Introduction
This week, I passed my first penetration testing certification, the Practical Junior Penetration Tester (PJPT), which is provided by TCM Security. I’ve created this post to help get more of a spotlight on their newest certification (as of August 2023), and their company as a whole.
Their website:
In the field of cybersecurity, where it’s common to shell out thousands in the pursuit of training, companies like TCM Security are a breath of fresh air. Their current model is far more affordable than the vast majority of training platforms, which is a subscription of $30USD/month for all of the courses in TCM Academy, and the purchase of each certification voucher comes packaged with their associated course material. They even market themselves as being less expensive than some of their competitors.
To sit for their certifications, the current pricing is (in order of release):
Practical Network Penetration Tester (PNPT)— $399
Practical Career-Ready Professional (PCRP) — $999
Practical Junior Malware Researcher (PJMR) — $329
Practical Junior Penetration Tester (PJPT) — $199
(Note: Since I started typing out the first draft of this review, I’ve been made aware that they have included other (more expensive) “live training” options to their offerings that are more akin to their competition. I’ve personally read quite a few posts on social media and even their own official Discord server criticizing them for the recent changes. In my opinion, I don’t believe this backlash would have occurred if they haven’t marketed themselves so heavily towards affordability. However, even with that in mind, their cheaper options still exist*, and that’s what I’m reviewing them for here.)*
Their first and most popular certification, the Practical Network Penetration Tester (PNPT), is slowly gaining ground over more entrenched (and far more expensive) options from other training platforms. It is not uncommon to see PNPT listed as one of the preferred certifications in pentesting job descriptions.
I’m hoping their newer certifications gain similar traction, especially PJPT and PJMR. Offensive security isn’t very noob-friendly, and it’s honestly nice to see a certification geared toward novices. Additionally, malware research is notably lacking in available training and certifications. To my knowledge, the only other option is the >$9,000 SANS FOR610 and associated GIAC Reverse Engineering Malware (GREM) certification.
Special mention should be made regarding their official Discord server and their support staff. I can confidently state, without hyperbole, that they provide the fastest technical support that I’ve ever seen. I legitimately have never needed to wait longer than 5 minutes to get my issues at least acknowledged and then resolved within 10 minutes after acknowledgment.
Background and Preparation
Earlier, I mentioned that this is my first penetration testing certification, however, I’m actually not a penetration tester. I’m a cyber threat intelligence analyst/engineer/researcher with a strong interest in offensive security. I don’t conduct penetration tests on a daily basis. Prior to preparing for the PJPT, the most formal offensive training I received was during SANS ICS410, where a portion of the training involved penetration testing individual ICS components.
I took the advice of some friends in the industry and signed up for TCM earlier this year, and they cited the price and quality of instruction as the main reasons to give them a shot. When I first started studying the courses from TCM, the goal was to sit for PNPT. Due to several factors, I ended up receiving a voucher for PJPT. Being that I’m not actually a penetration tester, I’m not necessarily in a rush to bite off more than I can chew.
Simultaneously with my work on TCM’s course, I was also working on rooting (mainly Windows) machines on Hack the Box. Everything I learned on attacking Active Directory from Heath, TCM’s CEO and main instructor, I immediately took to Hack the Box to practice. In the process, I managed to reach Hacker rank on the platform, but I’ve admittedly been struggling to reach Pro Hacker.
I’ve walked through the main coursework from start to finish several times, practicing the attacks, taking pages upon pages of notes, and building my methodology. All in all, it was approximately 6 months from my first offensive course purchase to taking the PJPT exam. Had I had more time and flexibility to focus on the coursework, I feel that it could have been done in a shorter amount of time.
The Practical Ethical Hacking Course
The use of “practical” in their nomenclature is deliberate. Students will be installing their own tools, writing scripts, and exploiting vulnerabilities.
In my opinion, this course is fantastic. “The Full Course” is right. Heath Adams goes through the basics of networking, Linux administration, and programming in Python before you ever run your first exploit. All of these are vital subjects for IT professionals to have some sort of familiarity with.
After touching on the IT fundamentals, Heath goes into the basics of information gathering, scanning, exploitation, and exploit development. However, the “meat and potatoes” of this course are the Active Directory sections, where he shows students how to abuse various Windows services. To be clear, you won’t be exploiting CVEs but abusing common features in Windows and Active Directory.
Heath cites the heavy use of AD among corporations as the reason for this course’s large focus on this service. Even cursory research supports his claim:
https://www.crowdstrike.com/cybersecurity-101/active-directory-security/
I love that he starts by having students build their own AD lab to then compromise. He does so whilst also showing students what common Windows features and pitfalls are commonly seen during his company’s penetration tests, which are accompanied by mitigations along the way.
Towards the end of the course, Heath and another instructor (Alex) go through web application security testing, where they walk students through the exploitation of various web app vulnerabilities.
One major bonus… since purchasing the course I’ve seen multiple updates to the content to keep it up-to-date with contemporary attacks.
The Practical Junior Penetration Tester (PJPT) Exam
That word, “practical,” comes up again.
The PJPT exam is essentially an internal penetration test on a mock corporate Active Directory network. Upon starting, you’re given access to the VPN file to connect to the network and the rules of engagement. You’re tasked with gaining domain administrator on the network (within 48 hours) to pass the exam portion, but then have to deliver a detailed penetration test report (within another 48 hours) to qualify to receive the certification.
While I’ve worked extensively on Hack the Box machines over the last 6 months, I feel like that still wasn’t even necessary. No supplemental resources are required to pass. Quite literally everything you need to pass this exam is directly in the Practical Ethical Hacking course. Everything.
In my opinion, this certification exam is less about demonstrating your technical acumen (but it’s still clearly examined) and more about demonstrating a solid pentesting methodology and the ability to produce deliverables to clients.
The supplied VPN connection and exam environment were stable, although mid-exam, I lost the ability to copy/paste any commands. However, I don’t believe that this was necessarily an issue with TCM’s platform.
Despite having 4 days total to complete, I started my exam at approximately 8PM, and submitted my report at 3AM. By the time I woke up at 5AM (I had too much nervous energy to stay asleep for long) I had already received notification that I passed the exam and got access to my digital certification and badge.
Final Thoughts
All in all, I feel like this course and certification were worth every penny. I’ve deepened my understanding of Active Directory and basic web application security, and the network and Python refreshers were great as well. Despite already working in cyber, I really appreciate their beginner-friendly approach to teaching.
Don’t let the “junior” in the name fool you, someone with this certification has shown the ability to perform an internal penetration test on an Active Directory environment, acquire domain administrator, and then deliver a professional report that will include findings and mitigations.
I have every intention of taking the more intermediate PNPT exam within the next few months. Now I want to demonstrate that I can start from an externally facing asset, gain a foothold in the internal network and fully compromise a domain controller all over again.
Happy hacking!