⚔️ TCM PNPT (Practical Network Penetration Tester)

🧠 1. Certification Name and Issuing Body

What skills does it certify?
Ability to conduct a full penetration test engagement: external and internal network exploitation, OSINT, Active Directory attacks, and professional report writing with client debrief
Target roles or profiles:
Junior–Mid Pentester, Red Teamer, SOC Blue Teamer transitioning to offensive, Offensive Security Engineer
Practical applications:
Simulated internal/external pentests with full lifecycle execution, no CTF-style puzzles—focus on real client scenarios

Recommended prior certifications:
None required, but eJPT, Security+, or practical experience in networking is highly recommended
Suggested experience:
Comfort with Linux and Windows CLI, basic scripting, understanding of AD, vulnerability scanning
Required technical knowledge:
TCP/IP, SMB, RDP, DNS, basic AD enumeration, privilege escalation, Nmap, PowerShell

Key domains/modules:
1. Open Source Intelligence (OSINT)
2. External Network Exploitation
3. Internal Network Pivoting
4. Active Directory Enumeration & Exploitation
5. Post-Exploitation and Lateral Movement
6. Professional Reporting and Client Debrief
Technologies/tools:
Nmap, BloodHound, SharpHound, CrackMapExec, PowerView, Responder, Impacket, Rubeus, Evil-WinRM
Framework mapping:
MITRE ATT&CK, NIST SP 800-115, partial NICE Framework (PR and DE categories)

Style: 100% hands-on, scenario-driven
Labs/environments: Private exam environment (simulated enterprise network)
Materials: TCM Academy courses (e.g., Practical Ethical Hacking, Windows PrivEsc, OSINT)
Recommended platforms: TCM Academy, Hack The Box (Active Directory boxes), TryHackMe (“Red Team” and “AD” rooms)

Mode: Remote, practical
Duration: 5-day exam window (realistic pace, no artificial time pressure)
Requirements:
- Compromise objectives (internal + external)
- Submit full professional report
- Perform 15–30 min live debrief (via Zoom or similar)
Languages: English
Retake policy: One free retake included
Certification validity: Lifetime

Demand/popularity: Rapidly growing in the offensive security community due to its realism and accessibility
Organizations that value it: MSSPs, boutique pentesting firms, red team contractors, security startups
Comparison:
- More practical and realistic than CEH
- Less intense than OSCP but more grounded and client-focused
- Complements other certs like eJPT, GPEN, or PenTest+

Job roles:
Junior Penetration Tester, Red Team Analyst, Security Consultant, Vulnerability Analyst
Suggested paths:
→ PNPT → OSCP / CRTO / Red Team Ops
→ PNPT + eJPT = solid intermediate foundation
→ PNPT + HTB Pro Labs → OSWE / LPT / GXPN

USA: $75,000–$100,000/year
Europe: €45,000–€75,000/year
Salary impact: Recognized by employers focused on real-world skills over brand recognition
(Sources: Reddit /r/netsecstudents, PayScale, job boards)

Validity: Lifetime
Renewal: Not required—once certified, always certified
Reputation maintenance: Community involvement or additional certs may be used to stay current

Ideal for:
Professionals who want real-world pentest validation without CTF-style artificiality or high-stress environments
When to pursue:
After basic experience or certs (eJPT, Security+, HTB) and before OSCP/CRTO
Tips:
Treat the exam like a real client engagement: take notes, screenshot every step, focus on report clarity, and prepare for a smooth client presentation.