courses-BG-01

 

The LPT (Master) Training Program:
Advanced Penetration Testing Course

divider

About the Certification

This exam has one purpose: To Differentiate The Experts From The Novices In Penetration Testing!

There are good penetration testers and then there are great penetration testers.

Unless you are bent on being nothing other than the best in penetration testing, don’t bother registering for this program, as you are probably not cut out for it.

We know that the only way to find out what you are made of is by testing you at the brink of exhaustion — which is why the LPT (Master) exam is 18 hours long!

Your pen testing skills will be challenged over three levels, each with three challenges, against a multi-layered network architecture with defense-in-depth controls. You will be required to make knowledgeable decisions under immense pressure at critical stages while selecting your approach and exploits.

As you progress along these levels, you will need to maneuver web application, network, and host penetration testing tools and tricks in an internal and external context to ultimately pwn the hosts and exfiltrate data required for the completion of the challenges.

The exam will require you to demonstrate mastery of deploying advanced pen testing techniques and tools including multi-level pivoting, OS vulnerabilities exploits, SSH tunnelling, host-based application exploits, privilege escalation, web server and web application exploitation such as arbitrary local and remote file upload, SQL injection and parameter manipulation, etc – all in a real life scenario on hardened machines, networks, and applications.

You will be facing the ticking clock and there’s no time to hesitate. There’s no time for second-guessing. Try either of these and be prepared to fail!

And you must know that while you are racing against time, you will be under the watchful eyes of the EC-Council proctors who will be online and live! This added pressure will test your mental strength.

Introducing the World’s Most Advanced Penetration Testing Program

The Advanced Penetration Testing Course by EC-Council was created as the progression after the ECSA (Practical) to prepare those that want to challenge the Licensed Penetration Tester (Master) certification and be recognized as elite penetration testing professionals. Our training has been designed by the best in the industry and meant to push you to develop the kind of skill that you’ve been waiting to acquire.

LPT (Master) training is not comfortable (and the exam is even worse!) , but filled with intense stress meant to illicit the best from you. Those who prevail will have developed an instinctual and intellectual response to real world penetration testing challenges.

We want to bring out the best in you. Our aim is to push you to your limit while making you solve complex problems that actual penetration testers solve daily in the real world. For four punishing and long days, you will have to perform various tasks until it becomes second nature. This is the foundation of the program.

This program is radically different from the ECSA. In the ECSA course, you are provided guidance on what machines to attack and an initial starting point. In the Advanced Penetration Testing Course, you are presented with minimal network information along with a Scope of Work (SOW). The course was created to provide you with advanced concepts that will help when it comes to attempting the LPT (Master) Certification exam.

In this course you will learn professional security and penetration testing skills. The course is designed to show advanced concepts like scanning against defenses, pivoting between networks, deploying proxy chains, and using web shells. The last module of the course includes an SOW for each of the various networks we have created for the course. This, combined with the composition of various ranges, mimics a professional penetration test. Time is limited and you will be required to identify the attack surface followed by the weaknesses of the machines that are on the network.

In summary, only those who possess the burning desire to succeed will make it.

 

Get LPT (Master) Training

The Planet’s Most Advanced Penetration Testing Range

How do you create an Advanced Penetration Tester?

How do you ensure that students are trained on the secrets of the trade while being pushed to their limit?

The Advanced Penetration Testing course from EC-Council is built on the backbone of the Advanced Penetration Testing Cyber Range (ECCAPT) and this was designed by experts who each have more than 25 years of professional security testing across the globe.

The program comes with multiple ranges designed to hone a specific set of real life pen testing skills. The ECCAPT contains more than 180 machines with more than 250 GB RAM and more than 4000 GB of storage segregated in complex network ranges with multiple militarized and demilitarized zones. It facilitates learning and demonstration of current attack vectors, penetration testing methodology, and tools. A typical range consists of 5 to 8 subnets where each subnet represents a different business unit and comprises semi-hardened and hardened machines with more than 15 Windows and Linux OS flavors.

The range is designed to provide challenges across every level of the attack spectrum. Additionally, the range contains multiple layers of network segmentation, and once access is gained in one segment, the latest pivoting techniques are required to reach the next segment. Many of the challenges will require outside-the-box thinking and customization of scripts and exploits to get into the innermost segments of the network. The key to being a highly skilled penetration tester is to go up against a variety of targets that are configured in a variety of ways. The ECCAPT consists of entire network segments that replicate an enterprise network — this is not a computer game simulation, this is an accurate representation of an enterprise network that will present the latest challenges to the pen tester. Since the targets and technology continue to change, the ECCAPT is dynamic and machines and defenses will be added as they are observed in the wild. Finally, the targets and segments are progressive in nature, once you get into one machine and or segment, the next one will challenge you even more.

The final range consists of challenges that will require the skills and concepts that have been covered in the course and consist of multiple visible as well as hidden subnets to prepare you for the possible challenges of the LPT (Master) range.

Finally, the ranges are designed to teach professional-level skills to identify the attack surface of targets within a required time frame and, once this has been accomplished, to gain access to the machines and escalate privileges as required. The greater the variety of targets you encounter with and without defenses, the better of a professional penetration tester you will become.

The practical environment ranges progress in difficulty and reflect real enterprise network architecture. This environment includes defenses and challenges which you must defeat and overcome.

This is not your typical flat network! As you progress through the range levels, each encounter will present the top defenses of today and you will learn the best and latest evasion techniques.

This training format has helped thousands of penetration testers globally and is proven to be effective. The ECCAPT is 100% hands-on. Everything presented in the course is through an enterprise network environment that must be attacked, exploited, evaded, and defended.

LPT-master

Licensed Penetration Tester (Master) Certification

divider
EC-Council brings to you a new range of real world challenges that will not only test your Pen-testing skills but guarantees you an experience that is not built for the weak hearted. If you have been looking for a way to test your Pen-testing abilities, this is your chance to prove you have what it takes.

LPT (Master) certified professional can:

    • Demonstrate a repeatable and measurable approach to penetration testing
    • Perform advanced techniques and attacks to identify SQL injection, Cross site scripting (XSS), LFI, RFI vulnerabilities in web applications
    • Submit a professional and industry accepted report that achieves management and technical buy-in
    • Get access to proprietary EC-Council penetration testing methodologies
    • Write exploit codes to gain access to a vulnerable system or application
    • Exploit vulnerabilities in Operating systems such as Windows, Linux
    • Perform privilege escalation to gain root access to a system
    • Demonstrate ‘Out-of-the-box’ and ‘lateral’ thinking
    • Ensure the integrity and value of the penetration testing certification, in a fully online, remotely proctored certification exam

Become an LPT (Master)

LPT (Master)

Being an LPT (Master) means that you can find chinks in the armor of defense-in-depth network security models with the help of network pivoting, making exploit codes work in your favor, or by writing Bash, Python, Perl, and Ruby scripts. The exam demands that you think on your feet, be creative in your approach, and not rely on the conventional techniques. Outsmarting and out maneuvering the adversary is what sets you apart from the crowd. This completely hands-on exam offers a challenge like no other by simulating a complex network of a multi-national organization in real time. This experience will test your perseverance and focus by forcing you to outdo yourself with each new challenge.

About the ProgramCourse OutlineKey ElementsRemote ProctoringEligibility CriteriaApplication processRenewal Cycle, Certification Fees & ECE SchemeLPT (Master) Credential

About the Program

The LPT (Master) is the world’s first fully online, remotely proctored LPT (Master) practical exam, which challenges the candidates through a grueling 18 hours of performance based, hands-on exam categorized into three practical exams for six-hour duration each, which will test your perseverance and focus by forcing you to outdo yourself with each new challenge. The exam requires the candidates to demonstrate a methodical approach to test and validate security defenses. The LPT (Master) exam is developed with close collaboration with SMEs and practitioners around the world after a thorough job role, job task, and skills-gap analysis.

Course Outline

Module 01 Introduction to Vulnerability Assessment and Penetration Testing
Module 02 Information Gathering Methodology
Module 03 Scanning and Enumeration
Module 04 Identify Vulnerabilities
Module 05 Exploitation
Module 06 Post Exploitation
Module 07 Advanced Tips and Techniques
Module 08 Preparing a Report
Module 09 Practice Ranges

Key Elements

Real world, performance based assessment:
The successful candidates need to demonstrate a mastery of the skills required to conduct a full black box penetration test that simulates a complex network of a multi-national organization in real time. The exam environment via EC-Council’s cloud based cyber range, iLabs, has multiple networks with different militarized and de-militarized zones. You will follow the entire process of “Cyber kill chain”, taking you from reconnaissance, scanning, enumeration, gaining access, maintaining access, then exploiting vulnerabilities that you will have to seek out in a network that only a true penetration tester will be able to break.

Methodical Approach:
To build on the technical skills taught in the Certified Ethical Hacking course, the repeatable and documentable methodology provided in the EC Council security analyst program , the EC-Council LPT (Master) course emphasizes application of this methodical approach to penetration testing. The LPT (Master) practical exam thoroughly tests the application of the penetration testing process and lifecycle knowledge and the skills required in an examination that even our reviewers have called “extremely challenging”.

Penetration test report:
Many have described report writing as one of least preferred, yet arguably one of the most critical parts of any penetration testing engagement. While so many cyber security courses are offered globally to cover various subjects in the penetration testing realm, hardly any are dedicated to this very important skill, especially almost since half of all time spent at any penetration testing engagement can revolve around writing and reporting the core findings of the engagement to the client.

The key skill also lies in communicating a highly technical finding in an elaborate penetration test engagement to someone to the senior management and the board of directors can be very challenging and frustrating at times. Mastery of communication, research and report writing is required to make sense of technically complex topics like specific vulnerabilities and their resulting exploits in a meaningful manner to make educated decisions to improve the security posture of the organization. The candidates are required to submit a comprehensive report of their findings, methodology used, corroborative screenshots, scripts, custom exploits, or any other method they have used to penetrate the network within 45 days after completing the three challenges. The submitted report should be very clear, so that we should be able to compromise the target again by following the report.

Remote Proctoring

EC-Council launches the first ever remotely proctored online Pen-Testing Exam as a mechanism to ensure the authenticity of the test taker. This not only adds credibility to the overall title but also eliminates external influences that can change the exam outcome. While this test does not limit the test taker to explore his research skills and take advantage of documented resources available, it keeps a check on the individual capability of dealing with the challenges by himself.

Eligibility Criteria

There is no predefined eligibility criteria for those interested in attempting the LPT (Master) exam. You can purchase the exam dashboard code here.

Clause: Age Requirements and Policies Concerning Minors

The age requirement for attending the training or attempting the exam is restricted to any candidate that is at least 18 years old.

Application process

In order to proceed with the exam the below steps will need to be completed:

  • The exam dashboard code can be purchased here.
  • Upon successful purchase, the candidate will be sent the exam dashboard code with instructions to schedule the exam.

Note:The exam dashboard code is valid for 3 months from date of receipt.

  • Should you require the exam dashboard code validity to be extended, kindly contact [email protected] before the expiry date. Only valid/ active codes can be extended.
  • The exam needs to be scheduled a min 3 days prior to the desired exam date. Exam slots are subject to availability.

Renewal Cycle, Certification Fees & ECE Scheme

The certification is valid for 2 years from the date of approval and members must then renew annually.

For renewals, members will need to remit USD250 per annum which can be done at our online store.

LPT (master) certification falls under the ECE Policy. Members must ensure that they meet the ECE requirement.

Should you have any queries, please do not hesitate to write in to [email protected].

LPT (Master) Credential

  • Successful candidates will receive the LPT (Master) Welcome Kit consisting of:
      • Printed Certificate
      • Welcome Letter
      • Lapel Pin
      • EC-Council LPT (Master) T-shirt
  • The LPT (Master) license is valid for 2 years. After the initial 2 years, members will have to renew their LPT (Master) license by remitting the annual USD 250 renewal fee.

At A Glance:

LICENSED PENETRATION TESTER (MASTER)

WHAT’S NEXT AFTER THE
LPT (Master) ?

GET MASTER OF SCIENCE DEGREE

LPT BOARD

about-us-section-divider

Member NameCountryDesignationCompany/Organization
Adarsh S V NairIndiaSenior Security AnalystUST Global Inc.
Adithya NareshIndiaCyber Security ConsultantSAP Labs India
Arthur DonkersNetherlandsSecurity OfficerSSO Noord
Belly RachdiantoIndonesiaSenior IT Security Consultant and Trainer APACSystem Integration
Cristian-George MocanuRomaniaSenior Consultant Cyber Security and Penetration TestingDeloitte
Daniel SewellUSALead Cybersecurity EngineerAlpine Security, LLC
Derek MaxeyUSASenior Staff Software EngineerLockheed Martin
Fabrício GiglioBrazilSenior Information Security EngineerTech Mahindra
Hans MintenNetherlandSecurity Analystwehkamp
Jean SaadLebanonCloud Security SpecialistCirrus
Mark HorvatAustraliaDirector & Principal Security ConsultantBlack Swan Group
Himanshu MehtaIndiaTeam LeadSymantec
Mustafa MohsenEgyptSecurity Solution ExpertOrange Business Services
Nathan JonesUKTechnical DirectorArcadeus OPS
Sanehdeep SinghIndiaManagerControlcase
Sergey KlevoginRussiaLead InstructorBauman University
Stephen CorbiauxBelgiumSecurity SpecialistDavinsi Labs


TESTIMONIALS

about-us-section-divider

Josh-Tomkie

As a hiring manager, LPT (Master) offers more credibility than other hands on certification, as it is fully proctored

Josh Tomkiel
Manager, Security Testing and Assessment
Schellman & Company, LLC
CCSK, OSCE, OSCP, Security+, CISSP, LPT (Master)

Adi

LPT (Master) certification offers more credibility and administers a verification mechanism to ensure that the right candidate is attempting the exam, eliminating any possibilities of false identification

Adi Nugroho
Application Security Tester
Lembaga Sandi Negara (National Cryptography Agency, Indonesia)

mark

The LPT (Master) certification adds more credibility to my technical experience, especially since a lot of hiring managers prefer EC-Council certifications.

Mark Klink
Cyber Operations Officer
US Army
OSCP, GIAC Certified Intrusion Analyst (GCIA), CISSP, CSA+, CEH v8, LPT (Master)

shafeeq

It is with the help of my prior experience in the field, and EC-Council’s Certified Security Analyst (ECSA) program, that gives you a hands-on experience through iLabs, that I was able to earn the LPT (Master) title

Shafeeque Olassery Kunnikkal
Information Security Consultant
Graytips Cyber Technologies
LPT (Master), CEH v9, ECSA

Adithya

The LPT (Master) being fully proctored added a lot of credibility to the test, while the three-stage exam added a very realistic approach.

Adithya Naresh
Cyber Security Consultant
SAP Labs
LPT (Master), ECSA

FREQUENTLY ASKED QUESTIONS

about-us-section-divider

1. Why should I be licensed?

Penetration testers today have been certified by different agencies. But are they trusted? Do they follow a code of ethics? The answer is no. The Licensed Penetration Tester (LPT) program offered by EC-Council gives certified penetration testers the opportunity to practice their skills so that they are able to function as a licensed penetration tester. EC-Council’s licensed penetration testers use hands-on penetration testing methodologies and are trained by experts and specialists who are licensed penetration testers from EC-Council.

2. I am already a Penetration Tester, why do I need to be a Licensed Penetration Tester?

Being a penetration tester would be of little help in this insecure world. Corporate organizations today are looking for penetration testers who can analyze vulnerabilities of the network and who can be trusted not to disclose network vulnerabilities to competitors. Thereby, many companies would be looking for a Penetration Tester who is licensed to carry out these tasks and who has hands-on experience in penetration testing.

3. What is the difference between a Licensed Penetration Tester and a Certified Ethical Hacker?

A Certified Ethical Hacker would be an individual who is trained in mastering hacking technologies. A Licensed Penetration Tester is a professional who is equipped with a License to conduct penetration testing of corporate networks. Licensed Penetration Testers are preferred over non-licensed ones by companies for recruitments/assignments.

4. What will I receive as part of my purchase towards the LPT (Master) exam?

You will receive an Aspen Dashboard access code with instructions as part of your purchase towards the LPT (Master) exam.

5. How long is the Aspen Dashboard access code valid for?

The Aspen Dashboard access code is valid for 3 months from date of receipt.

6. How long is the Aspen Dashboard access valid for?

The Aspen Dashboard access is valid for 45 days from the day it is unlocked using a valid key.

7. What does the Dashboard consist of?

The Dashboard consists of:

  • Detailed Instruction guide
  • Exam scheduling service
  • Exam launching service
  • Exam progress tracking
  • Sample report templates
  • Report submission
  • Status of report

8. What is the structure of the exam?

The candidate is required to complete 3 levels of the challenge and submit their pen testing report in-order to complete the exam. Each level consists of 3 challenges. It is mandatory to complete at least one challenge per level to qualify for the next stage.

9. What is the duration of the exam?

The exam challenge duration is 6 hours per level.

10. How much notice is required to book the exam session?

Sessions are required to be booked 3 days in advance of the desired exam date.

Note: All exam sessions are proctored by EC-Council Certification department.

11. What are the important things to keep in mind before I schedule my exam?

Once you are ready to proceed with your exam, you need to ensure you understand the below:

  • Cancellation requests are to be made 24 hours in advance.
  • Rescheduling is possible 72 hours prior to the exam session
  • Candidate has a grace period of 15 minutes to show up for the exam session.
  • After 3 no-show cases the candidate will be required to seek special permission from the Director – Certification in order to proceed with their attempt.
  • FAQs on exam proctoring will be available at https://proctor.examspecialists.com/User/FAQ.aspx

12. What is the retake policy?

Retake exam requests can be only purchased should a student fail by writing to [email protected]. Retake exam attempts will be priced at $199 per level.

Note: All 3 levels of the challenges as well as the report is required to be submitted within the 45 days window. This includes re-attempts if any

13. Can the dashboard be extended?

Report submission can be extended for 7 days only by paying $100 as long as the dashboard is active.

Note: Should the dashboard expire the candidate will need to purchase a new kit.

15. What is the validity of the LPT (Master) certification?

The LPT (Master) certification is valid for two (2) years from the date of certification.

16. Does the LPT (Master) certification fall under ECE policy or not?

Yes, the LPT (Master) certification falls under the ECE policy.

GET CERTIFIED