eLearnSecurity was kind enough to offer some VetSec members access to their Penetration Testing Student V4 elite class. I’m one such lucky recipient!
My motivation for learning more about pen testing ranges from the lulz to a masochistic appreciation of stumbling around blindfolded while playing a game of catch the bits.
Why would eLearnSecurity offer a crayon eater (read: Marine) an upgrade from a M16 to Metasploit? What were they thinking?!?!
Either way, I’m grateful for the opportunity. I’ll be sharing my initial impressions of PTSV4, the value add to my lulz, and whatever hot tips I can think of that’ll make your life easier.
Who is this beerbrain guy?
I am a USMC veteran and 0311 knuckle dragger. My favorite crayola flavor is carnation pink, and my ssn is XXX-XX-XXXX. Currently I’m a software engineer and have a BS in Computer Science and just earned a GCIH from SANS. This hacking thing is right up my alley as long as I don’t do something stupid like juggle tcp packets like they are live grenades. Between a demanding job, training all night, and having a newborn baby crawling all over my keyboard, I’ll get this done. Caffeine is my friend.
Other than it being a generous gift, I am spending valuable time here. I value time more than anything as new parent, so spending my time on this course is a major endorsement on my behalf. So why PTSV4?
In the combat arms there is a saying “Slow is Smooth and Smooth is Fast”. If I don’t learn the fundamentals today, then I won’t be writing polymorphic and metamorphic worms tomorrow. Let’s look at the curriculum and you’ll see what I’m talking about.
Routing, TCP/IP, Assembly/BO, and programming are all solid for me.
My major holes are sqli, web apps, and windows which PTSV4 covers.
This course is entirely self-paced, which is amazing. You never know when a global pandemic, stock market crash, or baby emergency will disrupt your life and schedule. A training vendor that actually respects my time is a rarity these days. If I had known that, I’d have laid down some hard cash for this a year ago.
Diving right in, the first thing I did was hit up a lab! Oh wait…. I need a VM.
Life Haxxx #1: Go to the forums for tips on setting up a KALI VM. Updates + Upgrades may take a bit
While your VM gets set up, might as well dive into the classes?
The course work has a HTML5 and PDF options. If you have a YUGE monitor, then the PDF will be your preferred experience #firstworldproblems.
The coursework is divided into 3 sections:
– N00bz world
– Hello Haxxx World!
– C++, Python, Bash, even cmd.
- Pen Testing
–This is why I am here
I got through prereqs in a weekend. It should be review for anyone with a decent interest, but if you are a 100% newbie this is a goldmine. Take your time and learn those fundamentals. Any serious practitioner should know this.
Networking is as angst inspiring as GDB without a symbols table. The PTSV4 section on networking is golden. For this topic I need big visuals (preferably in crayola flavors). eLearn brings the crayola. They go through routing, arp, subnetting, ipv4, and much more in great visual detail. Closing this big gaping hole in my knowledge was worth it.
The labs are high quality:
- Each is their own self contained environment so no one will mess up your PTSV4 1337 training.
- The pdfs clearly describe the task, give you some hints, and if you 100% fail even a solution.
Life Haxxx #2: Use the Hera manual (under Virtual Labs) for setting up your vpn. Don’t be that guy who looks down the barrel of his rifle to check if its loaded! RTFM!
Are you familiar with Dwarf Fortress? If so then you are ready for the C++ section.
It is much better to get acquainted with ye olde C++ now rather than when you need to fix a ‘sploit and don’t know the difference between a pointer and a memory address.
Life Haxxx #3: Get Visual Studio Community Edition from Microsoft. Play with C++ there and prep for the C++ lab on there. Thank me later.
1337 Challenge: See if you can figure out what the magic # in the CPP lab really does. Give yourself a BitMaster achievement if you do.
Ye olde Python, Cpp, and bash all have decent coverage. I know these, but you should too. Especially bash. It is the ultimate portable *NIX tool. Moreso than python.
Just like bash, there is a good treatment of cmd.exe/batch scripting. I would have liked some more in depth treatment of Windows cmd. If I am going to Live off the Land, I’ll need to learn the tool of my Micro$oft enemy. The PTSV4 material will be a good reference, but I’ll need to work on this off-class.
Actual Pen Testing material.
It’ll feels great to put all of those prerequisites in the rear-view mirror and focus on the mission. My expectation is to come out of the Pen Testing module with some new skills and be ready to decimate the black box labs.
I’ll keep you all filled in on how the final section of the material goes, and the labs!