Cybersecurity Certification Review: Certified Penetration Testing Engineer(CPTE)

Pending post since several years back. Since then, lots of new certification has gained (more) popularity. Veteran said certification markets are evolving every decade.


For some of you who do not know Mile2 organization, Mile2 is a cybersecurity training organization whose certifications are ACCREDITED by  US Government under directives of
- NSA CNSS 4011-4016
- NIST / Homeland Security NICCS's Cyber Security Workforce Framework
- FBI Cyber Security Certification Requirement list (Tier 1-3)

In this series, we will be talking about Certified Penetration Testing Engineer(CPTE) and its exam objectives on each of it areas.

Objective 1 – Business & Technical Logistics of Pen Testing

This objective tests your understanding of what penetration testing means to a business,  cost of not doing penetration testing exerise, common penetration test methodologies.

Objective 2 - Linux Fundamentals

This objective tests your basic understanding of Linux that assists you pivoting when you compromise a linux system.

Objective 3 - Information Gathering

This objective tests your skills in gathering information about target organisation using open sources such as whois, Internet Archive, Maltego, Google Hacking, Social Engineering, Job postings and forums.

Objective 4 - Detecting Live Systems

This objective tests your skills on host discovery using various network scanning techniques such SYN, ACK, CONNECT, XMAS, Maimon, Window, NULL, FIN, SCTP INIT scan.

Objective 5 - Enumeration

This objective tests your skills in services information discovery such as DNS enum, AD enum, SNMP and so forth.

Objective 6 - Vulnerability Assessments

This objective tests your skils how vulnerability scanning is conducted, how to interpret and verify those results and how patch management should be conducted.

Objective 7 - Malware Goes Undercover

This objective tests your understanding on malware distribution channels, malware capabilities like Avoiding Detection and countermeasures.

Objective 8 - Windows hacking

This objective tests your skills on LM/NTLM Hashe cracking techniques like Rainbow tables,Windows rootkit, Windows Authentication Protocols, Clearing and Event log, hiding hacking tools using Steganography methods.

Objective 9 - Hacking UNIX/Linux

This objective tests your skills on attacking common UNIX/Linux services, Symbolic Link, shared libries, kernel exploits, SUID weakness, File and Directory Permissions, rootkits.

Objective 10 - Advanced Exploitation Techniques

This objective tests your skills on Buffer OverFlows, Format String, Race Condition (TOCTOU), exploitation development, fuzzing.

Objective 11 - Pen Testing Wireless Networks

This objective tests your skills on wireless technology,cracking WEP, WPA, WPA2, weak EAP like LEAP weakness using various tools.

Objective 12 - Networks, Sniffing, and IDS

This objective tests your skills on passive and active network sniffing, ranging from DNS spoofing, ARP spoofing, intercepting Remote Deskop traffic and cracking it,  common Firewall evation techniques.

Objective 13 - Injecting the Database

This objective tests your skills on attacking database via SQL injection from web app level and leveraging database servers's misconfigurations to pull sensitive information from infrastruction pentesting level perspective.

Objective 14 - Attacking Web Technologies

This objective tests your skills on web application vulnerabilities from OWASP Top 10, using web proxy and vulnerability scanners.

Objective 15 - Project Documentation

This objective tests your skills on how penetration testing report should be prepared and crafted for various stakeholders' understanding, what it should include, how it should be structured for effective reporting of identified vulnerabilities.

Objective 16 - Securing Windows with Powershell

This objective tests your skills on securing Windows hosts and infrasture with powershell scripting - identification of insecure settings and patching those settings.

Objective 17 - Pen Testing with Powershell

This objective tests your skills how you can leverage Powershell to glean systems information of compromised host, using it in Metasploit exploits, remote command execution, using it in web shells to give you higher capabilities.



Popular posts from this blog

Bypassing referrer check with no script involved

Jumping out of Touch Screen Kiosks