You have decided you want a pentesting certification. Good. Now comes the part most guides skip: which one, and how do you actually prepare for it without wasting six months studying the wrong things?
The honest answer for most people starting out is PT1, TryHackMe's Jr Penetration Tester certification. Here is why, and here is exactly how to get there.
Why Is PT1 the Right First Pentesting Certification?
Most entry-level pentesting certifications test what you know. PT1 tests what you can do.
The TryHackMe Jr Penetration Tester certification is a 48-hour practical exam. You get a real target environment spanning web applications, network services, and Active Directory. You attack it. You document your findings. You submit a graded professional report. No multiple choice. No memorising definitions. Just you, a live lab, and a deadline.
That format matters for two reasons. First, it is the closest thing to a real junior pentesting engagement you can sit before you are in the industry. Second, it produces something a hiring manager can actually evaluate: a report that shows how you think, what you found, and whether you can communicate it professionally.
Premium subscribers get a 15% discount. For most people, it is the right first step before OSCP.
What Do You Actually Need to Know Before You Sit PT1?
Three domains. Get comfortable across all three before you book the exam.
Web application security. SQL injection, cross-site scripting, IDOR, authentication bypass, CSRF, command injection, file inclusion. You need to be able to identify and exploit these manually, not just run a scanner and hope. Burp Suite is your primary tool. Know the Repeater module well enough that intercepting and modifying requests feels automatic.
Network penetration. Nmap for discovery and enumeration, service identification, and version detection. Exploit known vulnerabilities in identified services. Privilege escalation on Linux and Windows. Getting from initial foothold to root or SYSTEM without a walkthrough telling you what to do next.
Active Directory fundamentals. This is where a lot of first-time exam candidates get caught out. Know how Kerberos authentication works. Know how to enumerate AD with BloodHound. Understand basic attack paths: Kerberoasting, AS-REP Roasting, Pass-the-Hash, and lateral movement between hosts. You do not need to be an AD specialist. You need to be dangerous enough to find a path from a standard domain user to domain admin in a junior-level lab environment.
And one more thing: your report. PT1 grades your findings write-up as part of the assessment. A technically correct finding that is poorly communicated is a finding that costs you marks. Practise writing up every room you complete before the exam, not just the ones you found difficult.
What Is the Best Way to Prepare?
The Jr Penetration Tester path on TryHackMe. It was completely rebuilt for 2026 and it is designed in lockstep with PT1. That is not marketing language: the path is literally the canonical study route for the certification.
Here is what that means in practice. Eighty-nine rooms across 17 modules. A fully rewritten web security curriculum aligned to the 2025 OWASP Top 10. A brand new nine-room Active Directory module that replaces the single legacy AD room that used to exist. Dedicated Burp Suite modules covering the Basics, Repeater, Intruder, Extensions, and a full Burp challenge. Complete privilege escalation coverage on both Linux and Windows. A Python scripting for pentesters module. Full pentest methodology including scoping, threat modelling, report writing, and re-testing. And three capstone challenges at the end that test the full kill chain across everything you have built.
Work through the path in sequence. Document every room as a writeup. By the time you reach the capstone challenges, sitting PT1 should feel like a familiar format rather than an unknown quantity.
How Long Does Preparation Actually Take?
Honestly? It depends on where you are starting from.
If you have solid networking, Linux, and web fundamentals already in place: four to six months of consistent work through the path, spending real time on the Active Directory and reporting modules, puts you in a strong position.
If you are building those foundations at the same time: six to nine months. Do not rush the foundations. The exam will find the gaps.
The path is designed so that completing it thoroughly is completing your exam preparation. The capstone challenges at the end are specifically designed to mirror the PT1 format. If you can get through those without hints, you are ready.
What About OSCP? Should I Do That Instead?
OSCP is the certification most penetration testers are ultimately working toward. It is harder, more expensive, and more demanding than PT1, and it carries serious weight with hiring managers across the industry.
But here is the thing: PT1 is not a stepping stone you reluctantly complete on the way to the real thing. It is the certification that makes you job-ready at junior level right now, proves you can run a structured engagement and communicate findings professionally, and gives you the documented foundation that makes OSCP preparation sharper when you get there.
Try to go straight to OSCP as your first practical certification experience? Harder road. Higher failure rate. More expensive mistake. Do PT1 first. Then go get OSCP. That sequence works.
Where Do You Start?
Open the Jr Penetration Tester path. Start Module 1. Complete the guided web pentest room and the guided network pentest room. Those two rooms alone will tell you how far your current skills are from exam-ready, and exactly what you need to build.
The path is there. The certification is waiting. The only question is how long before you go get it.
Nick O'Grady