b1gb33f_blog

Pentesting and AppSec

View on GitHub
9 February 2025

PNPT Study Group

by Shawn Szczepkowski

In 2024, I hosted a study group to help people prepare for the PNPT exam from TCM Security. The full playlist can be found on my YouTube, but in this post, I’ll talk about each session and what it contains so that if you are only struggling with one specific concept, you can save some time. The study group focused on breaking down the stages of an external pentest and included some pretty knowledgeable guests who have passed the exam or work as pentesters professionally. If you enjoy any of the material I put together and want to show some love, feel free to purchase your cert with my Affiliate Link.

Internal

We kicked off the study group with a session on internal AD pentesting featuring yours truly and went over the creation of a study group notebook that could be used for testing methodology when we all made it to test day. The notebook is linked in the video description. It may have made more sense to kick off the study group from the external side of the pentest, but this is the way things worked out with guest schedules.
Internal Session 1

External

In session 2, we hit the external portion hard with the help of my friend Ben Heater. Ben takes us through some methodology for gaining our foothold and pivoting through an AD network. Please do yourself a favor and bookmark this man’s site, especially if you are looking to set up your very first home lab.
External Session 2

OSINT

Session 3 featured another good friend, Angela Brown from TCM Security. Ang is the creator of TCM’s PORP certification and a natural at finding people’s dirty laundry on the internet. The reason OSINT is its own session and not just part of the external portion is because it really is just that important. Trying to breach an external network without the skills to collect the information you need to gain access is going to leave all those fancy hacking skills you’ve been working on useless.
OSINT Session 3

Lessons Learned

Session 4 featured another friend, Mohammad Al-Adwan, who was gracious enough to come on and tell us his story of passing, what he learned from the preparation process, and what he might do differently if he had to do it all over again.
Lessons Learned Session 4

Trial and Error

I’m blessed to have made quite a few friends over the years, and in this session, another one of those friends, Sandie Hazelwood, comes on to talk about her PNPT journey. Sandie’s presentation is more focused on not passing the exam on the first try and how to bounce back from that.
Trial and Error

Reporting

Did I mention I have a lot of friends? I meant it because, in this session, my good friend and co-worker Jacob Thompson takes us through the exciting task of report writing. Why is report writing the grand finale? Because if you are someone who doesn’t already do this for a living, writing a pentesting report is a scary task. The report is the most important part of this exam because it doesn’t matter if you’ve compromised the DC if you can’t prove it.
Report Writing

tags: