eCPPT Certification Image

    Certified Professional Penetration Tester

    eCPPT Certification

    eCPPT is a 100% practical and highly respected Ethical Hacking and Penetration Testing Professional certification counting certified professionals in all seven continents.

    The Exam

    INE Security’s Certified Professional Penetration Tester certification is a practical, hands-on certification exam designed for professional Penetration Testers and Ethical Hackers.

    About the Certification Exam

    The certification exam assesses and validates that the individual has the knowledge, skills, and abilities required to fulfill the role of a modern Penetration Tester.

    Exploitation
    Initial Access
    Active Directory Pentesting
    Web Application Pentesting

    This exam is designed to be the next step in Red Team certifications with INE Security. Successful candidates will have hands-on experience to demonstrate their mastery in the real world and continue their journey by taking INE Security’s Web Application Penetration Tester (eWPT) certification. 

    Exam Objectives

    The eCPPT evaluates an individual’s skills across various domains and objectives, certifying their mastery and understanding.

    eCPPT

    Exam Objectives

    Information Gathering & Reconnaissance (10%)

    Initial Access (15%)

    Web Application Penetration Testing (15%)

    Exploitation & Post-Exploitation (25%)

    Exploit Development (5%)

    Active Directory Penetration Testing (30%)

    Information Gathering & Reconnaissance (10%)

    • Perform Host Discovery and Port Scanning on Target Networks
    • Enumerate Information From Services Running on Open Ports

    Initial Access (15%)

    • Perform Username Enumeration to Identify Valid User Accounts on Target Systems
    • Perform Password Spraying Attacks to Identify Valid Credentials for Initial Access
    • Perform Brute-Force Attacks on Remote Access Services for Initial Access

    Web Application Penetration Testing (15%)

    • Perform Web Application Enumeration to Identify Potential Vulnerabilities & Misconfigurations
    • Identify and Exploit Common Web Application Vulnerabilities For Initial Access (SQLi, XSS, Command Injection, etc)
    • Perform Brute-Force Attacks Against Login Forms
    • Exploit Vulnerable and Outdated Web Application Components
    • Exfiltrate Data and Credentials From Compromised Web Applications and Databases

    Exploitation & Post-Exploitation (25%)

    • Identify and Exploit Vulnerabilities or Misconfigurations in Services
    • Identify and Exploit Privilege Escalation Vulnerabilities
    • Dump and Crack Password Hashes
    • Identify Locally Stored Unsecured Credentials

    Exploit Development (5%)

    • Develop/Modify Exploit Code For Initial Access and Post-Exploitation
    • Identify and Exploit Memory Corruption Vulnerabilities (Stack Overflow, Buffer Overflow)

    Active Directory Penetration Testing (30%)

    • Perform Active Directory Enumeration
    • Identify Domain Accounts With Weak or Empty Passwords
    • Perform AS-REP Roasting to Steal Kerberos Tickets for Authentication
    • Perform Active Directory Lateral Movement Techniques (Pass-the-Hash, Pass-the-Ticket)
    • Obtain Domain Admin Privileges/Access

    Who It's For

    The eCPPT is a certification for technology professionals with 2+ years of experience in offensive security and are interested in career advancement in penetration testing.

    Get eCPPT Certified

    To take the eCPPT exam, you’ll need both an INE subscription and an exam voucher.

    The Process

    Start your certification journey with a simple, step-by-step experience designed to guide you every step of the way. Get started now!

    Shop Certification Vouchers

    The eCPPT certification is valid for three years from the date it is awarded. Stay current with your skills and maintain your credential through flexible renewal options designed to fit your schedule.

    © 2024 INE. All Rights Reserved. All logos, trademarks and registered trademarks are the property of their respective owners.
    instagram Logofacebook Logotwitter Logolinkedin Logoyoutube Logo