Why I Failed my First attempt at PNPT
Hi, readers
I've spent the last few months getting ready for PNPT from TCM security. And from the first day of the exam until the very last day, it was an eye-opening experience.
Fortunately, I'll have another chance soon, and this time I'll be ready (I hope XD!).
Unfortunately, starting on November 23, 2022, TCM security will no longer provide hints for the report, and because I was lazy, I hadn't even tried to produce one (I'm sorry, I'll make sure to create the report as soon as possible!).
Since I'm enrolled in PNPT v1.5 and PNPT v2 is currently on the market, I will not address the course and exam structure in this blog.
so let's get right to the point without wasting any time.
Mistake 1
"Treat the Environment practically"
By stating this title The only thing I want to make clear to you is the exam environment is prepared very similarly to an environment you may encounter in the real world. So, treat your every step according to the advantage it may provide you to gain your final goal! (I could have accomplished what I did on the last day on the first go.)
TIP: It's Possible that everything you've learned might not appear on the test ;)
Mistake 2
"Not paying enough attention to the information that is available"
I guess the title of this mistake makes it very clear to understand the underlying issue. The message here that I want to convey is to make sure you look at the information as it is. We frequently make the error of seeking information with a biased perspective.
TIP: Enumeration is the key!
Mistake 3
"Not knowing enough ways to move laterally inside Active Directory"
It's very important to know how to gain privileges and move laterally inside the Active Directory environment and for that, I've started tryhackme's
1 Wreath
2 Holo
and now that I have started doing these I felt how valuable these could be if I had gone through them before my exam. I would advise you to go through them as it covers Pivoting and Lateral movement in AD very adequately.
TIP: AD is the most important and what's covered in the course is not enough!
Mistake 4
"Don't take Time for granted"
I am aware that TCM security has given us a deadline of five days to ease the pressure and move toward actual involvement, but you should always respect the passage of time. Now that we've covered everything, I still want you to keep experimenting with different attack vectors because that's what a penetration tester needs to know the most.
TIP: Experiment pragmatically!!
Finally,
I want to make clear that the above-written things are my perspective for the Exam to a level that I reached (I was close T_T ) there are a few more things that I am missing and need to be learned.
Until then, wish me luck for my next attempt, and feel free to leave comments with any advice you may have for me.
bye.
Subscribe to my newsletter
Read articles from sunain directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
sunain
sunain
Infosec specialist | Cybersecurity enthusiast