My PNPT(Practical Network Penetration Tester) experience and review

5 min readMar 28, 2022


Hey buddy!

Hope you are doing good!

Recently I took the PNPT certification and have cleared it. So, I am here to share my experience taking the exam and the resources which helped me a lot.

PNPT is one of a kind close to real-world certification which mainly focus on internal pentesting an active directory network. I can confidently claim this to be close to the real world because I have some experience getting my hands on some active directory network and the course materials and the exam itself made my testing process a streamlined one.

Like everyone who has taken the exam I completely agree with the fact that the course materials from TCM academy are sufficient to get this certification. But if you are someone like me who gets a hold on to something from long hours of exposure and practice, then this blog is all yours because this contains some free resources where you can put your skills into practice and learn some secret tricks which will come handy during the exam.

The exam:

The exam comprises of 2 parts, where The Lead Tester (which is you) from TCM Security (which is pretty cool) has to perform external and internal testing for a fictitious company.

For the external compromise you have to perform some OSINT on the company and use this to get into the internal network.

I was provided the Rules of Engagement file which clearly depicts the do’s and don’ts and some information to kick start your testing.

Though the main objective of this exam is to compromise the domain controller but that isn’t the only thing which really makes this stand out from other CTF-like certifications. This opens up a few different ways to get to the domain controller and provides us with the freedom to try different things though they might not land us to the end goal which I felt is awesome!

Finally, the other things which make this a real-world engagement are the report writing and the debriefing parts. I believe these things made me confident and mature in the way I handle these environments.

My Experience:

I would describe this exam as “well-laid and streamlined ” (these were the words that just popped out at the time of writing so just pardon me if this doesn’t make sense). Also, one other thing which I realized is that one would

run out of ideas, before the time runs out!

The exam never stresses us with unrealistic time limits!

I got stuck in the exam 2 times mostly because of over-thinking (which I do quite a lot) and the actual problem to be solved was something entirely different (this is also pretty much me).

So one thing I would like to stress here is that when things don’t work the way its suppose to or as you expect, try taking a moment away and look for other possibilities because there is actually more than a way to solve the problem. I stress this because I got to know some interesting ways to get access to the machines in the exam after my completion from people which was simply awesome!!

Apart from the 2 self-burrowed rabbit holes, the exam was pretty much straightforward and fun.

The Resources:

The best resource for PNPT is the courses recommended by the TCM academy in the PNPT pathway. Also, Heath explains how to set up an AD environment for practice which is important and a must to play with.

The resources I mention are some labs and networks which can be used to practice or test yourself once you have completed the training from TCM academy so don’t consider this as some replacement.

But for someone like me who needs lots of exposure and practical experience the courses were not enough to make me feel confident. So I started to hunt for some labs , free networks which would teach me some cool neat tricks and make me understand and aware of different concepts.

So its time to reveal my secret resources which helped me

  1. Wreath network from Tryhackme

This room from Tryhackme talks on Pivoting, C2 frameworks and AV evasion all of which proved useful to me.

You can access this room for free as long as you want by getting a 7-day streak on the Tryhackme platform. So definitely give this a try and grasp the most out of it for your preparation.

2. The throwback network from Tryhackme.

This room is a paid one but the good thing is that you can read the writeups and get to know the different tricks.

3. Active directory-based machines from Tryhackme.

There are few free machines where you can practice some post-compromise attacks and enumeration.

Final Words:

  1. Take good notes on different materials and courses you follow and prepare a cheat sheet.

2. I prepared a chart to organize my thoughts and different attack strategies to perform under specified conditions which proved useful during the exam.

3. Take adequate breaks and stay calm which is very essential and do not rush into things when you get stuck instead move out and relax. I know this is easy said but try to follow this which definitely helps.




An aspiring red-teamer sharing resources and knowledge to people.