+ Reply to Thread
Results 1 to 20 of 20
  1. Senior Member
    Join Date
    Feb 2016
    Posts
    125
    #1

    Default eLearnSecurity/Caendra

    As I sit here wondering my next chest move I do some reading. Then I find myself looking at Reddit, a few other sites and this particular site.

    Then for one reason or another I decide to take a deeper dive into eLearnSecurity. The first place I look is job boards. I definitely struck out. I stuck ejpt into indeed and get 0 hits. I stick eccpt into indeed and get four hits, although half of those hits are from the actual company eLearn Security. So I guess technically it should count only as two hits. No surprises here. Although people promote the site for whatever reason, the actual experience in beneficial ( for some) , that is really about it.

    So, I say let me just purchase this training. It is only 400 bucks. I have spent way more than that on certification training.

    So I bought the Penetration Testing Elite Version. It gave you the typical hey do you want to add more stuff in your shopping cart page. I clicked no. I was hesitant in adding this course to my shopping cart let alone anything else.

    Long story short I get an email for verification purposes. Here take a look:

    Dear Girlygirl,
    We are thrilled to have you on board.
    However we need further checks before we can open your account.
    Kindly provide us with the following documents:
    • a scan of your government ID with photograph (passport or driver license);
    • a scan of your credit card. You can hide the first 12 digits.
    You can upload your documents here:
    www.jklajdflkajfkldf.com
    Your name and photo should be readable and supported formats are PDF, JPEG, ZIP, RAR, and TAR.GZ.
    ***Please do so within 5 days to avoid order and payment rejection*** Oh no let me hurry up and get right on it...


    So, you want not just a copy of my identification but ALSO a copy of my edited credit card... For a 400 dollar non-recognized course. I think not. I will not. I can not. I have never in my life had to show TWO forms of identification for such little return. That is my gripe for tonight. I will gladly take my $399 back and won't loose any sleep.

    That is my complaint for today.
    Last edited by GirlyGirl; 09-17-2017 at 07:04 PM.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member cyberguypr's Avatar
    Join Date
    May 2007
    Location
    Chicago, IL
    Posts
    5,851

    Certifications
    GCFE, GCED, GCIH, CISSP, CCSP, and others that should never be mentioned
    #2
    Good for you. I file this under the "F-no" category. Edited or not, I would never provide that information to anyone for a simple course.
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Sep 2016
    Location
    VA
    Posts
    466

    Certifications
    CISSP, PMP, CCNP, FITSP-M
    #3
    Something's not right, I'd do the following:
    - Report it to them directly. Try pinging them at support@elearnsecurity.com
    - Sign up for the bare-bones junior pen testing course (PTSv3? I'm assuming that's the one you bought). There's a code floating around through their twitter account to get it for free (see Aug 29 in their Twitter feed). Once you do so, they give you $100 off on each of the full and elite to upgrade so full is $200, elite is $300.
    Last edited by EANx; 09-17-2017 at 11:21 PM.
    2017: CCNP (done), FITSI-M (done) CCIE Written
    2018: CCIE R/S
    2019: VCP (DCV/NV), OSCP
    2020-1: MBA
    Reply With Quote Quote  

  5. Are we having fun yet? UnixGuy's Avatar
    Join Date
    Mar 2008
    Posts
    3,363

    Certifications
    GCFA, eJPT, RHCE, Solaris 10, SNIA SCSP, Security+, Server+, ITILv3, CCNA (Expired)
    #4
    I don't remember being asked to provide this kind of information! They have a chat support, and they are quick to respond.
    Goal: GCFA (DONE), GPEN
    Reply With Quote Quote  

  6. Senior Member cyberguypr's Avatar
    Join Date
    May 2007
    Location
    Chicago, IL
    Posts
    5,851

    Certifications
    GCFE, GCED, GCIH, CISSP, CCSP, and others that should never be mentioned
    #5
    BTW, Offensive Security also pulls similar crap if you have a free mail address:
    If you do not have a non free e-mail address, we are legally obligated to obtain a scanned copy of your valid government issued ID in color, such as a driver’s license or passport. For IDs in the form of a card, please include a scan of both the front and back of the card.

    We need to be able to see your photo, full name, address (if applicable), year of birth and the expiration date of the ID. You may blur the ID number. Expired IDs are not accepted.
    I'm not doubting there's some legal requirement (ITAR maybe?), just saying that it is BS and I would never adhere to this.
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Feb 2016
    Posts
    125
    #6
    To Whom It May Concern,

    I am done with eLearnSecurity. Completely done. It is not worth my bandwidth or laptop battery or time left on earth to involve myself with attempting to get into this training. This company is not competing with the (security) industry. We can all be truthful to ourselves about that.

    Please see attached email I sent them.
    Attached Images Attached Images
    Last edited by GirlyGirl; 09-18-2017 at 12:59 AM.
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    Nov 2014
    Location
    Virtual Reality
    Posts
    162
    #7
    This must be a new thing because I bought 2 courses and never had to do this. If this is the new requirement for signing up to a course then I'm out too. there is no demand for these certs in my area.
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Feb 2016
    Posts
    125
    #8
    Quote Originally Posted by cyberguypr View Post
    BTW, Offensive Security also pulls similar crap if you have a free mail address:


    I'm not doubting there's some legal requirement (ITAR maybe?), just saying that it is BS and I would never adhere to this.

    True. I bit the bullet on Offensive Security in the past. I am not sure why. But I am not found of either approach. eLearnSecurity asks for way more than Offensive Security, although eLearnSecurity certifications are 98% less valuable. Here is the Offensive Security email:




    If you are unable to provide an alternate non-free address that allows us to get basic verification, we will require a scanned identification (in colour) such as a driver's license or a passport.
    If you choose to send a scanned ID, you may blur the ID number and send it to .........fjlkadjfk.com
    Last edited by GirlyGirl; 09-18-2017 at 05:13 AM.
    Reply With Quote Quote  

  10. Junior Member Registered Member
    Join Date
    Mar 2016
    Posts
    1
    #9
    If this form of identity proof is really required, then they're losing out on some markets completely.

    In Germany, for example, it is forbidden by law to provide copies of your national ID or passport to third parties (with some exceptions, like banks). I assume Austrian and Swiss laws are similar.

    In other words, Germans cannot sign up for eLearnSecurity courses without committing a crime anymore.
    Reply With Quote Quote  

  11. Junior Member
    Join Date
    Apr 2016
    Posts
    12
    #10
    Hi, I hope I can shed some light on this since I work for eLS.

    First of all sorry for the experience so far GirlyGirl (Bill Cosby).

    We do usually not ask to add anything extra to the shopping cart, you tick the box of the course you want to enroll in and that's it.

    Some of the banks ask for a proof from the owner of a credit card if details are not matching or the card is under a different name. This is standard procedure which is in place since a long time. Again, this is only asked if certain triggers are met which suggest a fraudulent transaction to the banks, and it is there to protect you from someone else using your credit card. This happens before any amount is charged to the card btw.
    It can be a bit of an added work to upload those documents in case the transaction is legit, but after all we all we want our credit cards to be a bit secure at least. There are too many people out there trying to order stuff with stolen credit card details. If one of those is your card you'd be happy the bank asks for a proof of identity before approving any purchases.

    Our certifications are not as recognized as others yet, that's true. We are working on it though You can see many of our different certificates showing up on LinkedIn for example already. We always valued actual skills way more than the certificate one gets after passing an exam. That is why our exams are all hands-on based on real life scenarios, and not simple multiple choice exams.

    It is sad to see that you judge the quality of our training without even trying it yourself first, simply based on a requirement from the bank. Please do look into our social media feeds as suggested, we give away invites to the Barebone Edition of PTS there for free sometimes. No need to enter any payment information. This will give you the chance to actually test our courses and hopefully be convinced that there is a lot of value in practical training.

    We do also have a live-chat online most of the time and a support -at- eLearnSecurity dot com email for questions.
    Thanks
    Last edited by JensBada; 09-18-2017 at 06:41 AM.
    Reply With Quote Quote  

  12. Junior Member
    Join Date
    Apr 2016
    Posts
    12
    #11
    Quote Originally Posted by tralalalaaa View Post
    If this form of identity proof is really required, then they're losing out on some markets completely.
    We got loads of happy students from Germany, Switzerland and Austria
    As said, these documents are required under certain conditions only from the banks...
    Reply With Quote Quote  

  13. Senior Member
    Join Date
    Apr 2014
    Posts
    161
    #12
    Quote Originally Posted by JensBada View Post
    We got loads of happy students from Germany, Switzerland and Austria
    As said, these documents are required under certain conditions only from the banks...
    Well i've had to give these documents as well, ID + CC copy.
    Honestly as long as the CC is not asked from both sides (the 3 digit sec code in the back) i hardly see an issue with this.
    I gave the requested information and I've been good to go.

    Also i guess we perhaps don't see the loads of fraudulent attempts to register, which implies more hardened pre-checks.

    Cheers,
    m.
    Reply With Quote Quote  

  14. Junior Member
    Join Date
    Jun 2016
    Posts
    21
    #13
    Quote Originally Posted by GirlyGirl View Post
    I am done with eLearnSecurity. Completely done. It is not worth my bandwidth or laptop battery or time left on earth to involve myself with attempting to get into this training. This company is not competing with the (security) industry. We can all be truthful to ourselves about that.
    It's completely valid to evaluate eLS certs based on their resume/recognition value, and on that subject I agree with your assessment. This, however, is a severe overreaction. I'll admit I've never understood the practice of requiring ID scans, they're effectively saying "we do not have sufficient assurance that you are who you say you are, please prove that you stole this persons wallet". Sure, physical theft doesn't scale as well as online theft, but it still has such an obvious flaw. The reason I call it an overreaction is because this practice isn't unique to eLS, I've read stories of all kinds of companies requiring it. Unless you got a credit card recently, I'm surprised you have never heard of this before. I've never run into it myself, but all the banks I use support two-factor authentication for online purchases, and therefore provides reasonable assurance that a purchase is legitimate.

    It's not eLS sitting on their high horse thinking they're so special every customer must prove their worth and dedication to eLS by going through this laborous process. It's quite common in many countries (especially USA, it seems), and a practice likely required by many customers banks (because the banks choose not to provide more automated means of strong authentication of purchases). Offensive Security gets the trophy for realizing how backwards this practice sounds with the rampant phishing threats everywhere, and doing their homework to figure out the absolute minimum of information they need to comply with policy (beacuse they can't change the policy), and guiding customers to minimize their exposure. Many businesses, eLS included, has something to learn here.
    Reply With Quote Quote  

  15. Junior Member Registered Member
    Join Date
    Sep 2017
    Posts
    3
    #14
    Just tried signing up for the PND course and wanted to pay, but was asked for the exact same documents (scans of ID and credit card).

    I am, in fact, a German citizen and I know of these laws too. We are not allowed to provide copies of our IDs to third parties unless they are a bank, the German post, or police.

    I uploaded a heavily censored version of my ID to eLS now. Hope it will suffice. If not, I will not be taking any of their courses. I was never asked by Offensive Security to provide any such documents (and I did OSCP, OSCE and OSWP with them). The fraud potential with this data is simply huge and, though this might be the typical industry-induced paranoia, this risk is too big for me to take any eLS courses.

    I am also seriously doubting the bank requirement here. I've done so much online business with my credit card all over the world, but NEVER did I have to provide a copy of my ID or credit card. I don't like this at all and am seriously wondering why they require it to begin with.
    Reply With Quote Quote  

  16. Senior Member
    Join Date
    Apr 2014
    Posts
    161
    #15
    Quote Originally Posted by 0b3lix View Post
    I am also seriously doubting the bank requirement here. I've done so much online business with my credit card all over the world, but NEVER did I have to provide a copy of my ID or credit card. I don't like this at all and am seriously wondering why they require it to begin with.
    Well honestly i'm also sometimes on the paranoid side, but here really i think all is safe really.. Just a company asking for documents (ID, CC copy) in order to protect you from any possible fraud.

    From the Caendra email:
    - Caendra Anti-Fraud Team -
    P.S. We are doing so to limit the huge amount of fraud attempts we receive every day.
    Feel free to hide info that you deem sensitive (besides full name and photograph).
    Please note that we will store your file in encrypted format and only during this reviewal process.
    We will immediately remove it afterwards.

    Nothing to do with this, i've taken the PND as part of a "4 in a box" and well i've got a similar path as yours, OSCP, OSCE... you'll be bored... I really think that i shall have elected the PWD course instead of the PND one..
    Reply With Quote Quote  

  17. Junior Member Registered Member
    Join Date
    Sep 2017
    Posts
    3
    #16
    Sounds like a scam. Not being racist, but they are based in the Dubai. They probably resell it..
    Reply With Quote Quote  

  18. Senior Member Phalanx's Avatar
    Join Date
    Apr 2017
    Location
    UK
    Posts
    259
    #17
    Quote Originally Posted by ITSec_guy View Post
    Sounds like a scam. Not being racist, but they are based in the Dubai. They probably resell it..
    Hahaha.... really? Wait, you're serious? Great first post... /sigh
    While some people find this controversial, I have no qualms in saying eLS/Caendra is not a scam. Also, their head office is in California, and they have other satellite offices around the world.
    Desktop: MCSE: Mobility | Server: MTA | Cloud: None | Networking: MTA
    Security: None | Linux: None | Service Management: ITIL 2011: Foundation
    Currently Studying: 70-740 - Installation, Storage and Compute with Windows Server 2016
    Reply With Quote Quote  

  19. Senior Member
    Join Date
    Apr 2013
    Posts
    1,944
    #18
    Quote Originally Posted by Phalanx View Post
    Hahaha.... really? Wait, you're serious? Great first post... /sigh
    While some people find this controversial, I have no qualms in saying eLS/Caendra is not a scam. Also, their head office is in California, and they have other satellite offices around the world.
    Yeah seriously, you're totally wrong, they're a completely legit business and tons of people here, myself included, have taken their courses.
    Reply With Quote Quote  

  20. Are we having fun yet? UnixGuy's Avatar
    Join Date
    Mar 2008
    Posts
    3,363

    Certifications
    GCFA, eJPT, RHCE, Solaris 10, SNIA SCSP, Security+, Server+, ITILv3, CCNA (Expired)
    #19
    Quote Originally Posted by ITSec_guy View Post
    Sounds like a scam. Not being racist, but they are based in the Dubai. They probably resell it..


    ^^ User registered to write this post, making stuff up. eLearnSecurity is legit, and it's an Italian company with offices in Dubai and the US
    Goal: GCFA (DONE), GPEN
    Reply With Quote Quote  

  21. Senior Member cyberguypr's Avatar
    Join Date
    May 2007
    Location
    Chicago, IL
    Posts
    5,851

    Certifications
    GCFE, GCED, GCIH, CISSP, CCSP, and others that should never be mentioned
    #20
    Nice try with the fake account, EC Council.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks