CPENT|Certified Penetration Tester|EC-Council Training| Skip to main Content

EC-Council Certified Penetration Testing Professional (CPENT) + Exam voucher

  • Course Code CPENT
  • Duration 5 days
  • Version 2.0

Course Delivery

Public Classroom Price

Please call

Request Group Training Add to Cart

Jump to:

Course Delivery

This course is available in the following formats:

  • Company Event

    Event at company

  • Elearning (Self-paced)

    Self paced electronic learning

  • Public Classroom

    Traditional Classroom Learning

  • Virtual Learning

    Learning that is virtual

Request this course in a different delivery format.

Download Course Details

Course Overview

Top

EC-Council’s Certified Penetration Tester (CPENT) program is all about the pen test and will teach you to perform in an enterprise network environment that must be attacked, exploited, evaded, and defended. If you have only been working in flat networks, CPENT’s live practice range will teach you to take your skills to the next level by teaching you to pen test IoT systems, OT systems, as well as how to write your own exploits, build your own tools, conduct advanced binaries exploitation, double pivot to access hidden networks, and customization of scripts and exploits to get into the innermost segments of the network.

The CPENT range consists of entire network segments that replicate an enterprise network — this is not a computer game simulation; this is an accurate representation of an enterprise network that will present the latest challenges to the pen tester. The benefit of hands on learning in a live cyber range is that candidates will encounter multiple layers of network segmentation, and the CPENT course will teach candidates how to navigate these layers, so that once access is gained in one segment, a candidate will know the latest pivoting techniques required to reach the next. However, that won’t be enough on its own as the targets and segments are progressive in nature, so once you get into one machine and or segment, the next one will challenge you even more

CPENT is a fully online, remotely proctored practical exam that challenges candidates through a grueling 24-hour performance-based, hands-on exam. The exam is broken into 2 practical exams of 12-hours each that will test your perseverance and focus by forcing you to outdo yourself with each new challenge. Candidates have the option to choose either 2 12-hour exams or one 24-hour exam.

Candidates who score more than 70% will earn the CPENT certification. Candidates who score more than 90% attain the prestigious LPT (Master) credential!

Course Schedule

Top

  • eur3,895.00

View Entire Schedule Dates in Other Countries

Target Audience

Top
Ethical Hackers, Penetration Testers, Network Server Administrators, Firewall Administrators, Security Testers, System Administrators and Risk Assessment Professionals,
Show me more

Course Objectives

Top

After completing this course you should have gained the following Advanced Pentesting skills:

  • Advanced Windows Attacks
  • Attacking IoT Systems
  • Advanced Binary Exploitation.
  • Bypassing Filtered Networks
  • Pentesting Operational Technology (OT)
  • Access Hidden Networks with Pivoting
  • Pivoting & Double Pivoting
  • Privilege Escalation
  • Evasion Techniques
  • Attack Automation
  • Weaponizing Exploits
  • Professional Reporting
Show me more

Course Content

Top

Introduction to Penetration Testing and Methodolgies

  • Principles and Objectives of Penetration Testing
  • Penetration Testing Methodologies and Frameworks
  • Best Practices and Guidelines for Penetration Testing
  • Role of Artificial Intelligence in Penetration Testing
  • Role of Penetration Testing in Compliance with Laws, Acts, and Standards

Penetration Testing Scoping and Engagement

  • Penetration Testing: Pre-engagement Activities
  • Key Elements Required to Respond to Penetration Testing RFPs
  • Drafting Effective Rules of Engagement (ROE)
  • Legal and Regulatory Considerations Critical to Penetration Testing
  • Resources and Tools for Successful Penetration Testing
  • Strategies to Effectively Manage Scope Creep

Open Source Intelligence (OSINT) and Attack Surface Mapping

  • Collecting Open-source Intelligence (OSINT) on Target's Domain Name
  • Collecting OSINT about Target Organization on the Web
  • Open Source Intelligence (OSINT) using Automation Tools
  • Attack Surface Mapping

Social Engineering Penetration Testing

  • Social Engineering Penetration Testing Concepts
  • Off-Site Social Engineering Penetration Testing
  • On-Site Social Engineering Penetration Testing
  • Document Findings with Countermeasure Recommendations

Web Application Penetration Testing

  • Security Frame vs. Vulnerabilities vs. Attacks
  • OWASP Penetration Testing Framework
  • Web Application Footprinting and Enumeration Techniques
  • Techniques for Web Vulnerability Scanning
  • Test for Vulnerabilities in Application Deployment and Configuration
  • Techniques to Assess Identity Management, Authentication, and Authorization Mechanisms
  • Evaluate Session Management Security
  • Evaluate Input Validation Mechanisms
  • Detect and Exploit SQL Injection Vulnerabilities
  • Techniques for Identifying and Testing Injection Vulnerabilities
  • Exploit Improper Error Handling Vulnerabilities
  • Identify Weak Cryptography Vulnerabilities
  • Test for Business Logic Flaws in Web Applications
  • Evaluate Applications for Client-Side Vulnerabilities

API and Java Web Token Penetration Testing

  • API and Java Web Tokens (JWT) Penetration Testing
  • Techniques and Tools to Perform API Reconnaissance
  • Test APIs for Authentication and Authorization Vulnerabilities
  • Evaluate the security of JSON Web Tokens (JWT)
  • Test APIs for Input Validation and Injection Vulnerabilities
  • Test APIs for Security Misconfiguration Vulnerabilities
  • Test APIs for Rate Limiting and Denial of Service (DoS) Attacks
  • Test APIs for Security of GraphQL implementations
  • Test APIs for Business Logic Flaws and Session Management

Perimeter Defense Evasion Techniques

  • Techniques to Evaluate Firewall Security Implementations
  • Techniques to Evaluate IDS Security Implementations
  • Techniques to Evaluate the Security of Routers
  • Techniques to Evaluate the Security of Switches

Windows Exploitation and Privilege Escalation

  • Windows Pen Testing Methodology
  • Techniques to Perform Vulnerability Assessment and Exploit Verification
  • Methods to Gain Initial Access to Windows Systems
  • Techniques to Perform Enumeration with User Privilege
  • Techniques to Perform Privilege Escalation
  • Post-Exploitation Activities

Active Directory Penetration Testing

  • Architecture and Components of Active Directory
  • Active Directory Reconnaissance
  • Exploit Identified Active Directory Vulnerabilities
  • Role of Artificial Intelligence in AD Penetration Testing Strategies

Linux Exploitation and Privilege Escalation

  • Linux Exploitation and Penetration Testing Methodologies
  • Linux Reconnaissance and Vulnerability Scanning
  • Techniques to Gain Initial Access to Linux Systems
  • Linux Privilege Escalation Techniques

Reverse Engineering, Fuzzing and Binary Exploitation

  • Concepts and Methodology for Analyzing Linux Binaries
  • Methodologies for Examining Windows Binaries
  • Buffer Overflow Attacks and Exploitation Methods
  • Concepts, Methodologies, and Tools for Application Fuzzing

Lateral Movement and Pivoting

  • Advanced Lateral Movement Techniques
  • Advanced Pivoting and Tunneling Techniques to Maintain Access

IoT Penetration Testing

  • Fundamental Concepts of IoT Pen Testing
  • Information Gathering and Attack Surface Mapping
  • Analyze IoT Device Firmware
  • In-depth Analysis of IoT Software
  • Assess the Security of IoT Networks and Protocols
  • Post-Exploitation Strategies and Persistence Techniques
  • Comprehensive Pen Testing Reports

Report Writing and Post Testing Actions

  • Purpose and Structure of a Penetration Testing Report
  • Essential Components of a Penetration Testing Report
  • Phases of a Pen Test Report Writing
  • Skills to Deliver a Penetration Testing Report Effectively
  • Post-Testing Actions for Organizations

    •  

    Show me more

    Course Prerequisites

    Top

    Attendees should meet the following prerequisites:

    • It is recommended but not mandated that students have followed the EC-Council CEH Course and CEH Practical exam before enrolling for this course.
    • Advanced knowledge in Networking Protocols
    • Knowledge in Kali or ParrotOS and common Penetration Testing Tools
    • Knowledge in Exploiting Windows and Linux Hosts
    • Knowledge in Privilege Escalation in Linux and Windows
    • Knowledge in Wireless Penetration Testing
    • Knowledge in Web Application Penetration Testing
    Recommended prerequisites:
    Show me more

    Test Certification

    Top

    Recommended as preparation for the following exam:

    • CPENT - Certified Penetration Testing Professional

    Please note:

    CPENT is a fully online, remotely proctored practical exam that challenges candidates through a grueling 24-hour performance-based, hands-on exam. The exam is broken into 2 practical exams of 12-hours each that will test your perseverance and focus by forcing you to outdo yourself with each new challenge. Candidates have the option to choose either 2 12-hour exams or one 24-hour exam.

    Candidates who score more than 70% will earn the CPENT certification. Candidates who score more than 90% attain the prestigious LPT (Master) credential!

     

    Show me more

    We Care About Your Privacy

    We are using cookies to give you the best experience on our site. Cookies are files stored in your browser and are used by most websites to help personalise your web experience. By continuing to use our website without changing the settings, you are agreeing to our use of cookies.

    About your Privacy

    We process your data for purposes such as delivering content or advertisements and measuring the delivery of such content or advertisements to extract insights about our website. We may share this information with our partners. Cookies set by Global Knowledge are labelled “first party”; you may exercise your preferences in relation to first party cookies by toggling the switch for each first party cookie category below. The remaining cookies are third party cookies; you may exercise your preferences in relation to each purpose by toggling the relevant switch below or by vendor by clicking “List of IAB Vendors.” These choices will be signaled globally to other websites participating in the Transparency and Consent Framework.
    Privacy Statement

    Necessary Cookies

    These are cookies that are required for the Global Knowledge website to function and cannot be switched off in our systems. They include, for example, cookies that enable you to use a shopping cart or log into the booking area of our website.

    Analytics Cookies

    Analytics cookies are an optional but important part of our website's functionality. They help us to understand how you interact with our site by collecting and reporting information anonymously. The data collected by analytics cookies is used to improve the website's performance and enhance the user experience. It is important to note that these cookies do not collect any personal information that can be used to identify you.

    Preferences Cookies

    These are optional and you can turn them off and on. Please only use 2 to 3 lines of text here and if needed link to a page with more cookie info in Intro.

    Performance Cookies

    These cookies allow us to recognise and count the number of visitors to our website, traffic sources and to see how website visitors move around the website when they are using it. This helps us to improve the way the website works and improve your website experience. All information these cookies collect is aggregated and therefore anonymous.

    Cookie Control toggle icon