Introduction
This is a review of the Certified Network Pentester – CNPen certification and exam by The SecOps Group.
I took this exam due to a recommendation from a post on social media by Jason Haddix. There was also a promo going at that time which discounted the price of this exam and certification by 75%. I paid roughly around $80 USD for this exam and it came with 2 attempts, in case you fail the first time. Cost-wise, normally it’s around $325 USD.
For information on pricing, please visit their page directly here: https://secops.group/product/certified-network-pentester/
Another reason for me taking this exam was because I wanted to gauge where my network penetration testing skills were at as I’ve been recently focused on web app penetration testing.
Unique Selling Point of these Exams and Certifications
One of the key differences this exam had amongst the rest was the focus on exams vs courseware and training. The SecOps Group only provides exams and certifications and as far as training, only provides a syllabus of topics that will be covered on the exam. They do provide a list of free and paid sources you can check out for training, but that is optional. The courses from the Practical Network Penetration Tester (PNPT) from TCM Security helped me the most in terms of the labs and prep for the exam. So if you already passed that exam, in my opinion, you are ready to go take the CNPen exam.
For more information on the CNPen exam, please visit their exam page directly on their site: https://secops.group/
I thought that this was interesting because it would force you to research online from various sources, and also it didn’t prevent you from exploring other platforms.
There were also no restrictions on what tools you can use on the exam, unlike the others that prevent you from using automation. I thought this was more realistic since in real life, threat actors don’t have these restrictions and penetration testers are often allowed to use whatever tools are in their arsenal to accomplish the task on the job (based on personal experience).
Also, due to not having any courses and training, it reduces the cost for the certification which makes it very appealing to individuals wanting a hands-on practical exam experience and validation for their skills.
The Exam
The exam duration was around 4 hours and 15 minutes. You are required to answer 15 questions that also require you to submit several flags from all the machines you compromise. You need to get 60% to pass and around 75% to pass with merit. You are given a VPN file and required to hack on a subnet with several machines.
I thought the exam environment was realistic, it took me around 2 hours to get a foothold on the first machine. After that, I just followed my methodology for compromising the active directory for Windows and Linux machines. Without spoiling anything, you are also required to perform actions outside the environment which I thought was very interesting. I will leave it at that.
In the end, I was able to pass by compromising enough machines and submitting enough flags. I got the results immediately after I ended the exam and got a new certificate to add to my resume.
In terms of difficulty, I believe the exam page is accurate in describing it as an intermediate level certification. I did struggle in the beginning, but it did require me to do research to get my first foothold. I’ve hit enough networks so after getting in, it was swiss cheese, but tbh, it will vary by person based on your experience.
Tips to Pass
As I mentioned previously, if you had already taken the courses from the Practical Network Penetration Tester (PNPT) from TCM Security, you should have the knowledge and skills equipped to pass this exam – as that course covers extensively how to setup and attack an Active Directory environment.
I would recommend to follow a good methodology to pass. Make sure to scan for all open ports, analyze the service version of any applications or services you find and not just Google but check Github for any publicly available exploits or scripts. There are no restrictions on tool use, so be sure to check Metasploit for any potential modules that you can use against any assets you find. Don’t fall into a rabbit hole, if you get stuck, take a breather, get back on the exam and check again with a fresh set of eyes. Maybe closing out a few tabs can help you declutter your mind, and get back. One of the biggest epiphanies was that sometimes the answer is just right in your face – make sure you are not overlooking what is “obvious”.
Conclusion
The best thing about the exam for me was the convenience. I’ve taken almost all of the major practical hands on pentesting exams, and what I dread sometimes is the fact that they take 24 hours, 7 days, 10 days etc to complete. The most brutal are the exams that last 24-48 hours, because they require you to complete a pentest basically over a weekend. IRL, it’s usually 1-2 weeks for an engagement depending on your scope. But the convenience factor was what set this exam apart for me. I took this exam after I got off work, and I unlike the others I didn’t feel like I slogged through a 24 hour gauntlet of machines to hack. I understand the challenge and the exhilaration to be on a timer, but after a while it gets too mentally exhausting.
Overall, I would recommend this exam if you want to improve your resume and also get validation for your skills. The SecOps Group did a good job putting this exam and certification together and I look forward to taking more in the future. Make sure to check out their exams and offerings here: https://secops.group/