Certification
ACIP
Validate your ability to assess a connected IoT ecosystem, demonstrate impact, and produce a professional report under exam conditions.
What ACIP certifies
That you can find, validate, and communicate vulnerabilities across the full IoT attack surface: hardware artifacts, firmware, wireless protocols, web interfaces, and networked infrastructure.
This is not a multiple-choice test. It is not a tool certification.
It is a performance signal for people who need to prove they can assess connected-device environments and communicate results to decision makers.
How the exam works
One exam. One price. Your performance determines your tier.
Phase 1
2-hour technical window
Browser-based workstation via noVNC. A private assessment environment with connected systems, realistic dependencies, and exam-specific evidence artifacts.
- Pre-configured with required assessment tools
- No internet egress from the exam workstation
- Engagement brief and evidence artifacts provided
Phase 2
24-hour writeup window
Finalize and submit your professional writeup: findings, methodology, evidence, impact analysis, and remediation guidance.
- Submitted through the exam submission process
- AI tools may be used for cross-checking and polishing
- The report is approximately 30% of your total score
The assessment environment
ACIP runs in a private, browser-based IoT assessment environment designed to reflect the ambiguity of a real client engagement. You receive an engagement brief, a prepared workstation, and representative evidence artifacts. From there, your job is to investigate the environment, identify viable attack paths, demonstrate impact, and document the work clearly.
Representative assessment environment
The environment includes connected systems, dependencies, and segmentation. The specific targets, topology, and objective paths are revealed only in the exam brief, so candidates are assessed on investigation and judgment rather than memorization.
Evidence-led assessment
Candidates are evaluated on how they interpret artifacts, validate assumptions, demonstrate access, and support findings with reproducible evidence.
Built for professional judgment
The exam rewards attack-chain reasoning, impact articulation, and report quality, not memorized answers or isolated tool usage.
Domains assessed
Six domains that mirror a real-world IoT penetration test engagement. Each exists because it reflects something a working IoT security assessor actually does.
Reconnaissance & hardware artifacts
Interpret logs, dumps, images, and captures from a connected-device engagement. Extract signal, validate assumptions, and turn early evidence into an assessment plan.
Firmware analysis
Extract, inspect, and reason about embedded firmware to identify weaknesses, recover relevant evidence, and understand how device behavior connects to broader system risk.
Radio & protocol analysis
Work across wireless and application protocols with enough depth to understand what the traffic means, where trust breaks down, and how protocol findings affect impact.
Live exploitation
Move from discovery to demonstrated access. ACIP evaluates whether you can validate findings in a live environment, not just describe possible vulnerabilities.
Post-exploitation & impact
Reason across connected systems and show why a finding matters. The exam rewards attack-chain thinking and clear impact demonstration over isolated wins.
Professional reporting
Write the report a client or hiring manager can trust: clear findings, reproducible evidence, realistic impact, and actionable remediation guidance.
How ACIP is different
Most IoT certifications test whether you can use tools. ACIP tests whether you can chain findings across hardware artifacts, firmware, wireless protocols, web interfaces, and networked infrastructure into a coherent attack narrative.
The environment is designed to test cross-system reasoning, not isolated challenge solving. Candidates have to understand how evidence, access, dependencies, and impact fit together in a professional assessment.
The report is approximately 30% of your score. In professional practice, a vulnerability you can't articulate is one you didn't fully understand. We grade accordingly.
What ACIP signals
ACIP is designed to be readable by more than candidates. It gives employers, security leaders, and clients a practical signal about what a credential holder has demonstrated under assessment conditions.
Scoring & tiers
ACIP is a single exam at a single price. There are no separate exams for different levels. Every candidate takes the same assessment, and your tier is determined by your performance.
You must meet minimum standards on both dimensions. Falling short on either means you do not certify, regardless of performance on the other. Not all objectives carry the same weight.
ACIP Practitioner
Solid fundamentals across IoT attack surface assessment. Clear methodology and adequate evidence discipline.
ACIP Specialist
Demonstrated depth, effective attack chaining across connected systems, and client-ready reporting quality.
ACIP Expert
Comprehensive mastery with professional-grade deliverables, full attack chain completion, and exceptional methodology.
Tier assignment is a holistic evaluation, not a single score threshold. Graders evaluate the overall quality and completeness of your work.
Our position on AI tools
The exam workstation has no internet access. During the 2-hour technical window, you work with the tools on the workstation. Your submitted evidence must come from your own investigation of the assessment environment.
During the 24-hour writeup window, AI tools may be used for cross-checking, polishing, and improving your report. You remain responsible for the originality, accuracy, and technical correctness of your submission.
ACIP is designed to assess methodology, evidence discipline, and attack-chain reasoning in a live environment. Tool output is not a substitute for demonstrated understanding.
Examination
Retakes: $129 after a 6-month waiting period.
- 2-hour practical exam in a live environment
- 24-hour writeup submission window
- Pre-configured workstation with required tools
- Results and feedback within 72 hours
- Digital verifiable badge (valid for 2 years)
- Session recording for dispute resolution
Frequently asked questions
A 2-hour practical exam in a live IoT environment, followed by a 24-hour window to finalize and submit your professional writeup. The workstation includes the tools needed for the assessment, including firmware utilities, network tooling, protocol analysis tools, and scripting environments. The exam workstation does not provide internet egress.
External references are not available inside the technical workstation. During the 2-hour technical window, your submitted evidence must come from your own investigation of the exam environment.
During the 24-hour writeup window, AI tools may be used for cross-checking and polishing. You remain responsible for the originality, accuracy, and technical correctness of your submission.
We grade on what you demonstrated, not what you intended. Evidence proves methodology. Your writeup proves comprehension.
Technical objectives (~70%) are verified using your submitted evidence and methodology. Writeup quality (~30%) is graded across clarity, technical correctness, impact articulation, and remediation quality. Not all objectives carry the same weight.
You receive specific feedback on which objectives and report areas need improvement, with guidance on where to focus before another attempt.
Retakes are available after a 6-month waiting period ($129). The waiting period exists so you have time to address the gaps, not just retake and hope for a different outcome.
We recommend completing Offensive IoT Exploitation (OIX) or building equivalent hands-on skills. The exam does not teach; it certifies. If you need to build foundational skills first, start with training.
ACIP certifies hands-on capability; it does not teach it. If you want to build the full workflow first, start with Offensive IoT Exploitation training.