PEN TESTING =

HACKING + MORE
Get More with C|PENT

ATTACK EVADE EXPLOIT DEFEND

Master Best-in-Class Penetration Testing Skills to Safeguard Enterprises

CERTIFIED PENETRATION
TESTING PROFESSIONAL
 Establish What is the C|PENT Course?

Yourself As A rigorous Penetration Testing program that, unlike

contemporary Penetration Testing courses, teaches
A World Class you how to perform an effective Penetration
test across filtered networks. C|PENT is a
Penetration multidisciplinary course with extensive hands-on
training in a wide range of crucial skills, including
Testing advanced Windows attacks, Internet of Things (IoT)
and Operational Technology (OT) systems, filtered
Professional network bypass techniques, exploit writing, single
and double pivoting, advanced privilege escalation,
and binary exploitation. In summary, there is no
program of its kind in the world!
1. Apply correct methodology
in engagements
2. Exploit IoT, SCADA, and
Cloud systems
3. Bypass the human factor
(Social Engineering)
4. Evade Enterprise Defenses
5. Go Beyond Automated Tools
6. Access complex segmented
networks
7. Write world-class reports!

Certified
Penetration
Bridge the Gap
Testing
Professional
A rigorous Penetration Testing program that, unlike
contemporary Penetration Testing courses, teaches

Program
you how to perform an effective Penetration
test across filtered networks. C|PENT is a
multidisciplinary course with extensive hands-on
training in a wide range of crucial skills, including
advanced Windows attacks, Internet of Things (IoT)
and Operational Technology (OT) systems, filtered
network bypass techniques, exploit writing, single
and double pivoting, advanced privilege escalation,
and binary exploitation. In summary, there is no
program of its kind in the world!

C|PENT www.ecccouncil.org 02
That’s why for the first time in the industry, the assessment for the
Certified Penetration Testing Professional (C|PENT) is about multiple
disciplines and not just one or two specialty types.

1. T
 he course is presented through an enterprise network environment that must be
attacked, exploited, evaded, and defended.
2. E
 C-Council’s C|PENT assesses a Penetration Tester’s skills across a broad spectrum of
“network zones”.
3. W
 hat makes the C|PENT different is the requirement to be provided a variety of different
scopes of work so that the candidate can “think on their feet.”
4. T
 he result of this is that there are different zones representing different types of testing.
5. A
 nyone attempting the test will have to perform their assessment against these different
zones.

C|PENT is a 100% Hands-on Course featuring the

industry’s most robust, in-depth, hands-on lab and
practice range experience.

The C|PENT range, which is where our

Penetration Testers gain real-world
skills, is designed to provide challenges
across every level of the attack spectrum.
Additionally, the range contains multiple
layers of network segmentation, and once
access is gained in one segment, the latest
pivoting techniques are required to reach
the next segment. Many of the challenges
will require outside-the-box thinking and
customization of scripts and exploits to
get into the innermost segments of the
network.
The key to being a highly skilled
Penetration Tester is to go up against
various targets that are configured in a variety of ways. The C|PENT consists of entire
network segments that replicate an enterprise network — this is not a computer game
simulation; this is an accurate representation of an enterprise network that will present
the latest challenges to the Penetration Tester. Since the targets and technology continue
to change, the C|PENT is dynamic, and machines and defenses will be added as they are
observed in the wild. Finally, the targets and segments are progressive in nature. Once you
get into one machine and or segment, the next one will challenge you even more.

Over 100 Advanced Labs Eight Multidisciplinary network Ranges

C|PENT www.ecccouncil.org 03
With C|PENT, Learn the Next-Generation Techniques and
Methodologies for Handling Real-World Threat Situations
The following are 12 reasons that make the C|PENT Program one of a kind. This exceptional
course can make you one of the most advanced Penetration Testers in the world.

The course has one purpose: To help you overcome some of the most advanced obstacles
that real-world practitioners face when conducting Penetration tests.

Here are some examples of the challenges you will face when you are exposed to the C|PENT
Range:

ADVANCED WINDOWS ATTACKS

01 This zone contains a complete forest that you first have to gain access to and once
you do, your challenge is to use PowerShell and any other means to execute Silver
and Gold Ticket and Kerberoasting. The machines will be configured with defenses
in place; therefore, you will have to use PowerShell bypass techniques and other
advanced methods to score points within the zone.

ATTACKING IOT SYSTEMS

02 With the popularity of IOT devices, this is the first Program that requires you to
locate the IOT device(s) then gain access to the network. Once on the network, you
must identify the firmware of the IOT device, extract it and then reverse engineer it

WRITING EXPLOITS: ADVANCED BINARIES EXPLOITATION

03 The challenges faced by Penetration Testers today require them to use their own
skills to find a flaw in the code. In this zone you will be required to find the flawed
binaries, reverse engineer them once found, and then write exploits to take control
of the program execution.

The task is complicated and requires Penetration from the perimeter to gain access
then discover the binaries. Once successful, you must reverse engineer the code.

Unlike other certifications, this will not just be a simple 32-bit code. There will be
32- and 64-bit code challenges, and some of the code will be compiled with the
basic protections of non-executable stacks.

Furthermore, you must be able to write a driver program to exploit these binaries,
then discover a method to escalate privileges. This will require advanced skills in
binary exploitation that include the latest debugging concepts and egg hunting
techniques. You are required to craft input code first to take control of program
execution and second to map an area in memory to get your shellcode to work and
bypass system protections.

C|PENT www.ecccouncil.org 04
 BYPASSING A FILTERED NETWORK
04 The C|PENT Certification differs from the others. It provides web zone challenges
that exist within a segmentation architecture. As a result, you have to identify the
filtering of the architecture, leverage it to gain access to the web applications that
you will have to compromise, and then extract the required data to achieve points.

PENTESTING OPERATIONAL TECHNOLOGY (OT)

05 As a first in a Penetration Testing Certification, the C|PENT contains a zone
dedicated to ICS SCADA networks. The candidate will have to penetrate them
from the IT network side, gain access to the OT network, and once there, identify
the Programmable Logic Controller (PLC) and then modify the data to impact the
OT network. The candidate must be able to intercept the Mod Bus Communication
protocol and communication between the PLC and other nodes.

ACCESS HIDDEN NETWORKS WITH PIVOTING

06 Based on studies and research, few professionals have been able to identify the
rules in place when they encounter a layered network. Therefore, in this zone,
you will have to identify the filtering rules then penetrate the direct network, and
from there, attempt pivots into the hidden network using single pivoting methods,
but through a filter. Most certifications do not have a true pivot across disparate
networks and a few, if any, have the requirement into and out of a filtering device.

DOUBLE PIVOTING
07 Once you have braved and mastered the challenges of the pivot, the next challenge
is the double pivot. This is not something that you can use a tool for. In most cases,
the pivot has to be set up manually. C|PENT is the first certification in the world
that requires you to access hidden networks using double pivoting.

PRIVILEGE ESCALATION
08 The latest methods of privilege escalation are covered as well as there will be
challenges that require you to reverse engineer code and take control of execution,
then break out of the limited shell and gain root/admin.

EVADING DEFENSE MECHANISMS

09 The different methods of evasion are covered so that you can try and get your
exploits past the defenses by weaponizing them.

C|PENT www.ecccouncil.org 05
 ATTACK AUTOMATION WITH SCRIPTS
10 Prepare for advanced Penetration Testing techniques/scripting with seven self-
study appendices – Penetration Testing with Ruby, Python, PowerShell, Perl, BASH,
and learn about Fuzzing and Metasploit.

BUILD YOUR ARMORY: WEAPONIZE YOUR EXPLOITS

11 Carry your own tools and build your armory with your coding expertise and hack
the challenges presented to you as you would in real life.

WRITE PROFESSIONAL REPORTS

12 Experience how a Penetration Tester can mitigate risks and validate the report
presented to the client that makes an impact. The best part of it all is that during
this rigorous process, you would be carrying your own tools, building your armory
with your coding expertise and hacking the challenges presented to you as you
would in real life.

C|PENT IS
RESULTS ORIENTED

> 100% mapped with the NICE framework.

> M
 aps to the job role of a Penetration Tester and security analyst, based on major job
portals.

> 100% methodology-based Penetration Testing program.

> Provides strong reporting writing guidance.

> Blended with both manual and automated Penetration Testing approach.

> Gives a real-world experience through an Advanced Penetration Testing Range.

>  esigned based on the most common Penetration Testing services offered by the best
 D
service providers in the market.

> Offers standard templates that can help during a Penetration test.

C|PENT www.ecccouncil.org 06
PROGRAM OUTLINE

Introduction to Penetration Testing and Methodologies

Module 01 Cover the fundamentals of penetration testing, including penetration
testing approaches, strategies, methodologies, techniques, and various
guidelines and recommendations for penetration testing.

Penetration Testing Scoping and Engagement

Module 02 Learn the different stages and elements of scoping and engagement in
penetration testing.

Open-Source Intelligence (OSINT)

Module 03 Learn how to use techniques and tools to gather intelligence about the
target from publicly available sources such as the World Wide Web
(WWW), through website analysis, by using tools/frameworks/scripts,
and so on.

Social Engineering Penetration Testing

Module 04 Learn different social engineering techniques and perform social-
engineering penetration testing on a target organization.

Network Penetration Testing – External

Module 05 Learn how to implement a comprehensive penetration testing
methodology for assessing networks from outsiders’ perspectives. Learn
the process attackers follow to exploit the assets using vulnerabilities
from the outside of the network perimeter.

Network Penetration Testing – Internal

Module 06 Learn how to implement a comprehensive penetration testing
methodology for assessing networks from insider’s perspectives.

Network Penetration Testing - Perimeter Devices

Module 07 Learn how to implement a comprehensive penetration testing
methodology for assessing the security of network perimeter devices,
such as Firewalls, IDS, Routers, and Switches.

C|PENT www.ecccouncil.org 07
 Web Application Penetration Testing
Module 08 Learn how to analyze web applications for various vulnerabilities,
including the Open Web Application Security Project (OWASP) Top 10,
and determine the risk of exploitation.

Wireless Penetration Testing

Module 09 Learn how to test various components of wireless networks, such as
WLAN, RFID devices, and NFC technology devices.

IoT Penetration Testing

Module 10 Understand various threats to Internet of things (IoT) networks and
learn how to audit security controls for various inherent IoT risks.

OT and SCADA Penetration Testing

Module 11 Understand OT and SCADA concepts and learn the process of testing
various components of OT and SCADA networks

Cloud Penetration Testing

Module 12 Understand various security threats and concerns in cloud computing
and learn how to perform cloud penetration testing to determine the
probability of exploitation.

Binary Analysis and Exploitation

Module 13 Understand the binary analysis methodology and reverse engineer
applications to identify vulnerable applications that may lead to the
exploitation of an information system.

Report Writing and Post Testing Actions

Module 14 Learn how to document and analyze the results of a penetration test and
recommend post-penetration test actions.

C|PENT www.ecccouncil.org 08
ADDITIONAL SELF-STUDY
MODULES
> Penetration Testing Essential Concepts > Perl Environment and Scripting

> Fuzzing > Ruby Environment and Scripting

> Mastering Metasploit Framework > Active Directory Pen Testing

> PowerShell Scripting > Database Penetration Testing

> Bash Environment and Scripting > Mobile Device Penetration Testing

> Python Environment and Scripting > CEH Refresher

SUGGESTED DURATION

5 DAYS
MINIMUM TRAINING EXAM
(9:00 AM – 5:00 PM)

EC-COUNCIL’S VULNERABILITY ASSESSMENT AND

PENETRATION TESTING (VAPT) LEARNING TRACK

OUTCOMES
> Mastery of Penetration Testing skills.
C P EN T
Certified Penetration Testing Professional
> Perform the repeatable methodology.
> Commitment to the code of ethics.
> Present analyzed results through structured reports.

OUTCOMES
> Mastery of ethical hacking skills.
> Useful in real-life cyber attack scenarios.

OUTCOMES
> A thorough introduction to ethical hacking.
> Exposure to threat vectors and countermeasures.

OUTCOMES
> Protect, detect, respond, and predict approach.
> Vendor-neutral certification with no tools/technologies restrictions.
> Learn general network security concepts, tools, and procedures.
Design, develop, and maintain secure networks.

C|PENT www.ecccouncil.org 09
COMMON JOB ROLES FOR C|PENT

> Ethical Hackers > Information Security Analyst

> Penetration Testers > Application Security Analyst
> Network Server Administrators > Cybersecurity Assurance Engineer
> Firewall Administrators > Security Operations Center (SOC) Analyst
> Security Testers > Technical Operations Network Engineer
> S ystem Administrators and Risk > Information Security Engineer
Assessment Professionals
> Network Security Penetration Tester
> Cybersecurity Forensic Analyst
> Network Security Engineer
> Cyberthreat Analyst
> Information Security Architect
> Cloud Security Analyst

ATTAINING THE C|PENT CERTIFICATION

SINGLE EXAM, DUAL CERTIFICATION?

Should you score at least 70% in the C|PENT practical exam, you shall attain the C|PENT
credential. However, if you are one of the few rare experts on the planet, you may be able to
hit the minimum 90% to earn the Licensed Penetration Tester (LPT) Master Credential!
C|PENT is a fully online, remotely proctored practical exam that evaluates candidates
through a challenging 24-hour performance-based, hands-on exam. The exam is broken into
two practical exams of 12 hours each that will test your perseverance and focus by forcing
you to outdo yourself with each new challenge. Candidates have the option to choose either
two 12-hour exams or one 24-hour exam.

Candidates who score more than 90% will establish themselves as Penetration Testing
Masters and attain the prestigious LPT (Master) credential!

Check our CPENT Exam Blueprint!

C|PENT www.ecccouncil.org 10
Why People Love C|PENT

“The course content for C|PENT is amazing. C|PENT excels in teaching real-life scenarios,
which we face in practice.”
Amit Agarwal,
Research-oriented Technology Specialist

“The C|PENT labs are relevant to real-life situations you encounter as a penetration tester.”
Rasmus Christensen,
Systems Developer

“C|PENT teaches you the standardized methods of performing an enterprise penetration

test; not every certification teaches offensive security. C|PENT helps with the development
of skills in advanced topics.”
Dehinde Molade,
Senior Security Analyst

“It offers a wide range of penetration testing domains, such as Active Directory penetration
testing, IoT, OT, Double Pivoting, etc.”
Harith Dilshan,
Senior Cybersecurity Engineer

C|PENT www.ecccouncil.org 11
About

EC-Council’s sole purpose is to build and refine the cybersecurity profession globally. We
help individuals, organizations, educators, and governments address global workforce
problems by developing and curating world-class cybersecurity education programs and their
corresponding certifi­cations. We also provide cybersecurity services to some of the largest
businesses globally. Trusted by 7 of the Fortune 10, 47 of the Fortune 100, the Department
of Defence, Intelligence Community, NATO, and over 2,000 of the best Universities, Colleges,
and Training Companies, our programs have proliferated through over 140 countries. They
have set the bar in cybersecurity education. Best known for the Certified Ethical Hacker
programs, we are dedicated to equipping over 2,30,000 information age soldiers with the
knowledge, skills, and abilities required to fight and win against the black hat adversaries.
EC-Council builds individual and team/organization cyber capabilities through the Certified
Ethical Hacker Program, followed by a variety of other cyber programs, including Certified
Secure Computer User, Computer Hacking Forensic Investigator, Certified Security Analyst,
Certified Network Defender, Certified SOC Analyst, Certified Threat Intelligence Analyst,
Certified Incident Handler, as well as the Certified Chief Information Security Officer.

We are an ANSI 17024 accredited organization and have earned recognition by the DoD
under Directive 8140/8570 in the UK by the GCHQ, CREST, and various other authoritative
bodies that influence the entire profession.
Founded in 2001, EC-Council employs over 400 individuals worldwide with ten global offices
in the USA, UK, Malaysia, Singapore, India, and Indonesia. Its US offices are in Albuquerque,
NM, and Tampa, FL.

Learn more at www.eccouncil.org

C|PENT www.ecccouncil.org 12
 WE DON’T JUST TEACH

PENETRATION
TESTING
WE BUILD CYBER CAREERS
CERTIFIED PENETRATION TESTING PROFESSIONAL