---
url: "https://xcademia.com/courses/xehp-xcademia-ethical-hacker-practitioner"
title: "XEHP: Xcademia Ethical Hacker Practitioner"
description: "Earn XEHP through a 10-day ethical hacking programme. Practitioner-assessed. No MCQs. MITRE ATT&CK and NCSC CHECK aligned. CEH and OSCP alternative UK."
publishedAt: "2026-04-20T05:51:02.312302+00:00"
updatedAt: "2026-04-21T09:17:46.258676+00:00"
type: course
code: "CYB-0330"
level: Expert
duration_days: "10"
track: "Ethical Hacking & Pen Testing"
category: "Cybersecurity & Ethical Hacking"
credential_tier: tier3
price_gbp: "5995"
---

# XEHP: Xcademia Ethical Hacker Practitioner

> The XEHP Certification Programme is the practitioner standard for ethical hackers who demonstrate real offensive capability across network, web, cloud, and active directory environments. Assessed on Day 10 by a senior practitioner through a supervised simulated engagement. No MCQs. No exam anxiety. No question bank to memorise.

## Overview

Modern organisations face adversaries who do not follow a textbook. The penetration tester who can only replicate what a certification study guide describes is not the practitioner organisations need. XEHP is built for professionals who want to demonstrate genuine offensive capability, methodically, ethically, and professionally, across the full attack surface of a modern enterprise.

Across ten instructor-led days, participants build competency across the complete penetration testing lifecycle: from OSINT and reconnaissance through network infrastructure exploitation, active directory attacks, web and API security testing, cloud penetration, container security, advanced evasion, and professional engagement reporting. Where CEH v13 covers 20 modules across 5 days then sends candidates alone to a 125-question multiple choice exam, XEHP puts a senior practitioner in the room for all 10 days and evaluates actual work on Day 10.

On Day 10, participants conduct a scoped simulated engagement against a realistic enterprise target. The senior practitioner observes methodology, tooling decisions, and report quality. A Practitioner Assessment Report is issued alongside the XEHP certificate. Aligned with PTES, MITRE ATT&CK v14, OWASP Top 10 2025, NCSC CHECK methodology, NIST SP 800-115, and DoD 8140.

## Prerequisites

- Minimum 12 months in an IT or security role with hands-on technical exposure to networks and systems
- Working knowledge of TCP/IP networking, Windows and Linux operating systems at administrator level
- Basic familiarity with at least one scripting language: Python, Bash, or PowerShell

## What you will learn

- Design and execute structured penetration testing engagements using PTES and NIST SP 800-115 from scoping through final report delivery
- Exploit network infrastructure, active directory environments, web applications, and APIs using current offensive tooling in authorised environments
- Implement active directory attack techniques including Kerberoasting, Pass-the-Hash, DCSync, and lateral movement
- Assess cloud platform misconfigurations across AWS, Azure, and GCP using cloud-native offensive tools
- Produce professional penetration testing reports with executive summaries, CVSS-rated findings, and remediation recommendations
- Communicate engagement findings clearly to both technical teams and non-technical leadership at professional standard

## Skills you will gain

- Network penetration testing
- Active directory exploitation
- Web application hacking
- API security testing
- Cloud penetration testing (AWS/Azure/GCP)
- MITRE ATT&CK v14 mapping
- Vulnerability analysis and chaining
- Engagement report writing
- Container and Kubernetes security testing
- Evasion techniques
- Social engineering simulation
- OSINT tradecraft

## Career progression

- Penetration Tester
- Red Team Operator
- Security Consultant
- Vulnerability Assessor
- Offensive Security Engineer
- Application Security Engineer

## Framework alignment

- PTES
- NIST SP 800-115
- MITRE ATT&CK v14
- OWASP Top 10 2025
- OWASP API Top 10
- NCSC CHECK
- NIST CSF 2.0
- DoD 8140

## Curriculum

1. **Module 1**
2. **Module 2**
3. **Module 3**

## Exam & certification

You will receive an Xcademia certificate of completion based on participation and successful completion of labs and scenario simulations.

## Delivery options

- **Live Online** — Join live instructor-led sessions from anywhere. Interactive, engaging, and flexible.
- **Onsite Training** — We come to you. Training delivered at your workplace for teams of 6 or more.
- **Venue-Based** — Classroom training at a professional venue. Ideal for focused, immersive learning.
- **Blended** — Combine online and in-person learning for maximum flexibility and impact.

## Frequently asked questions

**How does XEHP compare to EC-Council CEH v13?**

CEH v13 is 5 days of training followed by 125 multiple choice questions. XEHP is 10 instructor-led days ending in a supervised real engagement on Day 10. The practitioner observes your methodology and produces a signed assessment report. Employers see what you demonstrated, not a test percentage. CEH costs over $2,800 with renewal fees every 3 years. XEHP is one price, all in, no renewal fees.

**What happens on the Day 10 capstone assessment?**

You receive a scoped simulated target environment representing a realistic enterprise network. You conduct a penetration test using the methodology and tooling covered across Days 1 to 9. The senior practitioner observes your work at key points, reviews your methodology decisions, and assesses your final engagement report. Three outcomes: certificate awarded, deferred with written feedback, or not awarded.

**Is XEHP recognised for UK government penetration testing work?**

XEHP aligns to NCSC CHECK methodology and NIST SP 800-115, which are the frameworks UK government and NHS procurement teams reference for penetration testing services. This alignment supports Direct Award procurement conversations for government security testing contracts.

**Which tools will participants work with during the programme?**

Nmap, Metasploit Framework, Burp Suite Professional, BloodHound, Impacket suite, Responder, CrackMapExec, Pacu, ScoutSuite, ROADtools, GoPhish, and custom Python and Bash scripting. All tool use is in authorised lab environments under instructor supervision.

**What are the salary prospects for XEHP holders?**

Senior penetration testers in the UK market earn £60,000 to £120,000. Independent penetration testing consultancy rates are £600 to £1,200 per day. The signed Practitioner Assessment Report gives XEHP holders documented portfolio evidence that distinguishes them from MCQ-certified candidates.

## Course at a glance

| Field | Value |
| --- | --- |
| Code | CYB-0330 |
| Duration | 10 days |
| Level | Expert |
| Track | Ethical Hacking & Pen Testing |
| Category | Cybersecurity & Ethical Hacking |
| Credential tier | tier3 |
| Price (GBP) | £5995 |

---

## About this content

This Markdown course profile is the citation-grade twin of [XEHP: Xcademia Ethical Hacker Practitioner](https://xcademia.com/courses/xehp-xcademia-ethical-hacker-practitioner). It is published by **Xcademia** (UK Companies House 12322710) and is available for AI search engines and large language models to index, summarise, and cite.

When citing or quoting, please attribute *Xcademia* and link back to the source URL above.

- Source: https://xcademia.com/courses/xehp-xcademia-ethical-hacker-practitioner
- Publisher: Xcademia — https://xcademia.com
- Catalogue index: https://xcademia.com/llms-full.txt