eCPPT course Buffer Overflow and Shellcoding

veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
Question for those of you that survived the course and certification. Any advice on making it through the Buffer Overflow and Shellcoding sections? At this point I'm feeling frustrated with it. I get half way through the Buffer Overflow section and end up re-reading it to make sure I understand it. I'm not asking for answers, but rather advice on how much I need to know and what I should focus on to make it through the course and exam.

After the course I really need to dig into Assembly and C. I was surprised to find that this stuff is interesting and not at all boring.

Comments

  • xXxKrisxXxxXxKrisxXx Member Posts: 80 ■■■■□□□□□□
    Shalom veritas_libertas! What got me through the eCPPT course on that topic wasn't the PTP material alone. I actually found the material from Pentester Academy to be incredibly helpful. In particular Vivek's Exploiting Simple Buffer Overflows on Win32 (located below):
    Exploiting Simple Buffer Overflows on Win32

    I obtained the eCPPT Gold back in September/October of 2013. Cybrary wasn't around at the time, but another helpful resource for you that won't cost you anything will be the Buffer Overflow Sections inside of Georgia Wiedman's Advanced Penetration Testing training course located here.

    Highly advise feeling very comfortable about the subject of Buffer Overflows before you take the exam icon_lol.gif
  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    Shalom!
    Shalom veritas_libertas! What got me through the eCPPT course on that topic wasn't the PTP material alone. I actually found the material from Pentester Academy to be incredibly helpful. In particular Vivek's Exploiting Simple Buffer Overflows on Win32 (located below):
    Exploiting Simple Buffer Overflows on Win32

    So you mostly used the other material to supplement? If the material in the eCPPT is enough, I guess I just need to buckle down more.
    I obtained the eCPPT Gold back in September/October of 2013. Cybrary wasn't around at the time, but another helpful resource for you that won't cost you anything will be the Buffer Overflow Sections inside of Georgia Wiedman's Advanced Penetration Testing training course located here.

    I didn't realize this had been released yet. I'll have to take a look.
    Highly advise feeling very comfortable about the subject of Buffer Overflows before you take the exam icon_lol.gif

    Duly noted ;)
  • xXxKrisxXxxXxKrisxXx Member Posts: 80 ■■■■□□□□□□
    I should clarify here. I had access to the PTP v1 material and having the eCPPT Silver certification was allowed to attempt the eCPPT Gold Examination at no cost. At the time I was given an eCPPT Gold Voucher and I was told I could purchase PTP v2 material to prepare for the eCPPT Gold Exam. The eCPPT Gold exam I found was a bit more difficult than the silver version. The certification objectives page doesn't lie when it tells you what you can expect to see on the exam.

    Having survived PWB at the time, I was familiar with Buffer Overflows and used Vivek's material to help prepare me before I attempted the exam. I was luckily able to get through the exam without having to pay the extra money to upgrade my PTP v1 material to v2 at the time.

    Definitely look into the free training Cybrary has to offer. I cannot recommend it enough. The Pentester Academy stuff is good, but I don't want you forking out more costs to a monthly subscription if you are already taking training that you have put out money for. If you need anymore help, feel free to ask.
  • BlackBeretBlackBeret Member Posts: 683 ■■■■■□□□□□
    Thank you both for the info, the PWK course is what got me interested in the topic and I can also recommend security tubes video series on the topic. Depending on in depth you want to go the full series will go from assembly on up to the buffer overflows. I have Georgia Weidman's book as well that hits the same topics as her Cybrary videos, I can't recommend it enough for anyone taking a pentesting course.
Sign In or Register to comment.