CPTC – Certified Penetration Testing Consultant

| November 29, 2011

cptc.pngExam Details:

Questions: 100
Time: 120 Minutes
Passing Score: 75%
Format: Pearson VUE with questions derived from a large pool of questions which are randomly selected
Cost: $800
Other Requirements: Passing grade on hands-on labs

Editors’ Quick Thoughts

Updated November 29, 2011: Mile2 had 2 certs for network pen testing, CPTS & CPTE for ‘specialist’ and ‘expert.’ They’ve recently changed the names around a bit to ‘engineer’ and ‘consultant.’ Thus the new names are Certified Penetration Testing Engineer (CPTE) which was formerly known as CPTS. And the Certified Penetration Testing Consultant (CPTC) has now taken the place of CPTE. As we learn more we’ll be sure to keep you updated.

mile2-logo.gifFrom the Horse’s Mouth (Mile2’s Web Site Content):

The CPTConsultant course provides attendees with the unique opportunity to perform all stages of an actual penetration test within a controlled classroom environment. Hands-on laboratories have been researched and developed by leading security professionals from around the world and are more advanced than what can be found through typical security courses or online universities. The CPTConsultant will cover much more in-depth attacks, techniques, technologies and countermeasures than foundation Penetration Testing and Ethical Hacking courses such as CPTEngineer, CEH and OSPT.

Participants of the CPTConsultant course will have the ability to complete laboratories in all of the following areas:

• Perform a penetration test and submit a deliverable report
• Capture and replay VoIP traffic
• Find and exploit databases with SQL Injection vulnerabilities
• Manipulate prices on e-commerce websites
• Obtain and transfer information via Bluetooth enabled telephones
• Tools and resources for picking simple and complex locks
• Techniques for Wireless Site Surveying and Cracking WEP/WPA key
• Each day ends with a Capture the Flag Competition to ensure that participants retain the daily objectives.
• Additionally, attendees will be qualified to confidently undertake the CPTConsultant practical examination.

This course is designed to take an individual with knowledge of the basic security auditing toolset to the next and higher level. Many courses teach “how to hack”; the CPTConsultant course teaches “the business of penetration testing”. The course delivers advanced and cutting edge techniques for auditing a broad range of security controls (including Physical and User Security) with “hands-on” laboratories designed by real world security auditors.

The CPTConsultant course also delivers the “business side” of penetration testing, including RFPs, Authorization, Security Policy Review and Compliance. The CPTConsultant courseware is constantly updated (with updates available to past students) to reflect the most current security issues and known exploits; this is the way of the Certified Penetration Testing Consultant.

A Certified Penetration Testing Consultant is a security professional with the ability to plan, manage and perform a penetration test. The designation “Consultant” is related to the depth and breadth of understanding required to manage a project involving multiple team members, manage the client’s expectations and deliver an audit of security controls that is thorough, well documented and ethically sound.

Certified Penetration Testing Consultant Module Topics:

Module 1:    Introduction and Pen Test Overview
Module 2:    Refresher: The Attack Stage
Module 3:    Core Impact: Initial Pen Test
Module 4:    External/DMZ Assessments
Module 5:    Wireless Site Surveying
Module 6:    Attacking Bluetooth Devices
Module 7:    Programming 101
Module 8:    Internal Pen Testing
Module 9:    Physical Security
Module 10:    After the Pen Test

More from Mile2.

EH-Net Resources

CPTE – Certified Penetration Testing Engineer

| November 29, 2011

cpte.pngExam Details:

Questions: 100
Time: 120 Minutes
Passing Score: 75%
Format: Pearson VUE with questions derived from a large pool of questions which are randomly selected.
Cost: $250
Other Requirements: None

Editors’ Quick Thoughts

Updated November 29, 2011: Mile2 had 2 certs for network pen testing, CPTS & CPTE for ‘specialist’ and ‘expert.’ They’ve recently changed the names around a bit to ‘engineer’ and ‘consultant.’ Thus the new names are Certified Penetration Testing Engineer (CPTE) which was formerly known as CPTS. And the Certified Penetration Testing Consultant (CPTC) has now taken the place of CPTE. As we learn more we’ll be sure to keep you updated.

mile2-logo.gifFrom the Horse’s Mouth (Mile2’s Web Site Content):

Certified Penetration Testing Engineer graduates will obtain real world security knowledge enabling them to recognize vulnerabilities, exploit system weaknesses, and safeguard organizations against threats. Graduates will learn the art of Ethical Hacking with a professional edge (Penetration Testing).

Course Overview:

CPTEngineer’s foundation is built firmly upon proven, hands-on, Penetration Testing methodologies utilized by our international group of vulnerability consultants. Mile2 trainers keep abreast of their field by practicing what they teach. They believe that, during training, an equal emphasis should be placed on both theoretical and real world experience if the student is going to succeed in mastering the necessary skills to become a CPTEngineer..The CPTEngineer presents information based on the 5 Key Elements of Pen Testing: Information Gathering, Scanning, Enumeration, Exploitation and Reporting. System vulnerabilities will be discovered using these tried and true steps alongside the use of the latest hacking techniques.

This course also enhances the business skills needed by today’s students. It will enable them to identify protection opportunities, justify testing activities, and optimize security controls needed by  businesses attempting to reduce risks.
mile2 goes far beyond simply teaching students to “Hack”. Mere hacking was the norm for classes that were available before mile2’s introduced a new methodology in teaching this advanced skill.

Our course was developed around principles and behaviors used by malicious hackers. The course is taught with this in mind while keeping the focus on professional penetration testing and ensuring the security of information assets.

Objective of Labs:

This is an intensive hands-on class. Students may spend 20 hours or more performing labs that walk them through a real world Pen Testing model. Labs begin with simple activities and move on to more complex procedures. During labs, students move through a detailed Lab Guide containing screen shots, commands to be typed, and steps students should take.  Students will make use of scores of traditional and cutting edge Pen Testing tools (GUI and command line, Windows and Linux) as they make their way through mile2’s time-tested methodology. (See Outline below for tool titles) Customers can be confident that as new methods arise in the security world, our labs are updated to reflect them.

Upon Completion:

Upon proper completion of the course, CPTEngineer students will be able to confidently sit for the CPTEngineer certification exam (recommended). Students will enjoy an in-depth course that is continuously updated to maintain and incorporate changes in the security environment. This course offers up-to-date proprietary labs that have been researched and developed by leading security professionals from around the world.

Certified Penetration Testing Engineer Module Topics:

Module 0: Course Overview
Module 1: Business and Technical Logistics of Pen Testing
Module 2: Financial Sector Regulations
Module 3: Information Gathering
Module 4: Detecting Live Systems
Module 5: Enumeration
Module 6: Vulnerability Assessments
Module 7: Malware, Trojans and BackDoors
Module 8: Windows Hacking
Module 9: Hacking UNIX/Linux
Module 10: Advanced Exploitation Techniques
Module 11: Pen Testing Wireless Networks
Module 12: Networks, Sniffing and IDS
Module 13: Injecting the Database
Module 14: Attacking Web Technologies
Module 15: Report Writing
Appendix 1: The Basics
Appendix 2: Linux Fundamentals
Appendix 3: Access Controls
Appendix 4: Protocols
Appendix 5: Cryptography
Appendix 6: Economics and Law

More from Mile2.

EH-Net Resources

CSTA – Certified Security Testing Associate

| September 27, 2011

csta_sml.pngExam Details:

Questions: 50
Time: 60 Minutes
Passing Score: 50% – 80% (Distinction)
Format: Multiple choice
Cost: Included in Course
Renewal: None currently

Editors’ Quick Thoughts

Here’s a worthy up-and-comer for all of you budding pen testers. It’s run and maintained by a UK company named 7Safe. It is a 4-day course that was recently updated (June 2011) and is poised to take on industry stalwarts like EC-Council and SANS. Offered in many countries by a variety of training companies, this certification follows the Microsoft model of licensing its courses and certs. Key highlight of this course is the lab environment on the provided computers during the class. Very well done with Windows & Linux machines customized to give you the feel of a pen test throughout the course. Now available in 6 countries including England and the US, this one is poised for steady growth and acceptance in the industry. For a full review and comparisons to other courses, see the EH-Net Review, An American Hacker in London.

From the Horse’s Mouth (7Safe’s Web Site Content):

This 4-day ethical hacking training course is a hands-on journey into the hacking mindset, examining and practically applying the tools and techniques that hackers use to launch “infrastructure” attacks. Practical exercises reinforce theory as you experiment with a Windows 2008 domain (server and workstation) plus a Linux server. The course demonstrates hacking techniques – there’s no better way to understand attacks than by doing them yourself – but this is always done with defence in mind and countermeasures are discussed throughout. The course is therefore suited to system administrators, IT security officers and budding penetration testers.

Delegates who successfully complete the exam included at the end of the training course will be awarded the Certified Security Testing Associate (CSTA) qualification. CSTA, along with CSTP, is an ideal preparation towards the CREST Registered Tester qualification.

University-accredited training. Authored by experts

More from 7Safe.

EH-Net Resources 

GPEN – GIAC Certified Penetration Tester

| February 25, 2008


Silver: Exam

Passing Score:
Format: Proctored exam
Other Requirements:
Renewal: Every 4 years

Gold: Practical

Many had feared that the practical portion of the GIAC certification program had disappeared. It actually has just been renamed to allow for 2 levels of certification. Silver for the exam alone and gold for the practical.

Editors' Quick Thoughts

GPEN is a brand new certification that will be linked to Network Penetration Testing and Ethical Hacking, a course developed by Ed Skoudis of Intelguardians. His intention is to "personally do everything I can to make you the best penetration tester." It is still in development and will have a few trial runs before making its major debut at the SANS WhatWorks in Penetration Testing & Ethical Hacking Summit in Las Vegas from May 31 – June 9, 2008. This is not replacing GCIH where you get a larger view of the ethical hacking process and more focus on how to handle this "incident" to keep your enterprise running. Also notice that the title specifically states "Network" Pen Testing and Ethical Hacking and doesn't delve as deeply into web application and wireless security as some of SANS other offerings, but those topics will be covered. Said to contain previously unpublished methods used by Ed and numerous professional pen testers, this class is sure to please anyone neck deep in the technology and process of ethical hacking.

From the Horse's Mouth (SANS' Web Site Content):

Find Security Flaws Before the Bad Guys Do

Security vulnerabilities such as weak configurations, unpatched systems, and botched architectures continue to plague organizations. Enterprises need people who can find these flaws in a professional manner to help eradicate them from our infrastructures. Lots of people claim to have penetration testing, ethical hacking, and security assessment skills, but precious few can apply these skills in a methodical regimen of professional testing to help make an organization more secure. This class covers the ingredients for successful network penetration testing to help attendees improve their enterprise's security stance.

We address detailed pre-test planning, including setting up an effective penetration testing infrastructure and establishing ground rules with the target organization to avoid surprises and misunderstanding. Then, we discuss a time-tested methodology for penetration and ethical hacking across the network, evaluating the security of network services and the operating systems behind them.

Attendees will learn how to perform detailed reconnaissance, learning about a target's infrastructure by mining blogs, search engines, and social networking sites. We'll then turn our attention to scanning, experimenting with numerous tools in hands-on exercises. Our exploitation phase will include the use of exploitation frameworks, stand-alone exploits, and other valuable tactics, all with hands-on exercises in our lab environment. The class also discusses how to prepare a final report, tailored to maximize the value of the test from both a management and technical perspective. The final portion of the class includes a comprehensive hands-on exercise, conducting a penetration test against a hypothetical target organization, following all of the steps.

The course also describes the limitations of penetration testing techniques and other practices that can be used to augment penetration testing to find vulnerabilities in architecture, policies, and processes. We also address how penetration testing should be integrated as a piece of a comprehensive enterprise information security program.


This SANS course differs from other penetration testing and ethical hacking courses in several important ways:

  • We get deep into the tools arsenal, with numerous hands-on exercises that show subtle, less-well-known, and undocumented features that are incredibly useful for professional penetration testers and ethical hackers.
  • The course discusses how the tools inter-relate with each other in an overall testing process. Rather than just throwing up a bunch of tools and playing with them, we analyze how to leverage information from one tool to get the most bang out of the next tool.
  • We focus on the workflow of professional penetration testers and ethical hackers, proceeding step-by-step discussing the most effective means for conducting projects.
  • The sessions address common pitfalls that arise in penetration tests and ethical hacking projects, providing real-world strategies and tactics for avoiding these problems to maximize the quality of test results.
  • We cover several timesaving tactics based on years of in-the-trenches experience from real penetration testers and ethical hackers, actions that might take hours or days unless you know the little secrets we'll cover that will let you surmount a problem in minutes.
  • The course stresses the mind-set of successful penetration testers and ethical hackers, which involves balancing the often contravening forces of creative "outside-the-box" thinking, methodical trouble-shooting, carefully weighing risks, following a time-tested process, painstakingly documenting results, and creating a high quality final report that achieves management and technical buy-in.
  • We also analyze how penetration testing and ethical hacking should fit into a comprehensive enterprise information security program.
Who Should Attend?

Security personnel whose job involves assessing target networks and systems to find security vulnerabilities. The course is ideally suited for system administrators, technical auditors, professional penetration testers, and consultants who want technical depth and hands-on experience with penetration testing and ethical hacking tools.

Author Statement

Successful penetration testers don't just throw a bunch of hacks against an organization and regurgitate the output of their tools. Instead, they need to understand how these tools work in-depth, and conduct their test in a careful, professional manner. This course explains the inner workings of numerous tools and their use in effective network penetration testing and ethical hacking projects. When teaching the class, I particularly enjoy the numerous hands-on exercises culminated with a final pen-testing extravaganza lab.

– Ed Skoudis

More from SANS/GIAC.

EH-Net Resources

OSCP – Offensive Security Certified Professional

| March 17, 2007

Exam Details:

Questions: 4 – 5 challenges
Time: 24 Hours
Passing Score: 75%
Format: online, practical hacking challenge in an unfamiliar environment
Cost: $50 – 80.00 (Does not include course)
Other Requirements: Offensive Security 101 course required for exam try
Renewal: None.

Editors’ Quick Thoughts

This is a new offering not only of the training, Offensive Security 101, but of the credential as well. That being said, not many people know about. When credentials are not widely known, then it takes great content to get it off the ground. OSCP and the trainers at Offensive Security have that foundational requirement down. After all, they are the ones responsible for BackTrack, the widely popular bootable Linux distro for security practitioners. Now it’s time to see what becomes of it in the industry. We’ll offer more insight as this credential matures.

From the Horse’s Mouth (Offensive Security’s Web Site Content):

Offensive Security 101

"Offensive Security 101" is a course designed for network administrators and security professionals who need to get acquainted with the world of offensive security. The course introduces the latest hacking tools and techniques, and includes remote live labs for exercising the learnt material. This course gives a solid understanding of the penetration testing process, and is equally important for those wanting to either defend or attack their network.

How does it work?

Your registration to a course entitles you to downloadable "Offensive Security 101" course videos. You can watch these videos using a PC with speakers and a modern browser – at your own leisure. For an additional fee you can opt to take our online lab (30 day access) and certification challenge. The lab is available for practicing the newly learned tools and techniques learnt in the course, and is accessible remotely by registered students. During this month’s period, you can contact the trainers and other students via the Internet Relay Chat or through private messaging.  

More from Offensive Security.

EH-Net Resources

CEH – Certified Ethical Hacker

| November 9, 2006

Exam 312-50 Details:

Questions: 150
Time: 240 Minutes
Passing Score: 70%
Format: Multiple choice
Cost: $500.00
Other Requirements: 2 Years Exp, Must sign an Ethics Agreement.
Renewal: Every 3 years 

Editors’ Quick Thoughts

Updated October 2011: This cert was hot. It still has the most certififed individuals of any ethical hacking credential, but I think that has much more to do with the name and marketing. We believe that the decision to include every tool known to man, past & present is a mistake. This approach is intentional by EC-Council as they told me themselves that they want encyclopedic course materials. In my opinion, this puts the CEH behind the curve as most other courses in this field now use the best-of-breed approach. This allows the competitors to spend more time on the proper usage of the top 25 – 50 tools instead of bombarding the students with tools that have never been heavily used by professionals if at all. In a maturing field, I think the CEH may still have a place for absolute beginners, but a pen tester you will not be after passing this exam. There were great improvements to v7 this year including a great new look, but the Achilles Heal is still trying to cram huge volumes of unneeded information into a one-week course and claiming that the rest is there for either self-study or reference.

There are some training providers that have taken the base CEH course and added to it to make a more coherent pen testing course. It is also appropriate to mention that the course varies greatly depneding on the instructor. With the right instructor, a CEH course may very well be worth the time and money. With an instructor that may simply go with the provided slides in an attempt to only prep the student to pass the exam, you may come out dissappointed.

ec-council--logo.gifFrom the Horse’s Mouth (EC-Council’s Web Site Content):

CEH by EC-Council: Certified Ethical Hacker and Penetration Testing

To beat a hacker, you need to think like one! This is exactly what this class will teach you. It is the pinnacle of the most desired information security training program any information security professional will ever want to be in.

The definition of an Ethical Hacker is very similar to a Penetration Tester. The Ethical Hacker is an individual who is usually employed with the organization and who can be trusted to undertake an attempt to penetrate networks and/or computer systems using the same methods as a Hacker. Hacking is a felony in the United States and most other countries. When it is done by request and under a contract between an Ethical Hacker and an organization, it is legal. The most important point is that an Ethical Hacker has authorization to probe the target.

This class will immerse the students into a hands-on environment where they will be shown how to conduct ethical hacking. They will be exposed to an entirely different way of achieving optimal information security posture in their organization; by hacking it! They will scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defenses work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows, Virus Creation and others.

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking. 

More from EC-Council.

EH-Net Resources

ECSA – EC-Council Certified Security Analyst

| November 7, 2006

InfoSec Training Online with EC-Council iClass. Online, Live, Instructor Led

Exam Details:

Questions: 50
Time: 120 Minutes
Passing Score: 70%
Format: Multiple choice
Cost: $300.00
Other Requirements: 2 Years Exp, Must sign an Ethics Agreement. CEH Preferred.
Renewal: None.

Editors’ Quick Thoughts

This is EC-Council’s foray into the advanced ethical hacking arena. Their intent is to take you past the glut of hacking tools brought to you in CEH and move into analizing all of that collected data to present to your employer / client. This one is clearly not as popular as the CEH. We feel this is for 2 reasons. First of all, the more specialized one gets, the smaller the audience. Secondly, there is some fierce competition in the advanced space from the likes of InfoSec Institute, Foundstone, SANS and others. Time will tell how this portion of the market shakes out. Maybe 2009 will help us get a clearer picture. Until then, there is plenty of chatter in the forums on all of these courses, whether or not they have a cert attached to it.

ec-council--logo.gifFrom the Horse’s Mouth (EC-Council’s Web Site Content):


EC-Council Certified Security Analyst (ECSA) complements the Certified Ethical Hacker (CEH) certification by exploring the analytical phase of ethical hacking. While CEH exposes the learner to hacking tools and technologies, ECSA takes it a step further by exploring how to analyze the outcome from these tools and technologies. Through groundbreaking penetration testing methods and techniques, ECSA class helps students perform the intensive assessments required to effectively identify and mitigate risks to the security of the infrastructure.

This makes ECSA a relevant milestone towards achieving EC-Council’s Licensed penetration Tester, which also ingrains the learner in the business aspect of penetration testing. The Licensed Penetration Tester standardizes the knowledge base for penetration testing professionals by incorporating the best practices followed by experienced experts in the field.

The objective of EC-Council Certified Security Analyst is to add value to experienced security professionals by helping them analyze the outcomes of their tests. ECSA leads the learner into the advanced stages of ethical hacking.

Advanced Penetration Testing and Security Analysis

The ECSA/LPT training program is a highly interactive 5-day security class designed to teach Security Professionals the advanced uses of the available methodologies, tools and techniques required to perform comprehensive information security tests.  Students will learn how to design, secure and test networks to protect your organization from the threats hackers and crackers pose. By teaching the LPT methodology and ground breaking techniques for security and penetration testing, this class will help you perform the intensive assessments required to effectively identify and mitigate risks to the security of your infrastructure. As students learn to identify security problems, they also learn how to avoid and eliminate them, with the class providing complete coverage of analysis and network security-testing topics.


Pass exam 412-79 to achieve EC-Council Certified Security Analyst (ECSA) certification.


  • ECSA is for experienced hands in the industry and is backed by a curriculum designed by the best in the field.
  • Greater industry acceptance as seasoned security professional.
  • Learn to analyze the outcomes from using security tools and security testing techniques.
  • Requirement for the LPT certification.

Certification Exam

Students will be prepared for EC-Council’s ECSA exam 412-79 on the last day of the class. This certification is also pre-requisite to EC-Council’s Licensed Penetration Tester Program.

More from EC-Council.

EH-Net Resources

CEPT – Certified Expert Penetration Tester

| July 25, 2006

Exam Details:

Questions: 100
Passing Score: 80%
Format: Multiple Choice
Other Requirements:

Editors' Quick Thoughts

Taught by Jack Koziol of Shellcoder's Handbook fame, this is truly an advanced course. The class has a heavy focus on code. So if you don't have a solid working knowledge of C++ or assembler on x86, this may not be for you. If you have what it takes, it may be one of the most difficult but rewarding classes you'll ever take.

From the Horse's Mouth (InfoSec Institute's Web Site Content):

9 Certified Expert Penetration Tester (CEPT) Domains:

  • Penetration Testing Methodologies
  • Network Attacks
  • Network Recon
  • Shellcode
  • Reverse Engineering
  • Memory Corruption/Buffer Overflow Vulnerabilities
  • Exploit Creation – Windows Architecture
  • Exploit Creation – Linux/Unix Architecture
  • Web Application Vulnerabilities

More from InfoSec Institute.

EH-Net Resources

  • Book Recommendations
  • Related Forums
  • Related News