arrow-left arrow-right brightness-2 chevron-left chevron-right circle-half-full dots-horizontal facebook-box facebook loader magnify menu-down rss-box star twitter-box twitter white-balance-sunny window-close
Practical Network Penetration Tester (PNPT) – Real-World Penetration Testing Certification Exam Review
5 min read

Practical Network Penetration Tester (PNPT) – Real-World Penetration Testing Certification Exam Review

Practical Network Penetration Tester (PNPT) – Real-World Penetration Testing Certification Exam Review

During the Philippines' National Heroes' Day, I decided to take TCM Security's newest technical exam in cybersecurity, the Practical Network Penetration Tester (PNPT).

Practical Network Penetration Tester (PNPT)

TCM Security's PNPT is the newest, budget-friendly, and most realistic cybersecurity certification exam in the cybersecurity market right now.

Exam Options

Exam takers can earn the PNPT certification in two options. The first one is a standalone exam for students who are already well-versed with penetration testing, while the second one comes with a lifelong access to course materials which is perfect for students who would like to start their career in cybersecurity.


The courses included in the $399 option are the following:

Before taking the exam, I've only watched the External Pentest Playbook, but based on the course outline of each course, you will become familiar with the entire process/activities in a real-life penetration testing.

PNPT Certification Exam

The PNPT certification exam simulates a real-world penetration testing engagement in which a penetration tester will follow the steps below.

  1. Read the Rules of Engagement (ROE)
  2. Perform OSINT on the client
  3. Perform an External Penetration Test
  4. Perform an Internal Penetration Test
  5. Write a professional and technical report
  6. Debrief the client

Exam Schedule

In terms of exam scheduling, exam takers can pick their preferred date and time. And as mentioned above, I scheduled my exam during the holiday in the Philippines.

Rules of Engagement (ROE)

The exam is made to mimic an actual penetration test, examinees will first receive an email with the Rules of Engagement (ROE) document which contains the following:

  • Objective of the engagement
  • Roles and Responsibilities of both parties
  • Rules and Scope of the engagement

Open Source Intelligence (OSINT)

The first and most important part of the exam is OSINT. Exam takers will be tested on their ability to pay attention to details in order to gather information that will be useful in compromising the external network.

External Penetration Test

External Pentest is the next step in which the penetration tester will perform web application and network scanning to find an entry point to compromise the external network of the client.

Once you've gained access to the external network, you will need to do enumeration to find a valid attack vector to gain access to the internal network.

In this step, I found an unintended way to easily compromise the internal network. TCM Security actually confirmed that I bypassed most of the exam.

Internal Penetration Test

In the exam, you will be tested on your active directory penetration testing skills. Some exam takers find this as the most challenging part of the exam but since I bypassed it, it became easy for me to compromise the domain controller of the active directory.

Professional Penetration Testing Report

Aside from the technical part of the exam, the penetration tester must write a professional and technical penetration testing report.

TCM Security provided a modifiable sample report but I decided to create my own.

Title Page
Table of Contents
Vulnerability Summary & Report Card
Vulnerability Details Structure


This is the fun and last part of the exam. One of the requirements of the exam is to debrief the client about the penetration testing engagement. At Secuna, I am the one who always debrief our clients and it usually take around 15 to 30 minutes. In the exam, you have 15 minutes to debrief the client.

Debriefing is also another way to prevent cheating. TCM Security will validate if you are the one who compromised their assets (exam machines) because you need to present and discuss it. They will also ask questions during the call.

Additionally, PNPT is the only technical certification exam that requires exam takers to debrief their client about their penetration testing exam.

In my exam, I scheduled the debriefing at 3 in the morning because Heath (Owner of TCM Security) is currently residing in the US, while I'm residing in the Philippines (GMT +8:00) but you can pick your preferred schedule.

Before I submitted my report, I also made sure that my presentation slide is ready.

After presenting, Heath confirmed that I passed the exam and he will personally send the certificate to my registered email address.

Practical Network Penetration Testing Certificate

Tips for Takers

  • Recon Everything and Take Notes
    Every single details might be useful for your later attack and make sure to take note all of them so you don't need to perform it again.
  • Don't Rush, Take Breaks, and Stay Focus
    You have 5 days to compromise the Active Directory Domain Controller and 2 days to finalize and submit your professional penetration testing report. So make sure to eat your meals, take bathroom break, and rest your eyes.
  • Remember the Rules and Scope
    Rules of Engagement is important so make sure you read it very carefully. Additionally, always stay in scope. If they want you to perform OSINT only to a specific asset then do OSINT only, do not test it.

Final Thoughts

Overall, to be honest, I can confidently say that this is the most realistic penetration testing exam I've ever taken so far. The procedure of the exam is exactly like the normal penetration testing engagement – from reading the rules of engagement to debriefing the client.

I would highly recommend it to my friends who would like to start their career in penetration testing or red teaming to avail PNPT and get certified. It is a budget-friendly technical certification ($299-$399 only 😉) that will validate your skill in penetration testing and red teaming.

Here is a special coupon for my readers: HACKSTREETBOYS for 10% off!

If you are a visitor of my blog and planning to obtain your first technical certification but can't decide which one to get. Check the picture below.

Bonus: Took a selfie after compromising the domain controller.