Certified Penetration Tester (CPT)

Certified Penetration Tester is 5 days hands-on training and certification programmes that enable the participants handle the vulnerability assessment and penetration test for their customers.


  1. To understand different attacks used by hackers
  2. To learn how to conduct a vulnerability assessment on the network and systems
  3. To learn ways to harden the network and systems thus securing the corporate network and systems.
  4. To prepare and submit Vulnerability Assessment & Pentest Reports


  1. Network administrators
  2. Network executives
  3. Security professionals who insterested in conducting vulnerability assessment and penetration test for their customers

Introduction to Vulnerability Assessment & Penetration Testing

  1. Vulnerability Exploit, Payload, Listener
  2. Vulnerability Assessment Vs. Penetration Testing
  3. Types of Vulnerabilities Vulnerability Research Sources for Penetration Testers, Exploits and Tools sources for Penetration Testers, Commercial Tools for Penetration Testers, Penetration Testing Methodologies and Penetration Test Report Template
  4. Latest Attacks - Demos
Information Intelligence Techniques
  1. Passive Information Gathering
  2. Information intelligence and Map the Customer organization
  3. Information intelligence and Map the infrastructure of the Target
Scanning & Vulnerability Assessment
  1. Scanning Types & Scan Options
  2. NMap Scanning
    • Ninja & Non-Ninja Scan types
    • Multiple IP Addresses scanning
    • Host Discovery
    • Ping & Port Scanning
    • OS Fingerprinting & Service Enumerations
    • NMap Scripts
    • Host Scanning : Bypassing Firewalls
    • Decoys
  3. ZenMap
  4. Netcat Fingerprinting
  5. Nessus : Vulnerability Scanning & Reporting
  6. NeXpose : Vulnerability Scanning & Reporting
  7. OpenVAS
Cracking & Social Engineering
  1. MiTM Concepts & Attacks
  2. Password Cracking
    • Brute Force Tools : Hydra, Medusa
    • Crunch Password generator
    • FTP Credential cracking
    • Telnet Brute Force
    • SSH Login Brute Force Attack
    • Password cracking with John the Ripper
  3. Social Engineering Attacks : Java Applet Attack Vectors, Infectious Media Generator, Credential Harvester Attack Method, Spear-Phishing Attack Method and many more
Exploitation & Pentest
  1. Metasploit Framework Concepts
  2. Metasploit Community & Armitage
  3. Metasploit Exploitations : Dump Password Hash, Capture Screenshots, Capture Keystrokes,
  4. Privilege Escalation, Pivoting, ARP Scan, Stdapi and Priv, Persistence and Backdoors
  5. (Maintaining Access), Cover Tracks, Post Exploitations.
  6. Anti-Virus Evasion Framework and Methods
  7. Netcat Exploitations
  8. Backdoor using msfvenom & Netcat
  9. Advanced Exploitations using PowerShell
  10. USB Based exploitation on Win 7 & Win 10
  11. Pentest Reporting
PowerShell Exploitation
  1. PowerShell Basics
  2. PowerShell Log Analysis
  3. PowerShell Malwares to evade Defenses
Web Pentest
  1. Web Application Basics
  2. Web Application Fingerprinting
  3. Payment Gateway & Order Tampering
  4. Labs on OWASP TOP 10 Vulnerabilities and its sub categories using Mutillidae, DVWA [SQL Injection, Cross Site Scripting, Cross Site Request Forgery, LDAP Injection, Command Injection, Parameter/Form Tampering, Payment Gateway hacking, Improper Error Handling, Directory Traversal, Insecure storage, Information Leakage, Broken Account Management, Denial of Service, Buffer Overflow, Broken Session Management, Session Fixation, Security Misconfiguration, File Upload and Download and many more ]
  5. Pentest Reporting
Wireless Pentest
  1. Introduction on WEP, WPA, WPA2
  2. Wireless cracking with Reaver
  3. Uncovering hidden SSIDs
  4. WiFi Twining Attacks
  5. WiFi Pineapple based attacks

Mr. Clement Arul
Chief Executive Officer
Cybertronium Sdn Bhd

  • Clement is a two-time recipient of Cyber Security Professional of the Year in 2017 and 2014 as well as a three-time Regional Award winner of Cyber Security Professional of the Year Asia and APAC in 2020, 2019 and 2017.
  • A Principal Technology Architect, Security Professional and an Evangelist with Twenty Two (22) years of IT experience in Cyber Security, Ethical Hacking, Cyber Security Framework, Security Risk & Governance, Big Data, IoT, Systems Analysis, Design, Development, Secure Coding, Implementation, Digital Forensics and Project Management.
  • Founder and CEO of Kaapagam Technologies Sdn. Bhd. and Kaapagam Education Services Sdn. Bhd. Also, Founder and Chief Technology Officer of Vigilant Asia (M) Sdn. Bhd.
  • He has contributed to National Cyber Security Framework and many more national initiatives and now working with few ASEAN governments in developing and implementing National Cyber Security Frameworks. He was also part of the Secure Implementation of Nigerian ID system Project in 2019 as the prime security expert consultant.
  • Presented in more than 120 public conferences and Talks in last Year and more than 600+ in last 5 Years across ASEAN
  • Chief Architect for KALAM – IT Security Collaboration Platform : An MOHE Award Winning Platform
  • Chief Architect for VALARI : Common Criteria Certified (the only) Malaysian Web Application Firewall
  • Chief Architect for SOC 2.0 – A Regional Managed Detection and Response Platform for SME
  • Security Consultant for many Multi-National and Leading IT Companies and Agencies in ASEAN Region
  • Specializes in Payment Gateway Hacking, Application Security & Penetration Testing, Big Data & IoT Security.
  • Issued 100+ Web Vulnerability Disclosure Documents in last 4 years on Vulnerabilities discovered in Government, Corporate, Banks, Online Payment Gateways and e-Shopping websites in ASEAN.
  • Provide Penetration Testing, Vulnerability Assessments, Security Consultations, Security Frameworks, Disaster Recovery & Business Continuity, and Security Audit Services for Customers in APAC Region.
  • Conduct Workshops across ASEAN region on Penetration Test, Mobile Security, IoT Security, Forensics Investigations, Secure Programming, Disaster Recovery, Incident Handling, Business Data Analytics, and many more.
  • Created a Security Awareness Certification under KALAM and have trained and certified 5300 people across ASEAN including Singapore, Malaysia, Laos, Cambodia, Indonesia in the last year.
  • Delivered Security Awareness Talk on Social Media & Cyber Attacks & Defences for public in THR Raaga Malaysia FM Radio: For the entire Nation
  • Delivered 13 capsules (days) on various cyber security awareness topics and DO's and Dont's for general public : Nationwide Indian Audience on ASTRO Malaysia Vanavil TV.

The CPT examination is certified by the Global ACE Certification. The examination framework is designed to align with a set of relevant Knowledge, Skills and Attitudes (KSA) that are necessary for an Information Security Awareness Manager. Candidates will be tested via a combination of either continual assessment (CA), multiple choice (MC), theory/underpinning knowledge assessment (UK), practical assessment (PA), assignments (AS) and case studies (CS) as required.

Candidates can take the examination at authorized examination centres in participating member countries. Candidates who have successfully passed the CPT examination will be eligible to apply as an associate or professional member by fulfilling the membership criteria defined under the Global ACE Certification.

Click here to register for certified examination


  • 20 - 24 February 2023
  • 15 - 19 May 2023
  • 3 -7 July 2023
  • 23 - 27 October 2023
*dates are tentative, unless specified

Training Fee: MYR6,300.00
Exam Fee: MYR1,255.80

(subject to 8% SST)

Please click here to register

Contact us to request for a quotation

30 CPD Point

Please submit the Certificate of Completion to Global ACE Certification at


Have any inquiries? Check out the FAQ