eCPPT journey
UnixGuy
Are we having fun yet?Mod Posts: 4,503 Mod
Judging by my track record, I'm not the best at keeping track of my studying progress, but let's try.
I'm about to do my very first LAB as part of eLearnSecurity PTPv3, and I know few members in this forum are doing the same course (some PM'd me), so how about we keep track of our progress in this thread??
Feel free to post updates if you're doing the PTP3 course..
I'm about to do my very first LAB as part of eLearnSecurity PTPv3, and I know few members in this forum are doing the same course (some PM'd me), so how about we keep track of our progress in this thread??
Feel free to post updates if you're doing the PTP3 course..
Comments
The demo had backtrack in it, do you know if that was updated or the current version is still using backtrack?
Thanks
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
Your lab time you can used any time, even after you get certified it will still be available if you didn't use it all. You have a lab section on the course page where you manually start/stop the lab environment that you VPN into.
BUT if you purchase the Barebones or Full package you have 180 days to use your Certification Voucher that came with your package. The "Infinity Certification Voucher" with the Full package doesn't expire.
2020: GCIP | GCIA
2021: GRID | GDSA | Pentest+
2022: GMON | GDAT
2023: GREM | GCWN | GSE
WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops
I'm still in the web security...reading through SQL Injections.
I think the PDFs and labs have been updated, but the videos are out of date. The presenter still uses backtrack.
It might be safe to ask if the video's have been updated on the forums.
WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
*****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
Can any of you guys doing this course actually recommend it or am i better off saving the course money and spend 2 months to seriously prepare for OSCP instead of eCPPT. A any feedback by today is welcome considering the 20% discount.....im not really paying for it since my work is paying for all my courses but a 20% discount would be welcomed by anybody
Thanks
I'm loving it, it's definitely the next logical progession before the OSCP. Since I have no industry experience I feel like it's more mandatory for me, if you breezed through eJPT you might be OK skipping it and going straight to OSCP.
From what I read on these forums and Reddit, I'd rather be overprepared for the OSCP(if there is such a thing) than be underprepared and have to re-take.
Thanks for the feedback mate, now officially enrolled to the eCPPT course with the rest of you. I will probably have to wait another month before i actually start to get my hands dirty on this and really cant wait.
Will still be following this thread eagerly just the same
got busy with life and not studying as I should be, but I will.
WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
*****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
Having done eCPPT and OSCP, I think if you prepare hard enough for PWK and dedicate enough time to the lab environment you will persevere. There are good resources out there today that serve as perfect preparation for PWK. The main free resource out there right now that I found closest to PWK was Georgia Weidman's course on Cybrary titled, 'Advanced Penetration Testing'. She's an OSCP, and I feel like she's incorporated a lot of the PWK material inside of her free course. If you can grasp most of it, you'll be able to understand the PWK course content.
The main emphasis I have to place here is you better have enough free time available in order to work through the labs. Do not give up. Georgia makes it look easy in her course - but when you're tasked with putting it all together in a lab environment, it's going to be a different situation. Lab time is so valuable, so if you register be sure to purchase enough.
My opinion on the eCPPT material, I think it's great. I found the eCPPT Gold Exam is fantastic and way more impressive than their Silver Exam. eLearnSecurity's going to start gaining more recognition for their certifications once more and more people sign up and see how hands-on the exam is. The 20% discount is nothing you'll see Offensive Security do for their material.
'Seriously preparing' for Penetration Testing for Kali is practically doing. You can't sit back and just watch videos and retain material. You're going to have to practice putting everything together and following the proper methodology in a lab environment for any of it to stick. You're going to have to think out of the box a bit in the course and do a whole lot of research. The course material has good stuff in it, but they don't teach you everything you need to know to pop every box. Each one is designed a specific way and can be attacked various ways.
I remember doing this course back in 2010. No one publicly disclosed exam restrictions involved, the lab environment was updated significantly between Offensive Security 101 (PWB) v2 to Version 3. These days if you do quick searching around, you can pretty much find out what to expect on the examination and there's good resources out there to help you prepare for it (outside of the PWK Material). I remember back then all I had was time. I was a student and lived at home. I'd spend like 6-14 hours a day online doing research and hacking away at the lab environment. Do you currently work in IT luger? Do you see yourself hopping online as soon as you get home if you aren't burned out and taking a swing at the machines in the lab? From what I remember every day is counted as a lab day whether you connect in and try to break things or you don't. I'm not saying it's not do-able studying a couple hours every night and on weekends. I look at my situation now working a 40 hour week, and I know I wouldn't be able to pull it off like I did back then.
I would weigh your decision based on your will power and the time you can commit to the labs. eCPPT is more at your own pace, they aren't going to make you, 'Try Harder', you can get hints on their practical lab challenges with the click of a button. The exam's not going to be a cake walk, and you're definitely going to have to prove that you have learned the core of the material. What I got the most out of PWK was that I couldn't get hints at the click of button. That I had to actually research it and learn why I had to do X, before trying Y, and Z. It's this type of learning style that enforces learning the techniques. This can break people and/or it can make people.
So do you think doing the eCPPT beforehand makes your PWK(OSCP) experience easier and less frustrating? I'm talking from the point of view of someone who is extremely busy during and after working hours!
Tough question to fully answer. The Penetration Tester Pro Lab Environment is a bit of a different setup than PWK. In PWK, they try to make it somewhat of a Live network. This is to say on some machines are installed scripts to mimic user behavior. This allows you to try out things like client-side attacks. Though things have changed significantly from the version of PTP v1 (the version I took) and PTP v3 (the current), my assumption is eLearnSecurity has made their lab environment the whole Hera Setup.
I'm familiar with this setup because I've taken v1 of their Web Penetration Testing course, and I've seen something similar in their Practical Web Defense course. Hera is more like, you click on a button to activate a live instance of a Virtual machine. You're given a url or bootable sandboxed environment that you're allowed to test. The exercise loads up and you're given a scenario to complete. There's a hint button for each step. You're welcome to click on it and it'll tell you what to do and explain why. This is very helpful and everything. In PWK though, you have a lot of machines are active and have a lot of students attacking them. You may end up popping a machine and find that someone's already been there and left some information you can use to get further leverage. This could be things like they installed scripts or whatever. I loved how in PWK they really tried to make the 4 Networks simulate a real lab environment. They may pull 1 down for patching once in awhile. This could leave you finding out that you need to attack the machine a different way.
Skills wise, if you can walk out of PTP with your eCPPT Certification, I would feel comfortable walking into the PWK class. You get the most out of PWK by having access to the labs. I wouldn't go so far as to say I consider the eCPPT a good pre-requisite to the OSCP course. They're both focused on Network Based Penetration Testing - but you'll find a little bit of Web Stuff in both. If you're extremely busy, sit through Penetration Tester Pro from eLearnSecurity and have a wack at the examination when you've gone through the material. If you found the whole interactive slide and some videos a good way to learn, eLearnSecurity is good. Hera labs are also great, but you're not going to have possibilities of breaking into over 50 hosts spread out across a well constructed lab environment. I have said it before and I'll say it again - PWK is always going to have a special place in my heart. I've seen eLearnSecurity improve it's course work and challenges so much over the years. This company is something special too, and their training is great and affordable.
Hi xXxKrisxXx,
Thanks for your deep insight on both courses. Pen testing is what i really want to do in my career and willing to do anything to achieve my goals. I know it's not easy juggling a full time job and life plus such an intensive course. I currently work in infosec but not much into pen testing for the moment but i have been given the opportunity to do pen testing on some of our environments so thats a plus. I also manage the vulnerability scanner so i have a pretty good idea of how things work in that aspect. Im quite sure i can take in 4-5hrs a day after work. I know it's not easy but i should be mentally capable
Thanks once again.
Thank you so much for the comparison and review! I wasn't sure if the eCPPT would be a great step towards the OSCP or not but you really gave some important information and answered a few questions that I had. I plan on doing the eCPPT again, eNDP and the OSCP.
WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
*****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
There is also the OSCP, but I don't think I am anywhere near ready to tackle that beast. Not to mention, PTP Elite will let me go at my own pace.
Thoughts?
WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
*****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
Minor updates and revisions to the course are free. Major changes (total course revisions) are charged an upgrade fee if students want the new material. This isn't actually that bad, considering it is technically a new course. A lot of vendors will charge you full price or a hefty upgrade fee. You can still take the exam from PTPv3, even if they release the new version.
I emailed them yesterday and got a reply, but it didn't match up with what the forums say. She acknowledged that they have a new version in the works, but according to her it is still some months away.
@Unix
Time is my killer when looking at the OSCP. I don't think I properly dedicate the time currently, where as PTP allows me to go at my pace and not worry about lab time wasting away. Which is completely awesome. What module are you currently on?
The 20% discount they have going right now is great. If you attend release day of PTP v4, not only will they discount it at least 20%, but they're higher than likely going to allow you to upgrade your course to the next highest package for free for the first week or so.