Certified Penetration Testing Consultant - C)PTC Review

Although most of the attacks have moved towards Web Application, but the most critical information resides upon the network and is not being exposed to the Web application, therefore a lot of the organizations are allocating a certain amount of budget to obtain a better security model. However, now a days network penetration testing is becoming a tedious job due to the fact that organizations are now implementing multiple layers of defenses. In such cases a better strategy and advanced attack strategies are required for conducting a better security assessment.

Recently, I got a chance to take the C | PTC course which was focused primarily on testing huge network infrastructures. So, therefore I thought to write an unbiased review about the course contents and the examination.
CPTC (Certified Penetration Testing Consultant) comes into two flavors, the practical and the theoretical exam. The theoretical exam costs about 300$ and comes in the form of multiple choice questions, whereas the CPTC practical exam costs 600$. The exam would consists of two IP addresses to pentest and 6 hours to exploit them and report the results to pass the examination. At the end of the engagement, you would need to submit full penetration testing report with all your technical findings under 90 days, the report would be evaluated by experts and based upon their decision, you'll be marked with a pass or fail.

The overall course is based upon Network infrastructure based attacks i.e. mostly related to layer 2, layer 3, Layer 4 attacks. The course included in depth coverage of much less discussed topics such as Vlan hopping at layer 2, routing protocols attacks (OSPF, EIGRP), HSRP, VPN, IPV6 based attacks etc. The course kit ships up with a workbook, a Lab guide and lab access to follow practice the attacks you have learnt through out the course. The course is strongly recommended to any one who is interested in taking their skills to the next level.

Course Content

The course is divided into 8 different modules and each module comes up with a lab of it's own. So that after each module you would be able to practice the attacks you learned.








According to mile2, the attendees of the course would be able to do the following things:

  • Perform a penetration test and submit a deliverable report
  • Capture and replay VoIP traffic
  • Learning Network Infrastructure advanced Attacks.
  • Find and exploit databases with SQL Injection vulnerabilities
  • Manipulate prices on e-commerce websites
  • Obtain and transfer information via Bluetooth enabled telephones
  • Tools and resources for picking simple and complex locks
  • Techniques for Wireless Site Surveying and Cracking WEP/WPA key
  • Each day ends with a Capture the Flag Competition to ensure that participants retain the daily objectives.
  • Additionally, attendees will be qualified to confidently undertake the CPT Consultant practical examination.

Pros

  • The course offers wide varieties of topics for advanced penetration testing
  • The examination is based upon real world practical challenge.
  • Along with pentesting, they also teach you how to write reports, which is something that is often not taught in most of the penetration testing courses.
  • The course talks about complex network Infrastructure attacks specifically focused on cisco.
  • The cost for the exam and material is pretty reasonable when compared with other certifications such as eccouncil's CEH.

Cons

  • Since the CPTE course covers much about webapplication penetration testing, the course being an advanced versions should also had contained a module on "WebApplication" security/pentesting. However, mile2 has specifically designed a course for webapplications known as CSWAE course, which we would review very soon here at RHA.
  • The workbook/labguide should be downloadable as the PDF, so that people can study offline.

Conclusion

Overall, I found the course pretty fascinating and it's definitely recommended for individuals that want to dive inside the world of network infrastructure attacks and hack on lower layers.

Questions and Comments

If you have any questions feel free to contact: BillNelson@Mile2.com. Mile2 has been kind enough to offer a special discount rate of 14% specifically for RHA readers.

Discount Code: BNSpcl14