+ Reply to Thread
Page 1 of 2 1 2 Last
Results 1 to 25 of 27
  1. Junior Member Registered Member
    Join Date
    Sep 2017
    Posts
    3
    #1

    Default Hugely disappointed in Elearnsecurity- outdated, not working

    I purchased the 4 in a box bundle and I have never been so disappointed. What a waste of money. I chose PTS, PTP, WAPT and WAPTx.

    Here's the story:
    The CEO told me to evaluate these courses. I am not allowed to write the name, but it is a fortune 500 company based in New York and London. Our team is about 40-50 and are looking to spend our yearly training budget. They purchased it for me, so I was luckily.

    Going through the courses, I have seen nothing but outdated or non-working material. Here's a summary of the report submitted to the CEO.

    Complaint 1:
    PTP: Buffer Overflow with XP?? WTF, is this 2002? Yes, the material is adequate, and VERY outdated. Labs not always working.

    Complaint 2:
    PTS: no Powershell, labs work only half the time (overall and excellent course)

    Complaint 3:
    ABSOLUTELY no support on their forum. Questions are ignored. I doubt they monitor it....

    Complaint 4:
    WAPT/WAPTx: Labs don't work correctly, 2-3 years old. (because you know that the web has not changed in that time.)

    Complaint 5:
    While stating lifetime access, that is not true. The labs are accessible for around a year or so.

    Overall, the material is nice for fun, but if you want serious training. I suggest looking somewhere else.
    Reply With Quote Quote  

  2. SS -->
  3. Junior Member
    Join Date
    Feb 2016
    Posts
    7
    #2
    Have you contacted them directly with your problems? They answered my questions in several hours, even in weekends.
    I don't see problems with outdated exploits and environments, these are only there to show you the basics. If you want to learn cutting edge exploit development, you have to do your research.

    Nevertheless I do get your disappointment, that's why I always do a lot of research before buying anything.
    Reply With Quote Quote  

  4. Junior Member
    Join Date
    Jul 2017
    Posts
    8

    Certifications
    CISA, CISSP, CISM, OSCP, OSWP, eWPTX
    #3
    That's strange. I took Waptx and Wapt and in my experience, the support forum is quite good. Usually the admins reply in a day, usually faster.
    And all of my labs worked in both course.
    I agree with the statement, that the material are rarely updated, but it's the same with other courses. I have yet to see a course with Windows 10 exploit development.
    I think they want to teach you the basic and to make you capable to research about topics learned.
    If you want to take the hardcore approach then take OSCP. On that course you won't get other help then "Try harder"...
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Dec 2007
    Location
    Grand Rapids, Michigan
    Posts
    1,833

    Certifications
    Network+ : A+ : Security+ : eJPT : Life+
    #4
    I've never had an issue with them.

    As far as complaint 1, why does the OS matter? Just curious.
    Booya!!
    ------------------------------------------------------------------------------------------
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
    Reply With Quote Quote  

  6. California Kid JoJoCal19's Avatar
    Join Date
    Mar 2009
    Location
    Jacksonville, FL
    Posts
    2,324

    Certifications
    CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, MSISA, BSBA
    #5
    Quote Originally Posted by ITSec_guy View Post

    Complaint 1:
    PTP: Buffer Overflow with XP?? WTF, is this 2002? Yes, the material is adequate, and VERY outdated. Labs not always working.
    These courses are about the process, not teaching how to do the latest cutting edge exploits on the latest OS releases. A lot of these older exploits teach the process well. If you want the latest cutting edge stuff, you'll need to attend courses at Blackhat, DefCon, BSides, etc. Usually those courses teach the latest and greatest.
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, BSBA - University of Florida, MSISA - WGU
    Currently Working On: MS Cybersecurity, Learning Python
    Next Up:​ None
    Reading:​ Python Crash Course
    Reply With Quote Quote  

  7. Member
    Join Date
    Nov 2016
    Location
    Iowa
    Posts
    62

    Certifications
    OSCP, CISSP, Sec+
    #6
    Quote Originally Posted by ITSec_guy View Post
    Overall, the material is nice for fun, but if you want serious training. I suggest looking somewhere else.
    What were you expecting? A course that will only teach you attacks on the most current patch level of an OS? Without knowing this, it's hard to contextualize your review. Courses like these teach you how to attack systems and a methodology, neither of which has changed all that much over the years, notwithstanding new features that create risk.
    -------------------------------------------------------
    Security Engineer/Analyst/Geek, Pen Testing
    Reply With Quote Quote  

  8. Are we having fun yet? UnixGuy's Avatar
    Join Date
    Mar 2008
    Posts
    3,327

    Certifications
    GCFA, eJPT, RHCE, Solaris 10, SNIA SCSP, Security+, Server+, ITILv3, CCNA (Expired)
    #7
    ITSec_Guy: sorry mate but the labs work, as evidenced by everyone in this forum who used them
    Goal: GCFA (DONE), GPEN
    Reply With Quote Quote  

  9. Member
    Join Date
    May 2017
    Posts
    89
    #8
    as far i know, corporate not always do the latest patch for the software, also i saw some corporate still use old software because compatibility of apps,
    so sometimes the technique itself still can use with a bit modification.
    Reply With Quote Quote  

  10. Senior Member yoba222's Avatar
    Join Date
    Jun 2013
    Posts
    355

    Certifications
    GCIH, eJPT, CCNA R&S, CAPM, Sec+, Net+, A+
    #9
    I've only done the eJPT. I thought it was pretty decent. I was surprised by how well it was set up. Maybe I'm missing out and don't know the difference:

    For serious training, what do you recommend?
    Working on: Linux Foundation Certified System Administrator (LFCS) exam scheduled October 20
    Reply With Quote Quote  

  11. Member
    Join Date
    Oct 2011
    Posts
    81
    #10
    I agree with @ITSec_guy: same with emapt... the material for V1 was very outdated , finally they released the V2... that material looked rushed and incomplete, complained about it, after 3 months they vowed to create "a lab guide" after SIX months they released the guide, again incomplete (meaning not in the exam level), the exam was a lot of fun, and now you guys are going to found out that these guys changed they mind on what they are asking for (i.e: the letter of engagement asks for one thing, then the reviewer fails you telling you, he has changed his mind and he wants this and this now). some BS right there.
    I took the ewapt and it was pretty decent. But it seems the quality level is decreasing in elearnsecurity!
    Reply With Quote Quote  

  12. Passion For IT
    Join Date
    Mar 2008
    Posts
    570

    Certifications
    MCTS, MCITP, MCP, A+, Server+, Security+, Project+, CCENT, CCNA-Sec, CEH, CHFI
    #11
    Quote Originally Posted by jm0202 View Post
    (i.e: the letter of engagement asks for one thing, then the reviewer fails you telling you, he has changed his mind and he wants this and this now).
    I wouldn't go beyond the scope of the letter of engagement. This would be on the reviewer and I'd challenge it. In a real setting, going out of scope of the letter of engagement can lead to lawsuits or other bad stuff. If they want to change the rules, they need to provide a new one.

    "I know the website wasn't part of this, but I went ahead and broke into that and changed a few things as proof. See?". Not gonna happen, and a job would have been lost and possibly a lot of legal fees. Reviewer was wrong, and if challenged, I'm sure eLearnSecurity would agree. If they didn't, I'd be throwing a big stink.
    A few certs here and there and everywhere...
    AAS: Computer Security
    BS: Information Technology - Security (WGU)
    MS: Information Security & Assurance (WGU)
    Reply With Quote Quote  

  13. Member
    Join Date
    Oct 2011
    Posts
    81
    #12
    Totally agree @PC509 but what you can do if the grader of the exam is the owner of elearnsecurity and pretty much tells you: "you know what you have to do if you want to pass this exam"
    In the real world your SOW is rock solid and is a contract... it seems that in elearnsecurity's world that means crap!
    pretty disappointed with elearnsecurity!
    Reply With Quote Quote  

  14. Senior Member adrenaline19's Avatar
    Join Date
    Dec 2015
    Posts
    248
    #13
    They have a ton of problems, but they are growing.

    I'm disappointed with eLearnSecurity too. I took one of their courses. I won't take another.
    Reply With Quote Quote  

  15. Senior Member
    Join Date
    Apr 2014
    Posts
    160
    #14
    I do not really agree with this post, I've had a lot of support on the forums and I've witnessed eLearnSecurity CEO sending me PM's and showing a lot of understandings regarding not only technical matters. I mean I do hear you with the possibility of some things being outdated but mate the buffer overflow section in PWK/OSCP isn't really cutting edge cuisine either. Nor is the CTP/OSCE very up-to-date either.
    Reply With Quote Quote  

  16. Junior Member Registered Member
    Join Date
    Sep 2017
    Posts
    3
    #15
    Fortunately, I have not had to interact with the CEO. But I have read his forum posts. Sounds like he has a god complex. He basically berates people asking for help and support.

    mokaz, yes OSCP is not very up to date either, but they have an industry name. Not to be pompous.. But being born in the U.K. and living in the US, I expect either up-to-date material, or at least a product that is grammatically coherent (another problem I didn't mention). Reading their basic English mistakes makes my head hurt.

    unixguy, I am only stating my experience with their labs.

    jm0202, no feedback besides: you know what you have to do if you want to pass this exam"???
    Reply With Quote Quote  

  17. Junior Member
    Join Date
    Jun 2016
    Posts
    20
    #16
    When you learned mathematics in school, did you start with addition and subtraction, or trigonometry and algebra?

    Teaching buffer overflows on Windows XP lets you learn the fundamentals without having to work around the mitigations in modern operating systems. Fundamentals is a key word, they teach you how it works and enough for you to do additional research to expand your knowledge outside of the course syllabus. It's an introduction to pentesting, not nation state full time employed hacker boot camp.

    The fact that labs are only available for two years I'll agree is crap and well hidden (until after you purchase your course).
    Reply With Quote Quote  

  18. Senior Member
    Join Date
    Apr 2014
    Posts
    160
    #17
    Quote Originally Posted by boot View Post
    The fact that labs are only available for two years I'll agree is crap and well hidden (until after you purchase your course).
    Agree - although is this so from the time you start the labs or from your purchase date??? Its kind of weird though because life time to me means life time... anyways..

    Asking this because i've purchased some ELS trainings but have no time to properly start until November I'd say...
    Reply With Quote Quote  

  19. Member
    Join Date
    Oct 2011
    Posts
    81
    #18
    @ITSec_guy yes the CEO has a god complex, I finally passed the exam after I resubmitted my exploit according to what he was asking for
    Reply With Quote Quote  

  20. Senior Member wd40's Avatar
    Join Date
    May 2007
    Location
    Bahrain
    Posts
    903

    Certifications
    CISA, eJPT, CompTIA x 6, MCP, MCTS
    #19
    Quote Originally Posted by boot View Post
    The fact that labs are only available for two years I'll agree is crap and well hidden (until after you purchase your course).
    I just had to pay 299$ to renew my ewapt lab .. to be fair, if it takes you "or me in this case" more than 2 years to finish any course then maybe this type of courses is not for you.
    Reply With Quote Quote  

  21. Junior Member
    Join Date
    Jun 2016
    Posts
    20
    #20
    Quote Originally Posted by wd40 View Post
    I just had to pay 299$ to renew my ewapt lab .. to be fair, if it takes you "or me in this case" more than 2 years to finish any course then maybe this type of courses is not for you.
    Not so much that it takes two years to get through it, more that I bought it when there was budget for it, even though I planned to go through it later (full time job + degree my employer asked that I take). The top tier screams unlimited in every direction in their marketing, so I did not expect that restriction.
    Reply With Quote Quote  

  22. Junior Member Registered Member
    Join Date
    Oct 2017
    Posts
    1
    #21
    Everyone,

    I am not sure if I should comment or not. But, I used work for eLS. I will not make any comments on any products, procedures or people, but I do know that if you are having any issues with any of their products for ANY reason, they will address it as soon as possible.

    V
    Reply With Quote Quote  

  23. Senior Member
    Join Date
    Sep 2016
    Location
    VA
    Posts
    384

    Certifications
    CISSP, PMP, CCNP, FITSP-M
    #22
    Quote Originally Posted by boot View Post
    The fact that labs are only available for two years I'll agree is crap and well hidden (until after you purchase your course).
    The terms of service, stating a 24-month period, are available to anyone before purchase. If they make the info available and you don't read it, is that their fault?
    2017: CCNP (done), FITSI-M (done) CCIE Written
    2018: CCIE R/S
    2019: VCP (DCV/NV), OSCP
    2020-1: MBA
    Reply With Quote Quote  

  24. Member
    Join Date
    Jun 2017
    Posts
    48
    #23
    Quote Originally Posted by rdrunner View Post
    Everyone,

    I am not sure if I should comment or not. But, I used work for eLS. I will not make any comments on any products, procedures or people, but I do know that if you are having any issues with any of their products for ANY reason, they will address it as soon as possible.

    V
    Sorry, but when an organization explicitly states a student must follow the instructions on a letter of engagement to pass a cert, then the CEO of said company tells the student to deviate from the instructions to pass, there are some real issues at the company which need to be addressed.
    Reply With Quote Quote  

  25. Junior Member Registered Member
    Join Date
    Oct 2017
    Posts
    1
    #24
    Hi everybody.
    This is Armando, CEO of eLearnSecurity.


    I hope I can have the chance to express our point of view and bring some facts to the table, since mine and my team's hard work and integrity have been questioned (to say the least).


    Let me clarify one thing: Each of our student is entitled to have an opinion on our courses and as many of you already stated, I'm always open to admit, apologize, go back to work and try to improve if any mistake is made.


    Proof is where we, as eLearnSecurity, started and where we are right now. I won't make a tedious list of Fortune500 that trust our courses and certifications.


    I'm not interested in arguing about course feedback here. I'll let other students talk about it.


    What I am concerned the most is the groundless bashing of our certification grading procedure that tries to undermine the hard earned trust in our company and requires clarification.

    jm0202, who I hope will use his real name in this forum as I am doing right now, submitted the eMAPT exam providing 2 apk's as deliverable instead of 1 as required. Moreover the proof of concept was giving an output in logcat rather than on screen. The latter not a deal breaker but an extra request to make the POC more clear.

    At that point we had asked to provide 1 apk instead of 2 as suggested by the Letter of Engagement (that I cannot share in full here for obvious reasons)
    This is an excerpt:
    "Once you have created your malicious application (source code + .apk) , create a .tar.gz file and upload it in the members area"

    We say: "Your malicious application". NOT "Your malicious applicationS".


    So yes, jm0202 knew what he had to do to pass the exam: read the Letter of engagement properly.


    NOTE: I had explained to jm0202 that this was not considered a FAIL. He would have to provide 1 apk showing the POC on screen and we would re-evaluate his exam. So he was not using up one of the two attempts provided by our exam vouchers.


    Actually this is MORE than we are supposed to do.
    I challenge anybody with a degree having had the chance to submit their final exam twice for a mistake they had made.


    In 3 years from launching this exam we didn't have one single certified professional having an issue with this letter of engagement.


    Eventually jm0202 produced what we asked for and he passed the exam.


    Our private conversation and email is the proof for what I am saying and I will be ready to use it anywhere necessary.


    I hope this clarifies that in no way me or any other in my company has ever "deviated" from the Letter of Engagement or has had any misconduct as stated in this forum.


    Anonymous, groundless comments in a forum cannot and will not destroy the reputation we had to work hard to achieve.
    I have the duty and the right to defend it.


    Thank you for reading thus far and sorry for the long post.
    Reply With Quote Quote  

  26. Senior Member
    Join Date
    Dec 2007
    Location
    Grand Rapids, Michigan
    Posts
    1,833

    Certifications
    Network+ : A+ : Security+ : eJPT : Life+
    #25
    Okay awesome. If some of yall aren't happy with ELS then don't use them. Yes, there are outdated things. Yes, they're growing. Yes, they might not be on top of everything that they can be on. We all have opinions and facts. Fact is that if you're not happy with how things are ran with the courses then don't use them. Or just suck it up and deal with what you have to deal with to be successful in the course as much as possible and learn what you can from it.

    You're getting a baseline to learn from. The work that they do is best as possible. Some of the stuff that I've had issues with, I got help from them.

    There might be things that are changing. If you have instructions on how to do something and the CEO says something else, then go with it. You have it in writing so whats the issue... It's not like the guy verbally told you something before the work was done and then wrote something different in the email after the work was done.


    TLDR: Since there are issues with ELS, they have their own forums that some of yall can post on and have it addressed there.
    Booya!!
    ------------------------------------------------------------------------------------------
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 2 1 2 Last

Social Networking & Bookmarks