is the first certification that requires you to access hidden network using double pivoting. This challenge tests your skills as the pivot must be manually set up.
Attack Automation with Scripts: This challenge requires that the tester uses advanced penetration techniques and scripting languages such as Perl, Ruby, PowerShell and BASH. They also use techniques such as Metasploit or Fuzzing.
Weaponize Your Exploits: This challenge allows testers to apply their coding skills and carry their own tools.
These are just a few of the challenges that testers will need to overcome, use the most recent methods for privilege escalation, and summarize all the information in a report that could be presented to the client/higher managers to make vital business decisions.
Hackers who are ethical
Information security consultant
Network Server Administrators
Administrators of Firewalls
Risk Assessment Professionals