Introduction

Hello everyone. In the spring of this year, I successfully passed the exam and obtained the [PNPT certification] (link hidden).

Originally, I bought a voucher for this certification in early summer 2021 and thought I would be the first in the CIS region to pass it. However, I only managed to complete it in March 2023, and by then a couple of others from the CIS had already done so. Still, I haven’t seen any reviews in Russian, so I’ll be the first to share my experience.

This certification is often compared to the OSCP certification and is frequently mentioned online as an excellent starting point for newcomers in the field of information security.

Is that true? Let’s find out.

TL;DR – Key Takeaways

This article reflects my personal opinion; it’s not an advertisement or criticism of any certification.

I passed PNPT after OSCP—keep that in mind.

Some tasks might have been easier for me due to prior experience with similar certs.

Certification and Course Info

What is the PNPT?

The course launched on May 1, 2021. Initially called CPEH (Certified Practical Ethical Hacker), it was later renamed to PNPT (Practical Network Penetration Tester). I’ll refer to it by its current name to avoid confusion.

Who Created It?

The certification is by Heath Adams, CEO of TCM Security, widely known as "The Cyber Mentor" on YouTube. His channel used to feature tutorials on vulnerabilities, CVE analyses, tool walkthroughs, and offensive security topics. Now, other hosts have joined, but the core themes remain.

What Makes It Unique?

PNPT was created as an alternative to certs like OSCP and differs in several key ways:

Simulates a real-life company pentest (exam tasks are based on real-world cases)

Exam time:

OSCP: 24h for the test + 24h for the report

PNPT: 5 days for the pentest + 2 days for the report

Besides the report, you must conduct a debrief with a “client” (an academy proctor), where you present findings and mitigation advice.

Comes with 1 free retake.

Friendly and non-toxic support (though I never used it).

Pricing & Certification Structure

How Much Does It Cost?

At the time of writing, it’s not possible to buy the exam voucher separately (though in the past, it was $299). Current bundles include:

$399 – PNPT Exam + Training

$999 – Exam + Training + Career Services (e.g., resume prep, interview coaching)

$2999.99 – Everything above + Live Training + Virtual Labs

Certification Structure

To pass, you need to complete 5 training modules before attempting the exam.

You get lifetime access to the course. Learn at your own pace—even 1.5 years later (as I did ?). Each module has video lessons (3–40 mins), downloadable scripts, and sometimes quizzes. Some tasks use virtual machines you run locally; others are done on Hack The Box (HTB) or TryHackMe (THM).

If you get stuck, there are solution videos, similar to IppSec’s HTB walkthroughs.

The Exam

As mentioned, you get 7 days total:

5 days to conduct a realistic network pentest

2 days to write a report based on provided templates

Goal: Gain Domain Admin access

You’ll use everything learned—OSINT, web vulns, AD attacks, etc. There’s no proctoring or strict schedule—you work at your own pace.

After submitting your report, you schedule a 30-minute Zoom debrief with a “client” (school curator). Present your findings and fixes (in English, Spanish, or German). You don’t need perfect grammar—just clear explanations.

At the end of the call, the curator issues your certificate right then and sends it to your email.

Training Modules (Overview)

1. Practical Ethical Hacking

Covers basics like:

Setting up VMs

Note-taking

Networking (intro-level)

Linux basics

Bash scripting

Intro to Python

Info gathering, scanning, exploiting, buffer overflows

Web and wireless attacks

Active Directory (AD) pentesting

Report writing

2. Windows Privilege Escalation

Various escalation methods including:

Kernel exploits

WSL abuse

DLL hijacking

RunAs/Registry abuse

Impersonation

Getsystem, Autostarts, and more

3. Linux Privilege Escalation

Similar to the Windows module but for Linux systems. Well-covered and clear.

4. OSINT Fundamentals

Basics of open-source intelligence. Tools are U.S.-focused, but still helpful globally.

5. External Pentest Playbook

The smallest module. Focuses on pentest methodologies and writing/presenting reports.

My Experience Preparing and Taking the Exam

Thoughts on the Course

After purchase, I forgot about the course for 1.5 years. Eventually, I came back while prepping for OSWE and realized I should finish what I started.

I studied casually over 3 months. The biggest challenge was downloading VMs and AD images with bad hotel Wi-Fi and regional blocks (solved with chained VPNs).

Thoughts on the Exam

I read mixed reviews: some passed in 1 day, others failed twice. I took a week off work, hoping to finish early and enjoy family time.

I passed in 3 days. On Day 1, I couldn’t breach the perimeter—despite being sure I was right. (Pro tip: Don’t be too aggressive. Ease off if things aren’t working.)

From Day 2, things clicked. I enjoyed exploiting both Linux and AD machines. I appreciated the refresher the course gave me.

Day 4: I wrote the report. Having OSCP experience helped—I already had lots of screenshots. (First-timers: TAKE LOTS OF SCREENSHOTS.)

Report writing is my least favorite part, but using the template, I finished in 2–3 hours.

Next day: I scheduled the Zoom call for 4 days later at 18:30 (Moscow time), in English.

During the call, I walked through the report. I was a bit slow picking words at times, and the meeting went 40 minutes instead of 30, but the curator was understanding. I passed and received the certificate via credential.net.

Tips for the PNPT Exam

Treat it like a real pentest—real systems have defenses

You don’t always need root—some actions work as a normal user ?

Check the compromised machines for clues

Refer back to course material if you forget something

Log everything and take screenshots—essential for report writing

Take breaks and clear your head

Don’t forget your family—they’ll support you through the stress!

Conclusion

Pros

Affordable: $399 vs $1600 for OSCP

High-quality training

Free retake

Realistic pentest simulation

More time (7 days vs OSCP’s 2 days)

Cons

No dedicated lab environment

Could use more practice tasks

Less recognized than OSCP

PNPT vs OSCP

There’s a (hidden) global security chart that ranks certs by expertise. PNPT and OSCP are close to each other. PNPT isn’t at the bottom, which says a lot...