Loading...
Loading...
CEH, CPTE, OSCP prep, CRTP, Burp Suite and bug bounty — all taught by nCrypt consultants who run live client engagements, not career trainers who last touched Kali in 2019.
Malaysia's cybersecurity training market is dominated by authorised training centres whose instructors are full-time trainers. They know the exam domains. They do not know that the Malaysian bank you are about to test runs a specific version of PeopleSoft ERP with known unpatched CVEs, or that the Malaysian government portal you are scoping uses a particular WAF bypass pattern that your Metasploit module will not fire on.
nCrypt offensive security trainers are working pentesters. Between intakes, they are running Bank Negara RMiT penetration tests, red team exercises for Malaysian GLCs, and web application assessments for fintech licencees. The labs and case studies in our courses reflect the environments, configurations, and mis-configurations we actually encounter in Malaysian enterprise networks — not the vendor's idealised lab topology.
The result is that nCrypt offensive training alumni leave with exam credentials and genuine attack technique fluency — and a mental model of what a Malaysian network actually looks like when you hit it from the outside.
The world's most widely-recognised ethical hacking certification. v13 adds AI-augmented attack techniques, GenAI-powered malware patterns, and updated cloud attack modules alongside the classic 20 modules. Includes EC-Council exam voucher.
Structured pentest methodology from reconnaissance through post-exploitation and professional reporting. Full cyber-range labs on a Windows AD + Linux + web target environment. Mile2 exam on Day 5. Ideal OSCP stepping-stone.
Instructor-led acceleration programme covering the hardest parts of the OSCP curriculum: Active Directory attacks, pivoting, tunnelling, custom exploit development, and the Try Harder mindset for a 24-hour exam. Students must purchase PEN-200 labs independently from OffSec.
Hands-on Active Directory attack course covering the full internal red-team kill chain: domain enumeration, ACL abuse, trust attacks, Kerberos delegation, and cross-forest exploitation. Entirely lab-based with a fully patched Windows Server 2022 environment. Exam lab included.
Two-day deep-dive into Burp Suite Professional for web application testers. Covers the full BSCP exam syllabus: SQL injection, XSS, CSRF, SSRF, XXE, IDOR, business logic, OAuth/JWT, and GraphQL attacks using a dedicated lab environment. Suitable both as a standalone skill-builder and BSCP exam preparation.
Practical bug bounty methodology from programme selection through to triage-ready report writing. Covers reconnaissance automation, subdomain enumeration, API attack surfaces, recon pipelines, and writing reports that get paid — not marked as 'informational'. Includes a live recon session on a public bug bounty target.
| Course | Date | Mode | Fee |
|---|---|---|---|
| CEH v13 | 7–11 Jul 2026 | Kuala Lumpur | RM 6,500 |
| Burp Suite Practitioner | 11–12 Aug 2026 | Virtual (VILT) | RM 2,800 |
| CPTE | 11–15 Aug 2026 | Kuala Lumpur | RM 6,500 |
| Bug Bounty Methodology | 17–18 Sep 2026 | Virtual (VILT) | RM 2,500 |
| OSCP PEN-200 Prep | 22–25 Sep 2026 | Kuala Lumpur | RM 7,500 |
| CRTP | 5–8 Oct 2026 | Virtual (VILT) | RM 5,500 |
All fees are per participant and HRDC SBL-Khas claimable. Group discounts available for 5+ participants.
Start with CEH v13 if you want a widely-recognised, employer-understood credential. If you already have network or sysadmin experience and want to move faster toward a practitioner credential, CPTE is the better investment — it is more hands-on and maps directly to how Malaysian pentest engagements are actually scoped and delivered. OSCP is the gold standard but demands significant prior hands-on experience; treat it as year-two, not year-one.
Yes. All nCrypt offensive security courses are registered with HRD Corp under SBL-Khas. We provide the HRDC course code, T3 trainer credentials, official course outline, and the full post-training claim pack. Most HRDF-registered employers can recover 100% of the course fee from their levy balance.
CEH v13 and CPTE include the official exam voucher in the published price. OSCP PEN-200 preparation does not include the OffSec PEN-200 lab subscription (purchased directly from OffSec). CRTP and Burp Suite Practitioner include lab access but not the external exam voucher unless specified at enrolment.
nCrypt maintains a private, on-demand cyber range hosted on our own infrastructure. It includes Windows AD environments (Server 2022, multiple DCs, workstations), Linux servers, intentionally vulnerable web applications, and cloud-connected targets. Lab environments are spun up fresh for each cohort so participants always work against a clean, unmodified target estate.
Yes — in-house cohorts for CEH, CPTE, or a bespoke offensive security curriculum are available for groups of 5 or more. We tailor the lab scenarios to your industry (Malaysian bank internal network, manufacturing OT-adjacent DMZ, e-commerce platform) so the training reflects your actual threat exposure. See our in-house corporate training page.
CEH gives you a map of the territory. OSCP requires you to navigate it under pressure. Most practitioners find that 6–12 months of regular TryHackMe / HackTheBox practice after CEH, plus completing our OSCP Prep course, is sufficient to attempt PEN-200 with reasonable pass confidence. The CRTP course is also a strong parallel investment if your target environment is Windows AD.
All courses are available as closed corporate cohorts. Minimum 5 participants. We tailor labs to your sector and tech stack.