Certified Penetration Testing Professional (CPENT)

EC-Council’s Certified Penetration Testing Professional (C|PENT) program teaches you how to perform an effective penetration testing in an enterprise network environment that must be attacked, exploited, evaded, and defended. If you have only been working in flat networks, C|PENT’s live practice range will teach you to take your skills to the next level by teaching you how to pen test loT systems, OT systems, how to write your own exploits, build your own tools, conduct advanced binaries exploitation, double pivot to access hidden networks, and also customize scripts/exploits to get into the innermost segments of the network.

The heart of the CPENT course is all about helping you master your pen testing skills by putting them to use on our live cyber ranges. The certified penetration testing ranges were designed to be dynamic in order to give you a real-world training program, so just as targets and technology continue to change in live networks, both the (C|PENT) practice and exam ranges will mimic this reality as our team of engineers continue to add targets and defences throughout the CPENT course’s lifetime.


Once you have completed this course, you’ll be able to:

  • Advanced Windows Attacks
  • Attacking IoT Systems
  • Writing Exploits: Advanced Binary Exploitation
  • Bypassing a Filtered Network
  • Pentesting Operational Technology (OT)
  • Access Hidden Networks with Pivoting
  • Double Pivoting
  • Privilege Escalation
  • Evading Defense Mechanisms
  • Attack Automation with Scripts
  • Weaponize Your Exploits
  • Write Professional Reports
  • There is no defined pre-requisite for the exam, but it is strongly recommend that candidates to attempt the CEH (Practical) and/ or ECSA (Practical) prior to attempting CPENT.
  • Ethical Hackers
  • Penetration Testers
  • Network Server Administrators
  • Firewall Administrators
  • Security Testers
  • System Administrators and Risk Assessment Professionals
  • Cybersecurity Forensic Analyst
  • Cyberthreats Analyst
  • Cloud Security
  • Analyst Information Security Consultant
  • Application Security Analyst
  • Cybersecurity Assurance Engineer
  • Security Operations Center (SOC) Analyst
  • Technical Operations Network Engineer
  • Information Security Engineer
  • Network Security Penetration Tester
  • Network Security Engineer
  • Information Security Architect
• Cover the fundamentals of penetration testing, including penetration testing approaches, strategies, methodologies, techniques, and various guidelines and recommendations for penetration testing.
• Learn the different stages and elements of scoping and engagement in penetration testing.
• Learn how to use techniques and tools to gather intelligence about the target from publicly available sources such as the World Wide Web (WWW), through website analysis, by using tools/frameworks/scripts, and so on.
• Learn different social engineering techniques and perform social-engineering penetration testing on a target organization.
• Learn how to implement a comprehensive penetration testing methodology for assessing networks from outsiders’ perspectives. Learn the process attackers follow to exploit the assets using vulnerabilities from the outside of the network perimeter.
• Learn how to implement a comprehensive penetration testing methodology for assessing networks from insider’s perspectives.
• Learn how to implement a comprehensive penetration testing methodology for assessing the security of network perimeter devices, such as Firewalls, IDS, Routers, and Switches.
• Learn how to analyze web applications for various vulnerabilities, including the Open Web Application Security Project (OWASP) Top 10, and determine the risk of exploitation.
• Learn how to test various components of wireless networks, such as WLAN, RFID devices, and NFC technology devices.
• Understand various threats to Internet of Things (IoT) networks and learn how to audit security controls for various inherent IoT risks.
• Understand OT and SCADA concepts and learn the process of testing various components of OT and SCADA networks.
• Understand various security threats and concerns in cloud computing and learn how to perform cloud penetration testing to determine the probability of exploitation.
• Understand the binary analysis methodology and reverse engineer applications to identify vulnerable applications that may lead to the exploitation of an information system.
• Learn how to document and analyze the results of a penetration test and recommend post-penetration test actions.
Length of exam 24 hours
Number of questions 5 challenges of each exam session.
Question format Performance based and hands on exam.
Passing grade 70%
Exam availability English