A Certified Penetration Testing Engineer imagines all of the ways that a hacker can penetrate a data system. You have to go beyond what you learned as an Ethical Hacker because pen testing explores technical and non-technical ways of breaching security to gain access to a system. Our C)PTE course is built on proven hands-on methods utilized by our international group of vulnerability consultants.
In this course you will learn 5 Key Elements of Pen Testing; Information Gathering, Scanning, Enumeration, Exploitation and Reporting. Plus, discover the latest vulnerabilities and the techniques malicious hackers are using to acquire and destroy data. Additionally, you will learn more about the business skills needed to identify protection opportunities, justify testing activities and optimize security controls appropriate to the business needs in order to reduce business risk.
Upon completion you will have solid knowledge of testing and reporting procedures which will prepare them for upper management roles within a cybersecurity system.

Modules:
- Module 01: Business & Technical Logistics of Pen Testing
- Module 02: Information Gathering
- Module 03: Detecting Live Systems
- Module 04 - Banner Grabbing and Enumeration
- Module 05: Automated Vulnerability Assessment
- Module 06: Hacking an OS
- Module 07: Advanced Assessment and Exploitation Techniques
- Module 08: Evasion Techniques
- Module 09: Hacking with PowerShell
- Module 10: Networks and Sniffing
- Module 11: Hacking Web Tech
- Module 12: Mobile and loT Hacking
- Module 13: Report Writing Basics
Hands-On Labs:
- Lab 01: Introduction to Pen Testing Setup
- Lab 02: Using Tools for Reporting
- Lab 03: Information Gathering
- Lab 04: Detecting Live Systems
- Lab 05: Enumeration
- Lab 06: Vulnerability Assessments
- Lab 07: System Hacking (Windows)
- Lab 08: Advanced Vulnerability and Exploitation Techniques
- Lab 09: AntiVirus Bypass
- Lab 10: Cracking Passwords from a Linux System
- Lab 11: Hacking with PowerShell
- Lab 12: Network Sniffing/IDS
- Lab 13: Attacking Web Applications
Detailed Outline:
Module 1 – Business and Technical Logistics of Pen Testing
- Section 1 – What is Penetration Testing?
- Section 2 – Today’s Threats
- Section 3 – Staying up to Date
- Section 4 – Pen Testing Methodology
- Section 5 – Pre-Engagement Activities
Module 2 – Information Gathering Reconnaissance- Passive (External Only)
- Section 1 – What are we looking for?
- Section 2 – Keeping Track of what we find!
- Section 3 – Where/How do we find this Information?
- Section 4 – Are there tools to help?
- Section 5 – Countermeasures
Module 3 – Detecting Live Systems – Reconnaissance (Active)
- Section 1 – What are we looking for?
- Section 2 – Reaching Out!
- Section 3 – Port Scanning
- Section 4 – Are there tools to help?
- Section 5 – Countermeasure
Module 4 – Banner Grabbing and Enumeration
- Section 1 – Banner Grabbing
- Section 2 – Enumeration
Module 5 – Automated Vulnerability Assessment
- Section 1 – What is a Vulnerability Assessment?
- Section 2 – Tools of the Trade
- Section 3 – Testing Internal/External Systems
- Section 4 – Dealing with the Results
Module 6 – Hacking Operating Systems
- Section 1 – Key Loggers
- Section 2 – Password Attacks
- Section 3 – Rootkits & Their Friends
- Section 4 – Clearing Tracks
Module 7 – Advanced Assessment and Exploitation Techniques
- Section 1 – Buffer Overflow
- Section 2 – Exploits
- Section 3 – Exploit Framework
Module 8 – Evasion Techniques
- Section 1 – Evading Firewall
- Section 2 – Evading Honeypots
- Section 3 – Evading IDS
Module 9 – Hacking with PowerShell
- Section 1 – PowerShell – A Few Interesting Items
- Section 2 – Finding Passwords with PowerShell
Module 10 – Networks and Sniffing
- Section 1 – Sniffing Techniques
Module 11 – Accessing and Hacking Web Techniques
- Section 1 – OWASP Top 10
- Section 2 – SQL Injection
- Section 3 – XSS
Module 12 – Mobile and IoT Hacking
- Section 1 – What devices are we talking about?
- Section 2 – What is the risk?
- Section 3 – Potential Avenues to Attack
- Section 4 – Hardening Mobile/IoT Devices
Module 13 – Report Writing Basics
- Section 1 – Report Components
- Section 2 – Report Results Matrix
- Section 3 – Recommendations
Detailed Lab Outline:
Lab 1 – Introduction to Pen Testing Setup
- Section 1 – Recording IPs and Logging into the VMs
- Section 2 – Joining the Domain
- Section 3 – Research
Lab 2 – Using tools for reporting
- Section 1 – Setup a Shared Folder
- Section 2 – Setting up and using Dradis CE
Lab 3 – Information Gathering
- Section 1 – Google Queries
- Section 2 – Searching Shodan
- Section 3 – Maltego
- Section 4 – The many tools of OSINT
- Section 5 – Recon-ng
Lab 4 – Detecting Live Systems - Scanning Techniques
- Section 1 – Finding a target using Ping utility
- Section 2 – Footprinting a Target Using nslookup Tool
- Section 3 – Scanning a Target Using nmap Tools
- Section 4 – Scanning a Target Using Zenmap Tools
- Section 5 – Scanning a Target Using hping3 Utility
- Section 6 – Make use of the telnet utility to perform banner grabbing
Lab 5 – Enumeration
- Section 1 – OS Detection with Zenmap
- Section 2 – Enumerating services with nmap
- Section 3 – DNS Zone Transfer
- Section 4 – Enum4linux
- Section 5 – AD Enumeration
Lab 6 – Vulnerability Assessments
- Section 1 – Vulnerability Assessment with Rapid7 InsightVM
- Section 2 – Vulnerability Assessment with OpenVAS
Lab 7 – System Hacking – Windows Hacking
- Section 1 – Scanning from the Hacked System
- Section 2 – Using a Keylogger
- Section 3 – Extracting SAM Hashes for Password cracking
- Section 4 – Creating Rainbow Tables
- Section 5 – Password Cracking with Rainbow Tables
- Section 6 – Password Cracking with Hashcat
- Section 7 – Mimikatz
Lab 8 – Advanced Vulnerability and Exploitation Techniques
- Section 1 – Metasploitable Fundamentals
- Section 2 – Metasploit port and vulnerability scanning
- Section 3 – Client-side attack with Metasploit
- Section 4 – Using Workspaces in Metasploit
- Section 5 – Remote Exploitation of Windows Server
Lab 9 – AntiVirus Bypass
- Section 1 – Bypassing AntiVirus – Not as effective
- Section 2 – Bypassing AntiVirus Signature Scanning
- Section 3 – Bypassing Windows Defender
Lab 10 – Cracking Passwords from a Linux System
- Section 1 – Cracking Linux Passwords
- Section 2 – Brute-force SSH Accounts
Lab 11 – Hacking with PowerShell
- Section 1 – Using PowerShell to Crack Passwords
- Section 2 – Using PowerShell for Enumeration
Lab 12 – Network Sniffing/IDS
- Section 1 – Sniffing Passwords with Wireshark
- Section 2 – Performing MitM with Cain
Lab 13 – Attacking Web Applications
- Section 1 – OWASP TOP 10 2017 A1: Injection
- Section 2 – OWASP TOP 10 2017 A2: Broken Authentication
- Section 3 – OWASP TOP 10 2017 A3: Sensitive Data Exposure
- Section 4 – OWASP TOP 10 2017 A4: XML External Entities
- Section 5 – OWASP TOP 10 2017 A5: Broken Access Control
- Section 6 – OWASP TOP 10 2017 A6: Security Misconfiguration
- Section 7 – OWASP TOP 10 2017 A7: Cross-Site Scripting
- Section 8 – OWASP TOP 10 2017 A8: Insecure Deserialization
- Section 9 – WebApp Scanning

Exam information:
The exam is taken online through Mile2’s Learning Management System and is accessible on your Mile2.com account. The exam will take approximately 2 hours and consist of 100 multiple choice questions.
A minimum grade of 70% is required for certification.
Your exam is included in the course fee!
Re-certification requirements:
All Mile2 certifications will be awarded a 3-year expiration date.
There are two requirements to maintain Mile2 certification:
- Pass the most current version of the exam for your respective existing certification
- Earn and submit 60 CEUs over 3 years in your Mile2 account

1. Hvem passer dette kurset for?
For penetrasjonstestere, sikkerhetsansvarlige, etiske hackere, nettverksrevisorer, sårbarhetsanalytikere, systemeiere og systemansvarlige, samt sikkerhetsingeniører som skal teste, dokumentere og forbedre sikkerheten i virksomhetens IT-miljøer.
2. Hvilke forkunnskaper bør jeg ha?
Anbefalt: Mile2 C)PEH eller tilsvarende, ca. 12 mnd. nettverkserfaring, solid TCP/IP-forståelse, grunnleggende Linux, samt noe Microsoft-sikkerhetserfaring.
3. Hva lærer jeg i kurset?
Den komplette pentest-syklusen: innhenting, skanning, enumeration, utnyttelse og rapportering – inkludert oppdaterte sårbarheter/teknikker og forretningsferdigheter for å begrunne testing og anbefale kontroller. Du dekker bl.a. OS-angrep, evasion, PowerShell, sniffing, web-/mobil/IoT-testing og rapportskriving.
Fullført kurs gir 40 CEUs og forbereder deg til C)PTE-eksamen.
4. Hvordan foregår kurset?
Leveres som klasseromskurs, live virtuelt eller bedriftsinternt/skreddersøm. Varighet: 5 dager, undervisningen er på engelsk.
5. Er dette kurset praktisk?
Ja – kurset inneholder omfattende hands-on-labber: fra OSINT, skanning og enumeration til Nessus/OpenVAS, Metasploit, AV-evasion, passordknekking (Hashcat/Mimikatz), PowerShell-angrep, sniffing/MitM og webapplikasjonsangrep (OWASP Top 10). Du produserer også rapport-artefakter klare for bruk i kundeleveranser.
6. Hvor mye koster kurset?
Kursavgiften er 35 000 NOK, og eksamen er inkludert i prisen.
7. Hva slags materiell får jeg?
Du får tilgang til Mile2 sitt digitale læringssystem, offisielt kursmateriell, videoer og øvelser.
8. Gir kurset sertifisering?
Ja – kurset inkluderer sertifiseringseksamnen Certified Penetration Testing Engineer.
Eksamen tas online via Mile2 sin læringsplattform.
9. Hvor lenge varer sertifiseringen?
Sertifiseringen er gyldig i 3 år. For å beholde den må du:
- Bestå den nyeste versjonen av eksamen
- Opparbeide og registrere 60 CEUs over 3 år i Mile2-kontoen din
10. Kan jeg delta digitalt?
Ja – kurset tilbys både som fysisk kurs i klasserom og som live, virtuelt kurs.
11. Kan jeg få kurset spesialtilpasset?
Ja – kurset kan tilbys bedriftsinternt og tilpasses organisasjonens behov.
12. Kan jeg bestille kurset for min organisasjon?
Ja – vi tilbyr bedriftsinterne kurs både fysisk og virtuelt.