Penetration testing with reporting and compliance built in. Planning, scoping, recon, exploitation, post-exploitation, web app testing and clean executive deliverables.
⏱Duration: 5 days / 40 hrs
💻Format: Instructor-Led + Cyber Range
🌐Delivery: On-site · Virtual · Hybrid
✅Pass rate: 95%
📅Next intake: 9 June 2026
⚔️
End-to-end engagement
Plan, scope, exec, report — the full pentest lifecycle
📜
Compliance-aware testing
PCI-DSS, BNM RMiT, PDPA — what scope clauses really mean
🌐
Web, network, cloud and AI
All four core surfaces, with 2026's AI-attack additions
📝
Reports clients pay for
Executive summary, technical detail, remediation that lands
What this course is
PenTest+ is offensive done right.
PenTest+ (PT0-003) is the practical penetration testing certification with reporting and compliance built into the syllabus. It's the credential that gets you hired into an offensive security team.
At Nexperts, PenTest+ is delivered against the same Caldera-driven cyber range our CEH learners use. The difference: we focus you on engagement workflow — SOW, statement of engagement, evidence and reporting, not just the exploits.
A pentest report that an exec will not read is a pentest report that gets ignored. Half this course is teaching you to write the report.
PT0-003 modernises the older PT0-002 with cloud, IaC and AI-attack content. The exam is heavy on PBQs simulating Burp, Metasploit, AD enumeration and report-writing scenarios.
Who should take this course
🎯
Aspiring junior pentesters
PenTest+ is the most-used pre-OSCP credential in MY consultancies.
🛡️
Security+ / CySA+ holders
The natural offensive specialisation step.
🌐
Web developers pivoting
Web-app pentesting is half this exam — perfect pivot from dev.
🏛️
GRC professionals
Understand exactly what scope-of-work clauses mean technically.
📊
Risk auditors
Read pentest reports critically — and write better ones.
🎓
CEH alumni
PenTest+ adds the engagement and reporting depth CEH skips.
Prerequisites
✓ Security+ or 3+ years of security experience
✓ Strong networking and Windows / Linux fluency
✓ Comfort with command line and scripting
✓ Network+ recommended
→ No Security+? Ask us about our Security+ → PenTest+ accelerated track.
Course Curriculum
Five domains. Engagement-first sequencing.
PT0-003 covers Planning and Scoping, Information Gathering, Attacks and Exploits, Reporting and Communication, and Tools and Code Analysis. We sequence them as you'd run a real engagement.
Hands-On Range
36 attack labs. Real range. Real exploits.
Same Caldera-driven cyber range our CEH learners use. The difference for PenTest+ is the addition of full-engagement workflows — you'll deliver a real SOW and a real report alongside the exploitation.
01
SOW & Scope Drafting
Take a fictional client brief. Draft a complete SOW including legal limitations.
Engagement
02
Full External Recon
Build a complete external attack surface map of a test target.
Recon
03
AD Lateral Movement
From a foothold on one workstation, walk to Domain Admin in 2 hours.
AD Attack
04
Web App Pentest
Burp Suite + manual review of a deliberately vulnerable web app.
Web
05
Cloud IAM Privilege Escalation
Pivot through a misconfigured AWS IAM role chain.
Cloud
06
Wireless Capture & Crack
Capture WPA2 handshakes, set up an evil twin, intercept clients.
Wireless
07
Custom Recon Tool in Python
Write a 50-line subdomain enumerator with parallelism.
Present findings to a fictional CIO. Defend recommendations.
Comms
+ 27 additional range tasks. Range access for 60 days post-course.
Exam Information
One exam. Workflow-heavy.
PT0-003 is heavy on PBQs simulating Burp Suite, Metasploit, AD enumeration and report-writing scenarios. Theory alone will not pass.
PenTest+ PT0-003 Exam
QuestionsMax 85 (MC + performance-based)
Duration165 minutes
Passing score750 / 900
FormatPearson VUE / Online
Validity3 years (CE renewal)
Industry avg pass rate~62% first attempt
Nexperts pass rate95% first attempt
OSCP Pre-Bridging
Pre-bridge valueBuilds 70% of OSCP foundation
Tooling overlapBurp, Metasploit, Nmap, AD attacks
Scoping & reportingAdds what OSCP doesn't teach
Stacks withCEH → PenTest+ → OSCP → CPENT
VoucherBundled — Pearson VUE included
RenewalCompTIA CE — 60 CEUs in 3 years
Career fitJunior pentester, red team intern
Our PenTest+ 3-Mock Programme
01
Diagnostic Mock
Day 2. Maps weak attack categories. Average score: 56%.
02
Workflow PBQ Mock
Mid-course. PBQ-only — Burp, Metasploit, AD scenarios. Average score: 71%.
03
Final Clearance
Full simulation incl. report-writing. 82%+ before booking. Average score: 87%.
0%
Pass Rate
95% of our PenTest+ candidates pass on first attempt.
Industry-average PT0-003 first-attempt sits around 62%. Our 95% is built on a real cyber range, full-engagement workflow drills, and an instructor who has delivered 80+ pentests for Malaysian banks and telcos.
Cyber range labsEngagement-workflow drills95% first attemptBurp + Metasploit fluencyReport-writing coaching
Why our pass rate is 95%
Industry average: ~62%
PenTest+ candidates often pass exploitation but struggle with the report-writing PBQs and the scoping nuance — the things you can't memorise.
Nexperts: 95%
We dedicate two days to engagement workflow and reporting. We force you to write a full report. We don't book until your scoping logic is bulletproof.
Your Certification Journey
PenTest+ is the OSCP runway.
PenTest+ is the most-used pre-OSCP cert in Malaysian consultancies. From here you go OSCP, then CPENT or specialise into red team / AppSec.
Before this
Security+ or CEH
Foundation security and offensive baselines. Without them, PenTest+ feels too tooling-heavy.
Security+→CEH / PenTest+ ← You→OSCP→CPENT AI→Red Team Lead
Expected salary range after PenTest+: RM 6,000 – RM 11,500/month for junior pentester roles in Malaysian consultancies.
Student Reviews
What our PenTest+ candidates say.
4.8
★★★★★
118 reviews
5★
85%
4★
12%
3★
3%
★★★★★
"The two-hour 'workstation to Domain Admin' lab is exactly the kind of pressure you face on real engagements. By the time I sat the exam, AD privesc PBQs were second nature."
HK
Hafidz Karim
Junior Pentester · BAE Systems MY
✓ Passed first attempt
★★★★★
"I'd done CEH and felt confident going into PenTest+. Then they made me write a real report. Six hours of writing. Painful — but the most useful skill I left with."
SR
Sheryl Raj
Pentest Consultant · EY Malaysia
✓ Passed first attempt
★★★★
"Burp Suite went from a tool I half-knew to one I drive fluently. The web-app pentest lab alone justified the course fee."
JM
Jacky Mok
AppSec Engineer · iflix
✓ Passed first attempt
★★★★★
"Scoping and PCI-DSS mapping was the real value for me. I now lead my own pentest engagements and the SOWs my consultancy uses are based on the templates from this course."
NA
Nadia Anwar
Senior Pentester · GHL Systems
✓ Passed first attempt
Copy page link
Share this course page with your team or save the URL for later.
