Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Certified Penetration Testing (CPENT)
The Certified Penetration Testing Professional (CPENT) is EC-Council’s most advanced and comprehensive penetration testing certification. It is designed to help cybersecurity professionals master real-world penetration testing skills through a hands-on, challenge-based learning environment. The course includes over 110 labs, live cyber ranges, and more than 50 tools, and it integrates AI techniques into every phase of penetration testing. CPENT emphasizes a complete methodology, from scoping and engagement to reporting and post-testing actions.
Who It’s For:
This course is intended for experienced cybersecurity professionals, ethical hackers, penetration testers, red teamers, and security analysts. It is also suitable for individuals who have completed the CEH certification or have equivalent knowledge and are looking to advance their offensive security skills.
What You’ll Learn:
CPENT teaches advanced penetration testing techniques across a wide range of environments, including enterprise networks, web applications, APIs, IoT, and cloud systems. It also covers binary exploitation, privilege escalation, lateral movement, and report writing.
Course Outline:
Introduction to Penetration Testing and Methodologies
Penetration Testing Scoping and Engagement
Open Source Intelligence (OSINT)
Social Engineering Penetration Testing
Web Application Penetration Testing
API and Java Web Token Penetration Testing
Perimeter Defense Evasion Techniques
Windows Exploitation and Privilege Escalation
Active Directory Penetration Testing
Linux Exploitation and Privilege Escalation
Reverse Engineering, Fuzzing, and Binary Exploitation
Lateral Movement and Pivoting
IoT Penetration Testing
Report Writing and Post-Testing Actions
Why It’s Valuable for Federal Employees and Contractors:
CPENT is fully aligned with the NICE Cybersecurity Workforce Framework and prepares federal employees and contractors for advanced roles in red teaming, vulnerability assessment, and offensive security. It supports compliance with federal cybersecurity mandates and provides the skills necessary to simulate real-world attacks and improve organizational defenses.
Delivery Formats:
The CPENT program is available in multiple formats: In-Person Training, Online Self-Paced, and Online Instructor-Led.
Course Overview
2 Years IT Security Experience, CEH or equivalent recommended
Learning Objectives
Conduct advanced penetration testing across enterprise environments
Perform reconnaissance, vulnerability scanning, and exploitation
Bypass perimeter defenses and escalate privileges
Exploit Windows, Linux, and Active Directory environments
Conduct web application and API penetration testing
Perform binary exploitation and reverse engineering
Simulate lateral movement and pivoting
Test IoT and cloud infrastructure security
Document findings and deliver professional penetration test reports
Operate in live cyber ranges with real-world scenarios
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.