Black Hat is partnering with The SecOps Group to launch an independent exam track at the upcoming Black Hat USA conference.
The exam track will allow attendees to sign up for a certification exam, called Black Hat Certified Pentester (BCPen), to demonstrate specific, real-world knowledge of penetration testing. “We are aiming to provide an authentic and credible certification that is up-to-date and represents real life business risks,” says Sumit ‘Sid’ Siddharth, the CEO of The SecOps Group.
Other certification exams may be added to the track in the future.
The BCPen exam covers a wide variety of topics involving both application and infrastructure security domains, such as network penetration testing, Active Directory penetration testing, web and API penetration testing, as well as Linux and cloud security topics, says Siddharth. According to the Black Hat website, the practical exam will be split into two parts – with both the Web Hacking and Infrastructure Hacking sections carrying the same amount of weight.
Attendees will be expected to demonstrate their practical knowledge of penetration testing by identifying and exploiting security vulnerabilities in a hack-lab environment specifically set up to mimic the real-life scenarios. The exam will follow the format of a capture-the-flag hackathon. Exam candidates will need to capture flags as they proceed through the “course” and identify various vulnerabilities and define mitigation strategies.
As for who should take the exam, categorized at an intermediate level, Siddharth says it is suitable for candidates with two-plus years of professional penetration testing or bug bounty hunting experience.
Attendees must bring their own laptops and can use any hacking tools of their choice to accomplish the required tasks on the exam. The 7-hour practical exam will be available once a day (starting at 9 am local time) during Black Hat USA in Las Vegas, on Aug 5, Aug 6, Aug 7, and Aug 8.