A Journey through TCM Security's PEH course and the PJPT
Today, I’m thrilled to share my recent exploits in the ever-evolving realm of information security. I have just earned TCM Security’s Practical Junior Penetration Tester (PJPT) certification, building upon the foundation laid by their stellar “Practical Ethical Hacking” course. Let’s dive in and explore the highlights of my journey.
Practical Ethical Hacking Course
Having recently completed the renowned SEC504 course by the SANS institute, I was on the lookout for supplementary training that would elevate my skills further. In the growing landscape of cybersecurity courses, TCM Security’s “Practical Ethical Hacking” stands out from the rest. Boasting 25 hours of excellent content, this course offered a digestible format with immediate practical value. The course’s focus on Active Directory content was particularly enlightening, providing hands-on experience with virtual machines in a lab environment. Starting with individual capture the flag boxes, the course progressed to setting up a small Windows domain, allowing me to apply my newfound knowledge in a realistic setting. As an Apple Silicon MacBook user, I couldn’t natively run the provided x86 Virtual Machines. However I am running a ProxMox cluster in my homelab. I had to adapt and convert the provided VMs for compatibility within the ProxMox environment - a valuable skill in itself.
PJPT Certification Overview
Lets shift our focus to the PJPT certification, a unique and practical examination experience. Unlike traditional exams, the PJPT certification is entirely hands-on. There are no multiple-choice questions; instead, candidates embark on a 48-hour assessment within a given environment, aiming to compromise the internal domain, with an additional 48 hours to write a professional penetration testing report.
The distinguishing factor of this certification lies in its emphasis on the practical aspect. The real measure of success is not just compromising the domain but compiling and submitting a comprehensive penetration testing report. In my first attempt, I was able to successfully compromise the internal domain, however the report I provided to TCM Security was not up to par. While I was disappointed at first, this taught me a valuable lesson in the importance of professional reporting—a crucial skill for any penetration tester.
The PJPT certification is a testament to TCM Security’s commitment to producing highly skilled professionals. Despite my initial setback, the two attempts provided with the exam voucher allowed me to refine my approach and produce a report that met TCM Security’s high standards. While this certification may not yet have widespread industry recognition, the intrinsic value derived from the experience is immeasurable.
Looking Ahead
As I reflect on my journey so far, I realize the need to broaden my expertise in the defensive side of cybersecurity. Shifting gears slightly, as mentioned in my previous post, I plan to pursue the Bachelor of Science in Cybersecurity and Information Assurance (BSCSIA) at WGU early next year. Additionally, I aim to enhance my defensive skills through training at letsdefend.io, a decision influenced by the Black Friday discount voucher I recently acquired. Letsdefend.io offers a diverse range of career and training paths, aligning with my goal to become a more well-rounded security professional. This strategic move reflects my commitment to continuous learning and adapting to the ever-evolving cybersecurity landscape.
Until next time,
Rebello