Looking for team training? Get a demo to see how INE can help build your dream team.
The Exam
INE Security’s Certified Professional Penetration Tester certification is a practical, hands-on certification exam designed for professional Penetration Testers and Ethical Hackers. The certification exam assesses and validates that the individual has the knowledge, skills, and abilities required to fulfill the role of a modern Penetration Tester.
Exam Objectives
The eCPPT evaluates an individual’s skills across various domains and objectives, certifying their mastery and understanding.
Information Gathering & Reconnaissance (10%)
- Perform Host Discovery and Port Scanning on Target Networks
- Enumerate Information From Services Running on Open Ports
Initial Access (15%)
- Perform Username Enumeration to Identify Valid User Accounts on Target Systems
- Perform Password Spraying Attacks to Identify Valid Credentials for Initial Access
- Perform Brute-Force Attacks on Remote Access Services for Initial Access
Web Application Penetration Testing (15%)
- Perform Web Application Enumeration to Identify Potential Vulnerabilities & Misconfigurations
- Identify and Exploit Common Web Application Vulnerabilities For Initial Access (SQLi, XSS, Command Injection, etc)
- Perform Brute-Force Attacks Against Login Forms
- Exploit Vulnerable and Outdated Web Application Components
- Exfiltrate Data and Credentials From Compromised Web Applications and Databases
Exploitation & Post-Exploitation (25%)
- Identify and Exploit Vulnerabilities or Misconfigurations in Services
- Identify and Exploit Privilege Escalation Vulnerabilities
- Dump and Crack Password Hashes
- Identify Locally Stored Unsecured Credentials
Exploit Development (5%)
- Develop/Modify Exploit Code For Initial Access and Post-Exploitation
- Identify and Exploit Memory Corruption Vulnerabilities (Stack Overflow, Buffer Overflow)
Active Directory Penetration Testing (30%)
- Perform Active Directory Enumeration
- Identify Domain Accounts With Weak or Empty Passwords
- Perform AS-REP Roasting to Steal Kerberos Tickets for Authentication
- Perform Active Directory Lateral Movement Techniques (Pass-the-Hash, Pass-the-Ticket)
- Obtain Domain Admin Privileges/Access
Expiration
The eCPPT certification is valid for three years from the date it is awarded.*
*This expiration date is for the eCPPT certifications being released in 2024 or later.
Get eCPPT Certified
New to INE and INE Security?
The INE Premium subscription offers the updated Penetration Testing Professional (NEW-2024) Learning Path, built for professional-level Red Teamers with a basic understanding of penetration testing fundamentals. It prepares you to take the eCPPT exam through a blend of expert-led courses and practical lab time. When you’ve completed the learning path, you’re ready for the exam!
OR
Already an INE Premium subscriber?
The eCPPT Certification Exam Voucher can only be purchased with an INE Premium Subscription. If you already have a subscription, you can buy your voucher now! We encourage everyone to complete the Penetration Testing Professional (NEW-2024) Learning Path before attempting the certification exam.
To complete the eCPPT Certification, follow these steps:
The previous eCPPT exam has retired.
Existing vouchers are valid until December 2024. For more information on this exam, download the PDF.