ECSA - Practical Review

[jdoffsec]

Hello Everyone,

I just finished completing the ECSA practical and wantedto share my review. Opinions on EC Council vary from person to person but theway I see it, you have to look at what you’re looking to get out of the courseand whether or not it truly pertains to you. If you’re a veteran baker of 20years, and you take a baking 101 class, then you should probably assume they’renot going to teach you how to bake bread in ways you don’t already know.

I tookthe official ECSA online training for self-paced study and found it quiteinformative and I’ve personally found the way Eric Reed teaches contentengaging and easy to retain. But not everyone likes the reading off the slides strategy.

You are tasked with capture-the-flag like scenarios thatare designed to be done in 5 days, similar to common pen test engagements, butyou are by default given 30 days of lab time to complete them and 60 days tosubmit your report. After you activate your ECSA Dashboard, you 60 day reporttimeline begins to countdown. However, the 30 days to complete your challengesdoesn’t start until you activate the iLabsfor ECSA specifically.

You are given 4 machines as part of your war roomenvironment, two Windows machines and two Linux machines. There was one challengethat I believe you have no choice but to use Windows, but that was at least my solutionfor the task. You need to achieve at least 70 points to pass but you're better off trying to complete each challenge and get as many points as possible; you don't want to risk miscalculating your total points or lose points for something by mistake and failing with a 69.

Here are some tips that may or may not help you throughthis process:

1. Do not worry about the report format untilyou finish all your challenges
2. Keep a separate word doc for each challengeto start with to keep everything separate and easier to manage
3. As you go through your challenge, document /screenshot enough steps so you can easily back trace your efforts if need be(be as verbose as you need)
a. You do not have to document items irrelevantitems such as, I cd’d into XYZ and couldn’t find anything there, so I went intoXYZ\123, drank a coffee, etc… Keep it relevant to the specific successful stepsto completing your challenge; they want to see what worked, not what didn’twork
4. If you’re working on a challenge domain thatyou’re not confident in or struggling with, keep a notepad handy and keep trackof things you have tried
5. I was able to compromise each host in morethan one way, unless the challenge tells you to do something specific, it doesnot matter which route you take. A win is a win!

In the end, I found these practical challenges quite funand engaging, and there are quite a few easter eggs that made me laugh. Whetheryou’re a student, professional, or seasoned penetration tester, I would recommendthis course whether you’re looking to get into this field, or looking to brushup on your skill set.

I hope someone may find this helpful and best of luck toeveryone currently taking their practical.

[den2017nick]

Thanks for the insight. Have you attempted the actual exam yet? If so, does it test you on PDF material or does it go further?

[jensmg]

Thnaks for your review jdoffsec. I also took the Online Course from EC Council. As je said 100% Eric Reeds style may not fit everybody for me for example it was too much slide ready on the other end it was web based. I did the challenges and I really liked them. I am now writing the report. One question to you. Did you wrote a mitigate for each vulnerability you found or didnt you not includes this. At the moment I am panicking a bit about the report.

Maybe you can help I am not lookig for solutions I mastered all the challenges just as an idea from you I would lieke to hear what you wrote in your report.

Thanks

[gphilips]

jdoffsec,

Nice review. Out of curiosity, you mentioned that the scenario is staged to take about 5 days. Did you find it actually took you that amount of time to complete, or was it much faster?

Also, how did you prepare for the written exam? Any pointers for studying or good preparation documents?

[jdoffsec]

den2017nick,
I have not taken the exam yet,but I asked a friend who has taken the exam and said it is very similar to thecourse materials. I'll be taking mine in a couple of days.

jensmg,
You do not have to write how tomitigate the vulnerabilities you find, but for experience, it would not hurt. I includedthose steps in my report. My report ended up at 65 pages.

Gphilips
I personally took the 5 days(with the 5^th being the day to write to the report) so I could getsome rest and only tackled the challenges after work. Realistically I think itonly took about a total of 10 hours for me to finish all my challenges. Butsince you’re given 30 days, you really don’t have any reason to rush to it.

Best of luck to everyone!

[gphilips]

Thanks! Congrats, and good luck on the written.

[jdoffsec]

Unfortunately it took me a little bit of time to get settled in before I could take the written exam. I was able to sit down and successfully complete the exam this morning. I personally didn't find it too difficult and didn't need to purchase any practice tests; the E Courseware for the ECSA class itself was more than enough. All around I felt the ECSA was a very beneficial experience and was good way to get your feet wet with a practical pen test exam.

Good luck to anyone who is pursuing this certification!