Certified Network Pentester (CNPen)

Certified Network Pentester (CNPen) is an intermediate-level exam to test a candidate’s knowledge on the core concepts of network security. Candidates must be able to demonstrate practical knowledge to conduct an internal and external network pentest to pass this exam.

* Note: We invite users to buy the CNPen exam at a discounted pre-launch price. The exam link and other details will be mailed to registered users on 15th March 2023.

Who Should Take This Exam?

CNPen is intended to be taken by pentesters, security architects, SOC analysts, red and blue team members and any network security enthusiast, who wants to evaluate and advance their knowledge.

What Is The Format Of The Exam?

CNPen is an intense 4 hour long practical exam. It requires attendees to solve a number of challenges, identify and exploit various vulnerabilities and obtain flags. The exam can be taken online, anytime (on-demand) and from anywhere. Attendees will need to connect to the exam VPN server to access the infrastructure set up for the exam.Β 

What Is The Pass Criteria For The Exam?

The pass criteria are as follows:

  • Attendees scoring over 60% marks will be deemed to have successfully passed the exam.
  • Attendees scoring over 75% marks will be deemed to have passed with a merit.
What Is The Experience Needed To Take The Certification?

This is an intermediate-level exam. Attendees should have prior knowledge and experience of network pentesting and familiarity with its common tactics, techniques and procedures. They should be able to demonstrate their practical knowledge on Network security topics by completing a series of tasks on identifying and exploiting vulnerabilities that have been created in the exam environment to mimic the real world scenarios.

Note: As this is an intermediate-level certification, a minimum of two years of professional pentesting/bug-bountyΒ experience is recommended.

What Will The Candidate Get?

On completing the exam, each candidate will receive:

  • A certificate with their pass/fail and merit status.
  • The certificate will contain a code/QR link, which can be used by anyone to validate the certificate.
What Is The Exam Retake Policy?

Candidates who fail the exam, must purchase a new exam voucher to retake the exam.

What Are The Benefits Of This Certification?

The certificate will allow attendees to demonstrate their understanding of application security topics. This will help them to advance in their career.

Will you provide any training that can be taken prior to the certification?
Being an independent certifying authority, we (The SecOps Group) do not provide any training for the exam. Attendees should carefully go over each topic listed in the syllabus and make sure they have adequate understanding, required experience and practical knowledge of these topics.

How long is the certificate valid for?
The certification does not have an expiration date. However, the passing certificate will mention the details of the exam such as the exam version and the date. As the exam is updated over time, candidates should retake the newer version as per their convenience.


What is the certification syllabus?

The exam will cover the following topics

Common OSINT Techniques
Network Mapping and Target Identification
Brute-force Attacks
Vulnerability Identification and Exploitation using Common Hacking Tools.
Application Server Flaws.
Insecure Protocols
*nix Vulnerabilities.
Insecure File permissions.
Security Misconfigurations Leading to Privilege Escalation Attacks.
Windows Active Directory Attacks (on-premise).
OS Credential Dumping and Replay
Kerberoasting; Golden and Silver Tickets.
Password Attacks and Password Cracking.
Administrative Shares Exploitation
Persistence Techniques
Lateral Movements
Common Security Weaknesses affecting Cloud Services.
Vulnerability Chaining
Common Security Misconfigurations allowing Docker Escape.

Certified Network Pentester (CNPen)