Read what Alper Başaran had to say on LinkedIn: https://www.linkedin.com/pulse/lpt-master-kudos-youre-hired-alper-ba%C5%9Faran/
I believe that certificates from reputable organizations can be considered as proof of a minimum degree of knowledge on a certain field.
The first certificate I got years ago was the very popular CEH (EC-Council Certified Ethical Hacker), followed by ECSA (EC-Council Certified Security Analyst) and finally the LPT (Licensed Penetration Tester).
EC-Council is a well known training and certification body however my initial enthusiasm about the LPT quickly faded off as I’ve started to hear counter arguments against the LPT. On the other side was the OSCP (Offensive Security Certified Professional) certificate which was a hands-on challenge. Yes, LPT was achieved following 2 multiple questions exams whereas OSCP was awarded as a result of a hands-on lab exam… until now. LPT just became a script kiddies’ worst nightmare 🙂
Finally EC-Council launched the LPT Master exam which is a five day, hands-on lab exam at the end of which you submit a report. I was very excited as this took away the only counter argument people had against LPT.
As it was time for my renewal I decided to take the challenge. As I’ve been working as a Penetration Tester for government, banking and enterprise level customers I was almost certain that the 5 days they had given for the exam was “waaaay more than I’ll ever need”. Flash forward to the end of the exam; I could only finish the report and uploaded it in the last couple of hours.
The lab is rather challenging, especially for people who are used to rely on vulnerability scanners (thankfully, I always disliked these). Your favorite vulnerability scanner won’t be able to find critical vulnerabilities on any of the machines of interest and you’ll have to manually discover hosts, services and vulnerabilities. Most of the vulnerabilities you’ll need to exploit are the result of one or two previous “smaller” vulnerabilities you’ll need to discover and exploit.
I enjoyed every moment of the challenge, sleeping less during the entire challenge week (approx. 3 hours per day as I also have a day job) reading archaic RFC documents in the hope of better understanding a protocol, spending hours on forums reading about an obscure piece of software and even developing small scripts for exploitation. The lab environment was also surprisingly large compared to other hands-on exams I’ve taken (more than 20 computers, several network equipment, many web applications and more).
As I lead a penetration testing team I often have interviews and based on what I’ve seen in the LPT Master, anyone who succeeds is probably worth hiring. LPT Master will show us that the applicant not only can go through a very thorough host discovery methodology but can also manually identify vulnerabilities and think outside the box and can plan a successful attack in line with the hacker’s mindset. LPT Master fills a very important gap in the industry as it not only measures the technical capacity of participants but also their ability to write and explain their findings.