The eLearnSecurity Certified Professional Penetration Tester — Reviewed.
I obtained my eCPPTv2 (eLearnSecurity Certified Professional Penetration Tester) certification on 14 Mar 2022. I picked up the course back in 2019 after completing the eJPT, but time was tight due to family and school obligations, so, unfortunately, I had to put it on the back burner.
What I enjoyed about the PTP course was its practicality. The course content was a Death-by-PowerPoint style, and it covered multiple penetration testing topics in detail. The course is hands-on with the keyboard, and you’ll get the most out of it by performing lab tasks. The exam is a little outdated, in terms of vulnerabilities, but the process remains the same.
The topics covered in the course pertaining to the exam are the following:
- Understanding Scope.
- Computer Networking Concepts.
- Post-Exploitation Enumeration Techniques.
- Exploit Development.
- Report Writing.
- Manual Exploitation of Windows and Linux targets.
- Vulnerability Assessments.
- Metasploit Usage for Exploitation of Different Systems.
- Pivoting Through Compromised Hosts.
- Manually Testing Web Applications.
The eCPPT exam is seven days, with an additional seven to write the report. And it was still stressful. I couldn’t get into the DMZ on my first attempt, and unfortunately, I had run out of exam time. The exam felt like a more realistic penetration test than the OSCP exam. I can say this. After all, I failed both the exams = ), which was fantastic because I gained some much-needed knowledge.
The main focus wasn’t just on the exam. It was also how to put together a professional report. I’ve read through several penetration testing reports during my previous internship, and I’ll say that it’s pretty damn solid.
While taking the exam, the most frustrating part was dropped connections. It was terrible. There were times when things were stable for an hour or more, and there were moments when connections would drop every few minutes. I kept very detailed notes, which made it possible to get through most of the machines, but this was critical timing and effort. It all boiled down to how fast I could go through my steps before losing my connections.
To give you a better idea of what I’m referring to, let’s say that I have a foothold on my first target. I then pivot through a few other machines, and my connection drops to my first compromised host. I had to start all that shit over again, folks. I’m not even exaggerating. That was some bullshit. I reached out to support, and they didn’t find any issues on their end, so I carried on with the assessment. I mentioned earlier that I failed the exam because I couldn’t get into the DMZ. Well, there you have it, dropped connections = running out of time.
What I also enjoyed was the Buffer Overflow portion of the exam. I kept some very detailed notes from what I learned from materials I had covered during the OSCP exam, THM, DoStackBufferOverflowGood, and using other vulnerable binaries on my local exploit development environment. It took me less than an hour to compromise that vulnerable machine. However, the fun part was getting it over to the target — this required understanding how to use port-forwarding because you’ll have to send it through multiple compromised hosts. I used Metasploit’s Socks Proxy and Proxy Chains to perform this portion of the exam.
After failing my first attempt, I had the opportunity to retake it since I purchased the elite package. What I found was helpful is that I was provided feedback on ways to improve during my second attempt. The response was straightforward. I had to gain access to the DMZ and gain elevated privileges. I already figured that part out, so that’s that.
After gaining access to all of the vulnerable machines in the network, I worked on my report. It didn’t take much because I had most of it filled out from my previous attempt. Once I submitted the report, it took around two days to get my results back.
If you’re planning on taking the exam, here are a few things I picked up that were very helpful to me:
- Understand Firewalls, Reverse and Bind Shells.
- How to Scan for Hosts on the Compromised Network.
- Pivoting through Multiple Hosts using Metasploit.
- Exploit Development Process.
- Remote Desktop
- File Transfers using Linux and Windows.
- And finally, managing your time and stress.
As usual, thanks for following my journey into penetration testing. I wish you the best and would like to hear about your journey into InfoSec.
Next up, I have Active Directory Penetration Testing and the CRTP Exam!
Please, if you have any questions or would like to connect with me: https://www.linkedin.com/in/boonyaaa/
