+ Reply to Thread
Results 1 to 23 of 23
  1. Senior Member
    Join Date
    Feb 2016
    Posts
    133

    Certifications
    OSCP, CCSK, eMAPT, eCPPT v1, CEH, MCP, WCSD, Qualys Certified Specialist
    #1

    Default Getting eCPPT Gold

    I am starting eLearnSecurity PTPv4 in order to prepare for PTX and PWK.

    Background: I have worked as a penetration tester for 2 years and have been working as an application security engineer. (blue team) I moved into California from Europe 2 weeks ago and have plenty of free time, so my goal is to study, study and study. As the first step on this road, I completed eMAPTv2.5 a month ago, but I'm still waiting for the exam results.

    As I have worked as a pentester, but haven't done any offensive stuff in two years, my main goal with the course is to get in shape and fill all the gaps that I may have before I finally tackle the OSCP exam. The first module will be web application penetration testing.

    Wish me luck!
    Reply With Quote Quote  

  2. SS
  3. Are we having fun yet? UnixGuy's Avatar
    Join Date
    Mar 2008
    Posts
    3,669

    Certifications
    GPEN, GCFA, eJPT, RHCE, Solaris 10, SNIA SCSP, Security+, Server+, ITILv3, CCNA (Expired)
    #2
    Awesome journey!!


    Moving to a new country is always exciting
    Goal: MBA, March 2020
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Feb 2016
    Posts
    133

    Certifications
    OSCP, CCSK, eMAPT, eCPPT v1, CEH, MCP, WCSD, Qualys Certified Specialist
    #3
    I have completed the slides and videos of module 1. Despite being a beginner course, it contained a lot of useful in-depth information about manually exploiting all types of SQL injection, including a clever little script for dumping data with blind SQLi. Everything else was pretty much mediocre, pretty much on par with the OSCP study material, just with more explanation.
    The wife wants to go downtown tomorrow, but I really hope that I can do some labwork tomorrow.
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Feb 2016
    Posts
    133

    Certifications
    OSCP, CCSK, eMAPT, eCPPT v1, CEH, MCP, WCSD, Qualys Certified Specialist
    #4
    No formal studying last weekend as I was participating at a local OWASP CTF. Drew first blood, managed to get the 4th place and learned a lot about analyzing binaries, reversing, steganography, CTF methodology and etc. I highly recommend participating in these events with a team, it's a lot of fun!
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Feb 2016
    Posts
    133

    Certifications
    OSCP, CCSK, eMAPT, eCPPT v1, CEH, MCP, WCSD, Qualys Certified Specialist
    #5
    I received my eLearnSecurity Mobile Application Penetration Tester certificate in the mail, which is awesome. Unfortunately I'm too lazy to properly frame it and display it at my desk.

    As for the PTP, I started Module 3. Information Gathering and Scanning (including the labs) are done and I learned quite a bit during lab-time. This is an area where I need to improve a lot, there are simply too much options when it comes to sneakiness and speed trade-offs.

    Next stop is enumeration. The video and the course material is already done, I just need to complete the labs.
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Feb 2016
    Posts
    133

    Certifications
    OSCP, CCSK, eMAPT, eCPPT v1, CEH, MCP, WCSD, Qualys Certified Specialist
    #6
    I finished almost all the materials and started doing the OSCP recommended Vulnhub machines to get myself back into the practical "game". I got 4 roots so far on the Kioptrix* machines since Monday and I learned a LOT. I had the theoretical knowledge before, but now I'm better and faster. For example Kioptrix2014 took me roughly 2 hours with a lot of googling on how to compile super outdated exploits. Once the I have the Vulnhub machines under my belt, I'm going to take on the eLearnSecurity labs. I started pwning the labs earlier, but I was burning away lab time rather fast, so I decided to only do them before the exam.
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    Feb 2016
    Posts
    133

    Certifications
    OSCP, CCSK, eMAPT, eCPPT v1, CEH, MCP, WCSD, Qualys Certified Specialist
    #7
    Finished the buffer overflow chapter and started doing the labs. So far I have finished PrivEsc, PrivEsc via Services and Client-side exploitation. I can feel that I'm pretty good at exploitation and privesc, but double pivoting is something that I have to still learn.
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Feb 2016
    Posts
    133

    Certifications
    OSCP, CCSK, eMAPT, eCPPT v1, CEH, MCP, WCSD, Qualys Certified Specialist
    #8
    Did Lab 5 and Lab 16 today. Learned a lot about pivoting and a bit about AV evasion & pillaging. I'm starting to build up troubleshooting patterns: does it ping? is this the right address? does it execute on other machines? I need to boost my password brute force skills as I always go for the longest dictionary instead of building up from a small list. I'm slowly getting ready, but (unfortunately) I have friends visiting for two weeks plusLayerOne after that, so the exam is out of question until the end of the month.
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Feb 2016
    Posts
    133

    Certifications
    OSCP, CCSK, eMAPT, eCPPT v1, CEH, MCP, WCSD, Qualys Certified Specialist
    #9
    So I finished all the labs, except the MiTM/Ruby ones and I'm doing the final push before the exam: finishing up remaining labs, creating a mind map and a cheat sheet, setting up the environment for the exam, etc. I plan to start the exam next Friday morning and hopefully complete everything during the weekend.
    Reply With Quote Quote  

  11. Senior Member supasecuritybro's Avatar
    Join Date
    Jul 2015
    Location
    Miami, FL
    Posts
    201

    Certifications
    CISSP, GPEN, GWAPT, eJPT, CySA+
    #10
    Quote Originally Posted by ottucsak View Post
    So I finished all the labs, except the MiTM/Ruby ones and I'm doing the final push before the exam: finishing up remaining labs, creating a mind map and a cheat sheet, setting up the environment for the exam, etc. I plan to start the exam next Friday morning and hopefully complete everything during the weekend.
    I had to stop for a bit on that eCPPT but I will come back around, did you have a problem with the system security portion? I struggled through it a bit, I had to start reading the shellcoders handbook to get a little more information in order to understand the material a little better. The exercises for that were a bit lacking also. What did you think?
    Completed: CISSP, GPEN, GWAPT, eJPT, CySA+, M.S. Information Security
    Current Goal: AWS Solutions Architect - Associate
    Five Year Plan:​ eCTHP (paused again), eCPPT (paused), RHCSA, CISM, OSCP, more SANS as they come
    Book/CBT/Study Material:​ AWS Material
    Reply With Quote Quote  

  12. Senior Member
    Join Date
    Feb 2016
    Posts
    133

    Certifications
    OSCP, CCSK, eMAPT, eCPPT v1, CEH, MCP, WCSD, Qualys Certified Specialist
    #11
    I also had problems with the system security module and the lack of instructions for the lab, so I used the first few videos of Exploiting Simple Buffer Overflows on Win32 from PentesterAcademy. Also, after fiddling around yesterday, I found that the Exploitation with Ruby lab is a really good and probably has everything that you might need for the BoF part of the exam.
    Reply With Quote Quote  

  13. Senior Member chrisone's Avatar
    Join Date
    Nov 2009
    Location
    Los Angeles
    Posts
    1,714

    Certifications
    eCPPT, CISSP, CCDP, CCNP R/S, CCNP Security (Secure,FW), LFCS, CEH, PA ACE
    #12
    I heard the same thing about the Ruby section. I need to spend some time going over that material again. It will have to wait because the PWK is on now!

    Good Luck with your exam.
    2018 Goals: SANS Advanced Security Essentials - Enterprise Defender (complete, not going for cert), SpecterOps: Adversary Tactics Red Team OPS (complete), eCPPT (obtained), OSCP PWK (in progress), Demystifying Regular Expressions (in progress), SLAE (October Start), OSCE CTP (DEC Start)
    Reply With Quote Quote  

  14. Senior Member
    Join Date
    Feb 2016
    Posts
    133

    Certifications
    OSCP, CCSK, eMAPT, eCPPT v1, CEH, MCP, WCSD, Qualys Certified Specialist
    #13
    Congrats for passing eCPPT chrisone! We might meet in the labs sooner or later, as my further goals are not clear yet. I need to pick between CSSLP, OSCP, CISSP and CCSK.
    Reply With Quote Quote  

  15. Senior Member chrisone's Avatar
    Join Date
    Nov 2009
    Location
    Los Angeles
    Posts
    1,714

    Certifications
    eCPPT, CISSP, CCDP, CCNP R/S, CCNP Security (Secure,FW), LFCS, CEH, PA ACE
    #14
    Thanks ottucsak! I got my results this morning. I haven't had the time write a post here in TE, been busy and tired most of the day lol I will do that sometime later. But even with passing the eCPPT I feel I can be a better security engineer if I cover the Ruby section a little more thoroughly. I just didn't have the time to cover it all. I actually want to go over the C++ and Python sections on their PTS course slowly for the needed practice.

    If you cover the CISSP experience pre-requisites, its a very good certification to have. The knowledge gained will help any pentester out from an overall perspective of how security is managed in an enterprise level. Its not going to help you pentest better lol It will definitely make your resume stand out. You will need to switch your state of mind from a technical hands on to a managers perspective.

    The OSCP you already know, since you are already in that mind frame of studying, you can just continue in that direction and always get the CISSP at some other point.
    2018 Goals: SANS Advanced Security Essentials - Enterprise Defender (complete, not going for cert), SpecterOps: Adversary Tactics Red Team OPS (complete), eCPPT (obtained), OSCP PWK (in progress), Demystifying Regular Expressions (in progress), SLAE (October Start), OSCE CTP (DEC Start)
    Reply With Quote Quote  

  16. Senior Member
    Join Date
    Feb 2016
    Posts
    133

    Certifications
    OSCP, CCSK, eMAPT, eCPPT v1, CEH, MCP, WCSD, Qualys Certified Specialist
    #15
    Started the exam early because I was super hyped. Wish me luck.
    Reply With Quote Quote  

  17. Senior Member chrisone's Avatar
    Join Date
    Nov 2009
    Location
    Los Angeles
    Posts
    1,714

    Certifications
    eCPPT, CISSP, CCDP, CCNP R/S, CCNP Security (Secure,FW), LFCS, CEH, PA ACE
    #16
    Quote Originally Posted by ottucsak View Post
    Started the exam early because I was super hyped. Wish me luck.
    Goodluck ottucsak! Remember if it gets tough, its the exposure you need to kick you into the right mind set for penetration testing certifications for the future.

    In all honesty I am in 150pgs out of the 380pgs of the PWK course work PDF and I sort of feel eLearn materials are a little more filled with content. As you know one PDF from one section of only one of eLearns PTP modules is close to 300pgs lol

    I am not making a comparison statement just yet, since it won't be justified until I complete the PWK/OSCP first.
    2018 Goals: SANS Advanced Security Essentials - Enterprise Defender (complete, not going for cert), SpecterOps: Adversary Tactics Red Team OPS (complete), eCPPT (obtained), OSCP PWK (in progress), Demystifying Regular Expressions (in progress), SLAE (October Start), OSCE CTP (DEC Start)
    Reply With Quote Quote  

  18. Senior Member
    Join Date
    Feb 2016
    Posts
    133

    Certifications
    OSCP, CCSK, eMAPT, eCPPT v1, CEH, MCP, WCSD, Qualys Certified Specialist
    #17
    Yeah, I think the OSCP materials suck, they barely teach you anything. So I got my first SYSTEM, got access to a restricted network and currently working on the buffer overflow.
    Reply With Quote Quote  

  19. Senior Member chrisone's Avatar
    Join Date
    Nov 2009
    Location
    Los Angeles
    Posts
    1,714

    Certifications
    eCPPT, CISSP, CCDP, CCNP R/S, CCNP Security (Secure,FW), LFCS, CEH, PA ACE
    #18
    wow very cool! its still your first day too! you got his man!
    2018 Goals: SANS Advanced Security Essentials - Enterprise Defender (complete, not going for cert), SpecterOps: Adversary Tactics Red Team OPS (complete), eCPPT (obtained), OSCP PWK (in progress), Demystifying Regular Expressions (in progress), SLAE (October Start), OSCE CTP (DEC Start)
    Reply With Quote Quote  

  20. Senior Member supasecuritybro's Avatar
    Join Date
    Jul 2015
    Location
    Miami, FL
    Posts
    201

    Certifications
    CISSP, GPEN, GWAPT, eJPT, CySA+
    #19
    Quote Originally Posted by ottucsak View Post
    Yeah, I think the OSCP materials suck, they barely teach you anything. So I got my first SYSTEM, got access to a restricted network and currently working on the buffer overflow.
    And that is the major difference when I talk to people about the OSCP/eCPPT difference, aside from the approach to the exam, eCPPT front loads you with all the information, OSCP makes you fill in the blanks. Each has their benefit and some purist would say, one better than the other. I am glad I went with the eCPPT first since I am not having a lot of time to do so much research on my own with playing catch up being in the cyber space and becoming a new parent at the same time.
    Completed: CISSP, GPEN, GWAPT, eJPT, CySA+, M.S. Information Security
    Current Goal: AWS Solutions Architect - Associate
    Five Year Plan:​ eCTHP (paused again), eCPPT (paused), RHCSA, CISM, OSCP, more SANS as they come
    Book/CBT/Study Material:​ AWS Material
    Reply With Quote Quote  

  21. Senior Member
    Join Date
    Feb 2016
    Posts
    133

    Certifications
    OSCP, CCSK, eMAPT, eCPPT v1, CEH, MCP, WCSD, Qualys Certified Specialist
    #20
    I submitted the exam report yesterday, less than 3 days after the exam start. I managed to achieve the exam objectives and I think that my report is good enough, so I'm confident that it's a pass. Will post a review about the exam and the whole experience once it's a confirmed.The whole exam environment was super outdated tho, so I'm really interested in how an eCPPTv2 exam looks like, but damn, even an exam voucher is $400.
    Reply With Quote Quote  

  22. Member Naruto985's Avatar
    Join Date
    Mar 2018
    Posts
    66
    #21
    @ottucsak good luck waiting to hear about exam result. Will be starting PTP v5 soon.
    Reply With Quote Quote  

  23. Senior Member
    Join Date
    Feb 2016
    Posts
    133

    Certifications
    OSCP, CCSK, eMAPT, eCPPT v1, CEH, MCP, WCSD, Qualys Certified Specialist
    #22
    Yay, I just received the results and I passed. No feedback, just a congratulations. I feel super pumped. I'm going to take on the CCSK first, then probably go for the OSCP.
    Reply With Quote Quote  

  24. Senior Member chrisone's Avatar
    Join Date
    Nov 2009
    Location
    Los Angeles
    Posts
    1,714

    Certifications
    eCPPT, CISSP, CCDP, CCNP R/S, CCNP Security (Secure,FW), LFCS, CEH, PA ACE
    #23
    Congrats ottucsak! You worked hard and finished it like a champ!
    2018 Goals: SANS Advanced Security Essentials - Enterprise Defender (complete, not going for cert), SpecterOps: Adversary Tactics Red Team OPS (complete), eCPPT (obtained), OSCP PWK (in progress), Demystifying Regular Expressions (in progress), SLAE (October Start), OSCE CTP (DEC Start)
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks