Gaining A Foothold On Your Career With eCPPT

May 16, 2021
Category: Uncategorized

Thank you so much for taking the time to read this review of eLearnSecurity’s Penetration Testing Professional (PTP) course and eCPPTv2 certification! Last year, I was lucky enough to win a raffle of sorts through VetSec, when they and eLearnSecurity combined their forces, and came up with a sweet deal for members of the VetSec community. Thank you to both of these organizations for sponsoring my journey to become eCPPT certified!

If you’re already in the ethical hacking community, you may have heard of PTP by eLearnSecurity; however, if you are completely unfamiliar with this course, or the eCPPTv2 certification, allow me to give you a gentle summary. PTP is intended to be an entry-level training course for aspiring penetration testers. Many of the topics covered in this course can be found in similar courses offered by other companies, but today we are just discussing PTP by eLearnSecurity.

Before going further, I would like to note that although this course was fully paid for by VetSec and eLearnSecurity, these organizations may not share my thoughts or opinions, and this blog post is not intended to represent my opinions as theirs. I’m very grateful for the opportunity these organizations afforded me, and I hope this review is helpful for students!

What To Expect From PTP

The PTP course covers seven main topics, branching off into module-specific subtopics: system security, network security, Powershell for pentesters, Linux exploitation, web application security, wireless security, and creating simple tools with the Ruby scripting language and the Metasploit framework. The course holds very little back from the student, and immediately throws you into the system security module. It’s very good material, especially if you’ve never been exposed to systems architecture information, or simple binary exploitation and malware attacks. Having even a basic understanding of systems architecture with a security-centric foundation will set you apart from your peers if/when you’re ready to hit the job market.

One thing that I especially liked about this course was that eLearnSecurity contributes some cool career tips they have learned from conducting assessments throughout their careers. At one point, they even go so far as to offer advice for aspiring consultants and how to navigate the challenges of conference-room dealings with clients. These small pieces of wisdom really stood out to me, and I hope more companies take this approach with their courses.

As for the course material itself, each subtopic within a main module has accompanying PDF slides, videos, and labs for the student to mess around in (there are even downloadable resources!). I found the labs and videos to be of most value to me – although, I would like to note the slides cover many great topics that you should certainly read further on. I think eLearnSecurity could really offset the written material by going to a short-hand paragraph style format vs. slides; however, the slides do give you enough information to point you in great directions for each subtopic.

The labs are where the magic is at, and I highly recommend you spend as much time as possible in them, especially if you are totally new to the world of ethical hacking. Some of the infrastructure and tools used are a little dated, but that’s not the important part. The important part is the methodology these modules teach. If you look at these examples as branching-off points to more modern systems and tools, I think you will find there are many similarities between old and new. Don’t let your ego get in the way of learning! If you see something out of date, simply use Google for the modern equivalent of whatever specific thing is being used. Trust me, the methodology is all the same!

The student dashboard is very easy to look at, and well-organized. It is not easy to get overwhelmed or lost in the materials provided. Additionally, one of the cool “nice to have” features provided is a simple little checkbox next to each module where the student can track their progress. I think eLearnSecurity has really done a great job with this course, although, there are some areas that could use some improvement. The PTP course itself is a great foundation for new/aspiring penetration testers.

The course attempts to organize its material in a mostly logical sequence, similar in order to that of real penetration testing methodologies: information gathering, enumeration, exploitation, and post-exploitation. As stated earlier, the exception to this is the very first module on systems security. The subsequent modules are formatted in an easy-to-follow, start-to-finish, flow of information. The network security, Linux exploitation, and web app security modules are where the bread and butter of the course exist, and the three combined cover all of the main stages of a penetration test. That’s not to insinuate that students should only study those three modules; however, that is where the bulk of the network penetration testing material can be found.

The Wi-Fi security module has good content, but I think it needs a revamp as the audio quality was a little difficult to listen to. I think one addition this particular module could benefit from is abusing endpoint certificates for hardened wireless configurations like WPA/2 Enterprise and Radius environments. The Powershell and Ruby modules were both great additions to the course, and cover such things as tool creation, integrating custom exploits into metasploit, general programming concepts, and leveraging these languages to make certain penetration testing tasks a little easier. I highly recommend going through both of these modules, especially if you do not currently have any programming or scripting experience.

My Exam Experience

Overall, the course sets the student up nicely for the exam. eLearnSecurity gives the student plenty of time to complete the exam objectives (over a full week!), and you can start whenever you are ready to take it. There are no scheduling dates, or having to wait for other students – you can just take it whenever you wish with a single click! I cannot give any details about the exam, but just know there will not be any curve-balls thrown your way if you have thoroughly gone through all of the course materials. In my opinion, the most important thing you should understand about this exam is to read the exam objectives very carefully. The exam is designed to be conducted like one would conduct an actual penetration test, and once you start, you are left to your own ability to navigate the exam environment.

If you would like some quality of life tips, that I can certainly do! I highly recommend using Flameshot for taking screenshots, and Joplin/pandoc for documenting/writing your report – this will significantly cut down on time for writing your report and creating its final product. It is critical that you document as much as you possibly can, and label your notes and screenshots in a way that makes sense for what those notes and screenshots are documenting. Flameshot has a handy feature of drawing little red boxes, and this can be useful for both real life, and helping eLearnSecurity staff grade your report a little faster.

It may also be handy to have two lab/testing VM’s setup prior to going into the exam – one Linux, one Windows. On real engagements, you don’t want to crash a host by running some untested exploit, or using a tool that you haven’t thoroughly vetted, and you should treat the eLearnSecurity exam environment the same way – lest ye be in for many headaches!

If you decide to generate your report via Joplin & pandoc, make sure your pandoc template’s headers are correct. I almost failed my exam, because I was being stupid, and was almost unable to compile my report at the last minute due to formatting issues with copy/pasting to and from Joplin. When in doubt, copy/paste your notes from Joplin to a file that already has your template headers in it, or copy/paste the template headers from a known-good file!

Most importantly, relax. Don’t be intimidated by the length of time eLearnSecurity provides for you to complete the exam. I completed all of the exam objectives within 14 hours, and spent the rest of my exam time relaxing and doing work – then scrambled to complete my report within 7 hours on the very last day. Don’t do that. If you complete your objectives early, give yourself some time to wind down, and then start crunching away at the report as soon as you can.

Some Misconceptions

Personally, I was a little surprised to find there was very little, if any, discussion on active directory (AD) attacks in this course – as I had heard from many people that there were. Hear me out, many people erroneously mistake running man-in-the-middle attacks and replay attacks with tools like Responder as attacking AD. Replay attacks do not exploit vulnerabilities or misconfigurations that are specific to AD environments. It is very important that you understand that, because you will be in for a rude awakening in a job interview if you believe that.

This course sets a great foundation for new penetration testers, and like I said before, the course material will prepare you for the exam in its own right. However, there are a number of topics this course does not cover, specifically, many common attacks against web applications and active directory. The information presented in the web app security module is good, but PTP mainly covers two specific web application attacks at length, with a nod to very few other attacks. If you are interested in supplementing your knowledge on top of this course, I recommend going through Port-Swigger’s Web Academy course to gain some more knowledge of web application security, and the “Throwback” labs on TryHackMe to boost your active directory attack knowledge.

Final Thoughts

The PTP course and eCPPT certification offered by eLearnSecurity are a great starting point to build your penetration testing career on. Don’t let my personal opinion on some specific little thing deter you from pursuing this certification. Just understand, this is very much an entry-level course, and no single course can ever fully prepare you for real life. eLearnSecurity has done a fine job with PTP, and I would recommend it to anybody wanting to get into the field of penetration testing. eLearnSecurity offers several other courses in the field of information security, PTP being just one of them. This was my first certification under eLearnSecurity, and I hope to pursue eCPTX in the future.

If you’re currently on active duty, or a veteran yourself, VetSec is a wonderful community, and I’m happy I joined it. I hope to see you on our Slack and becoming a part of our community!