eCPPT journey

UnixGuy

Judging by my track record, I'm not the best at keeping track of my studying progress, but let's try.

I'm about to do my very first LAB as part of eLearnSecurity PTPv3, and I know few members in this forum are doing the same course (some PM'd me), so how about we keep track of our progress in this thread??

Feel free to post updates if you're doing the PTP3 course..

joneno

Good luck unix.

veritas_libertas

Good luck. Reach out to me to me if you have any questions. I didn't do a very good job of tracking either

joneno

Guys,
The demo had backtrack in it, do you know if that was updated or the current version is still using backtrack?

Thanks

JoJoCal19

@NetworkNewb, you can do lab time either hourly, or daily I believe. I have hourly. I believe the lab time starts when you first use it, and only each time you start labbing, one unit is used up (an hour or a day) no matter how much of that unit you actually use it.

iBrokeIT

NetworkNewb wrote: »

If I bought PTP course now (being 20% off) does that lab time not go down until I use it? Or does your lab time go off from when you bought the course? Like would it be fine for me to buy the course right now and not start it for a month or two.

Your lab time you can used any time, even after you get certified it will still be available if you didn't use it all. You have a lab section on the course page where you manually start/stop the lab environment that you VPN into.

BUT if you purchase the Barebones or Full package you have 180 days to use your Certification Voucher that came with your package. The "Infinity Certification Voucher" with the Full package doesn't expire.

chazb0t

I just finished the last chapter in the Network Security module which is Social Engineering, I'm starting the Ruby and Metasploit module either tonight or tomorrow morning.

Mooseboost

I am coming close to finishing PTS. Looking forward to doing PTP!

UnixGuy

@joneno: yeah I noticed that the videos has backtrack but I thought it doesn't really matter, same tools, same instructions.


I'm still in the web security...reading through SQL Injections.

joneno

O.K thanks unix.

UnixGuy

Still reading through the PDFs of the first section (Web Security) and going through the videos now, I noticed there are few tools not mentioned in the PDFs but they're in the videos (unlike eJPT)....so we're expected to know all these tools? haven't got to the labs yet

chazb0t

UnixGuy wrote: »

Still reading through the PDFs of the first section (Web Security) and going through the videos now, I noticed there are few tools not mentioned in the PDFs but they're in the videos (unlike eJPT)....so we're expected to know all these tools? haven't got to the labs yet

I think the PDFs and labs have been updated, but the videos are out of date. The presenter still uses backtrack.

jamesleecoleman

Maybe they just liked Backtrack but updated all of the tools that they use??

It might be safe to ask if the video's have been updated on the forums.

luger

Im contemplating if to sign up for this course or not. I enjoyed the eJPT course and there are also quite some good reviews about it which i can confirm first hand but nothing as solid on this eCPPT course. Was hoping some for some solid feedback in this thread but you guys doing this course now seem a little hesitant about it.

Can any of you guys doing this course actually recommend it or am i better off saving the course money and spend 2 months to seriously prepare for OSCP instead of eCPPT. A any feedback by today is welcome considering the 20% discount.....im not really paying for it since my work is paying for all my courses but a 20% discount would be welcomed by anybody

Thanks

chazb0t

luger wrote: »

Im contemplating if to sign up for this course or not. I enjoyed the eJPT course and there are also quite some good reviews about it which i can confirm first hand but nothing as solid on this eCPPT course. Was hoping some for some solid feedback in this thread but you guys doing this course now seem a little hesitant about it.

Can any of you guys doing this course actually recommend it or am i better off saving the course money and spend 2 months to seriously prepare for OSCP instead of eCPPT. A any feedback by today is welcome considering the 20% discount.....im not really paying for it since my work is paying for all my courses but a 20% discount would be welcomed by anybody

Thanks

I'm loving it, it's definitely the next logical progession before the OSCP. Since I have no industry experience I feel like it's more mandatory for me, if you breezed through eJPT you might be OK skipping it and going straight to OSCP.

From what I read on these forums and Reddit, I'd rather be overprepared for the OSCP(if there is such a thing) than be underprepared and have to re-take.

luger

chazb0t wrote: »

I'm loving it, it's definitely the next logical progession before the OSCP. Since I have no industry experience I feel like it's more mandatory for me, if you breezed through eJPT you might be OK skipping it and going straight to OSCP.

From what I read on these forums and Reddit, I'd rather be overprepared for the OSCP(if there is such a thing) than be underprepared and have to re-take.

Thanks for the feedback mate, now officially enrolled to the eCPPT course with the rest of you. I will probably have to wait another month before i actually start to get my hands dirty on this and really cant wait.

Will still be following this thread eagerly just the same

UnixGuy

Glad more of us are doing the eCPPT, lets keep on updating this thread!

got busy with life and not studying as I should be, but I will.

jamesleecoleman

Gotta wait for the second paycheck this month before I can sign up for the eCPPT again. I can't wait to get back at this!

xXxKrisxXx

luger wrote: »

Im contemplating if to sign up for this course or not. I enjoyed the eJPT course and there are also quite some good reviews about it which i can confirm first hand but nothing as solid on this eCPPT course. Was hoping some for some solid feedback in this thread but you guys doing this course now seem a little hesitant about it.

Can any of you guys doing this course actually recommend it or am i better off saving the course money and spend 2 months to seriously prepare for OSCP instead of eCPPT. A any feedback by today is welcome considering the 20% discount.....im not really paying for it since my work is paying for all my courses but a 20% discount would be welcomed by anybody

Thanks

Having done eCPPT and OSCP, I think if you prepare hard enough for PWK and dedicate enough time to the lab environment you will persevere. There are good resources out there today that serve as perfect preparation for PWK. The main free resource out there right now that I found closest to PWK was Georgia Weidman's course on Cybrary titled, 'Advanced Penetration Testing'. She's an OSCP, and I feel like she's incorporated a lot of the PWK material inside of her free course. If you can grasp most of it, you'll be able to understand the PWK course content.

The main emphasis I have to place here is you better have enough free time available in order to work through the labs. Do not give up. Georgia makes it look easy in her course - but when you're tasked with putting it all together in a lab environment, it's going to be a different situation. Lab time is so valuable, so if you register be sure to purchase enough.

My opinion on the eCPPT material, I think it's great. I found the eCPPT Gold Exam is fantastic and way more impressive than their Silver Exam. eLearnSecurity's going to start gaining more recognition for their certifications once more and more people sign up and see how hands-on the exam is. The 20% discount is nothing you'll see Offensive Security do for their material.

'Seriously preparing' for Penetration Testing for Kali is practically doing. You can't sit back and just watch videos and retain material. You're going to have to practice putting everything together and following the proper methodology in a lab environment for any of it to stick. You're going to have to think out of the box a bit in the course and do a whole lot of research. The course material has good stuff in it, but they don't teach you everything you need to know to pop every box. Each one is designed a specific way and can be attacked various ways.

I remember doing this course back in 2010. No one publicly disclosed exam restrictions involved, the lab environment was updated significantly between Offensive Security 101 (PWB) v2 to Version 3. These days if you do quick searching around, you can pretty much find out what to expect on the examination and there's good resources out there to help you prepare for it (outside of the PWK Material). I remember back then all I had was time. I was a student and lived at home. I'd spend like 6-14 hours a day online doing research and hacking away at the lab environment. Do you currently work in IT luger? Do you see yourself hopping online as soon as you get home if you aren't burned out and taking a swing at the machines in the lab? From what I remember every day is counted as a lab day whether you connect in and try to break things or you don't. I'm not saying it's not do-able studying a couple hours every night and on weekends. I look at my situation now working a 40 hour week, and I know I wouldn't be able to pull it off like I did back then.

I would weigh your decision based on your will power and the time you can commit to the labs. eCPPT is more at your own pace, they aren't going to make you, 'Try Harder', you can get hints on their practical lab challenges with the click of a button. The exam's not going to be a cake walk, and you're definitely going to have to prove that you have learned the core of the material. What I got the most out of PWK was that I couldn't get hints at the click of button. That I had to actually research it and learn why I had to do X, before trying Y, and Z. It's this type of learning style that enforces learning the techniques. This can break people and/or it can make people.

UnixGuy

@xXxKrisxXx: thanks for the write up!

So do you think doing the eCPPT beforehand makes your PWK(OSCP) experience easier and less frustrating? I'm talking from the point of view of someone who is extremely busy during and after working hours!

xXxKrisxXx

You're welcome.

Tough question to fully answer. The Penetration Tester Pro Lab Environment is a bit of a different setup than PWK. In PWK, they try to make it somewhat of a Live network. This is to say on some machines are installed scripts to mimic user behavior. This allows you to try out things like client-side attacks. Though things have changed significantly from the version of PTP v1 (the version I took) and PTP v3 (the current), my assumption is eLearnSecurity has made their lab environment the whole Hera Setup.

I'm familiar with this setup because I've taken v1 of their Web Penetration Testing course, and I've seen something similar in their Practical Web Defense course. Hera is more like, you click on a button to activate a live instance of a Virtual machine. You're given a url or bootable sandboxed environment that you're allowed to test. The exercise loads up and you're given a scenario to complete. There's a hint button for each step. You're welcome to click on it and it'll tell you what to do and explain why. This is very helpful and everything. In PWK though, you have a lot of machines are active and have a lot of students attacking them. You may end up popping a machine and find that someone's already been there and left some information you can use to get further leverage. This could be things like they installed scripts or whatever. I loved how in PWK they really tried to make the 4 Networks simulate a real lab environment. They may pull 1 down for patching once in awhile. This could leave you finding out that you need to attack the machine a different way.

Skills wise, if you can walk out of PTP with your eCPPT Certification, I would feel comfortable walking into the PWK class. You get the most out of PWK by having access to the labs. I wouldn't go so far as to say I consider the eCPPT a good pre-requisite to the OSCP course. They're both focused on Network Based Penetration Testing - but you'll find a little bit of Web Stuff in both. If you're extremely busy, sit through Penetration Tester Pro from eLearnSecurity and have a wack at the examination when you've gone through the material. If you found the whole interactive slide and some videos a good way to learn, eLearnSecurity is good. Hera labs are also great, but you're not going to have possibilities of breaking into over 50 hosts spread out across a well constructed lab environment. I have said it before and I'll say it again - PWK is always going to have a special place in my heart. I've seen eLearnSecurity improve it's course work and challenges so much over the years. This company is something special too, and their training is great and affordable.

luger

xXxKrisxXx wrote: »

Having done eCPPT and OSCP, I think if you prepare hard enough for PWK and dedicate enough time to the lab environment you will persevere. There are good resources out there today that serve as perfect preparation for PWK. The main free resource out there right now that I found closest to PWK was Georgia Weidman's course on Cybrary titled, 'Advanced Penetration Testing'. She's an OSCP, and I feel like she's incorporated a lot of the PWK material inside of her free course. If you can grasp most of it, you'll be able to understand the PWK course content.

The main emphasis I have to place here is you better have enough free time available in order to work through the labs. Do not give up. Georgia makes it look easy in her course - but when you're tasked with putting it all together in a lab environment, it's going to be a different situation. Lab time is so valuable, so if you register be sure to purchase enough.

My opinion on the eCPPT material, I think it's great. I found the eCPPT Gold Exam is fantastic and way more impressive than their Silver Exam. eLearnSecurity's going to start gaining more recognition for their certifications once more and more people sign up and see how hands-on the exam is. The 20% discount is nothing you'll see Offensive Security do for their material.

'Seriously preparing' for Penetration Testing for Kali is practically doing. You can't sit back and just watch videos and retain material. You're going to have to practice putting everything together and following the proper methodology in a lab environment for any of it to stick. You're going to have to think out of the box a bit in the course and do a whole lot of research. The course material has good stuff in it, but they don't teach you everything you need to know to pop every box. Each one is designed a specific way and can be attacked various ways.

I remember doing this course back in 2010. No one publicly disclosed exam restrictions involved, the lab environment was updated significantly between Offensive Security 101 (PWB) v2 to Version 3. These days if you do quick searching around, you can pretty much find out what to expect on the examination and there's good resources out there to help you prepare for it (outside of the PWK Material). I remember back then all I had was time. I was a student and lived at home. I'd spend like 6-14 hours a day online doing research and hacking away at the lab environment. Do you currently work in IT luger? Do you see yourself hopping online as soon as you get home if you aren't burned out and taking a swing at the machines in the lab? From what I remember every day is counted as a lab day whether you connect in and try to break things or you don't. I'm not saying it's not do-able studying a couple hours every night and on weekends. I look at my situation now working a 40 hour week, and I know I wouldn't be able to pull it off like I did back then.

I would weigh your decision based on your will power and the time you can commit to the labs. eCPPT is more at your own pace, they aren't going to make you, 'Try Harder', you can get hints on their practical lab challenges with the click of a button. The exam's not going to be a cake walk, and you're definitely going to have to prove that you have learned the core of the material. What I got the most out of PWK was that I couldn't get hints at the click of button. That I had to actually research it and learn why I had to do X, before trying Y, and Z. It's this type of learning style that enforces learning the techniques. This can break people and/or it can make people.

Hi xXxKrisxXx,

Thanks for your deep insight on both courses. Pen testing is what i really want to do in my career and willing to do anything to achieve my goals. I know it's not easy juggling a full time job and life plus such an intensive course. I currently work in infosec but not much into pen testing for the moment but i have been given the opportunity to do pen testing on some of our environments so thats a plus. I also manage the vulnerability scanner so i have a pretty good idea of how things work in that aspect. Im quite sure i can take in 4-5hrs a day after work. I know it's not easy but i should be mentally capable

Thanks once again.

jamesleecoleman

xXxKrisxXx

Thank you so much for the comparison and review! I wasn't sure if the eCPPT would be a great step towards the OSCP or not but you really gave some important information and answered a few questions that I had. I plan on doing the eCPPT again, eNDP and the OSCP.

UnixGuy

Same, doing the eCPPT now; seeing that I have zero pentesting experience, I could use any cert I can get my hands on

Mooseboost

I am debating pulling the trigger just yet. I was browsing the eLearnSecurity forums today and it appears that they are going to be updating the course material very soon (less than two months) - so my debate now is to go ahead and get it or wait. From what I understand, if I get it now and want to upgrade it will typically be an extra $200-300.

There is also the OSCP, but I don't think I am anywhere near ready to tackle that beast. Not to mention, PTP Elite will let me go at my own pace.

Thoughts?

UnixGuy

@Moose: Im in a similar position to you. I think if you have the time and resource you can just shoot for the OSCP, or you can do what I did and just go with the eCPPT....update or not it wont matter a lot, you're still gaining knowledge...if they update the eCPPT I'd pay the 200-300 and upgrade, not a big amount to be honest. I should use my time to study more and gain those skills.

luger

So having to update the material from PTPv3 to PTPv4 means paying more money! Having to fork out an extra $200 means the 20% discount was practically useless and will still end up paying the full amount for the course. It's abit of a rip off if you ask me as I expect the upgrades to be for free especially to the students who would have paid the full price in the first place! I will now definitely wait till the new material is out and upgrade before starting the course. Hope they upgrade the course in a months time or so....

jamesleecoleman

I just got done reading the forums and I guess I'll have to wait then. I hope that the price doesn't go up but now I gotta figure out what certification I can go after... Maybe C|EH just because people ask for it.

Mooseboost

@luger

Minor updates and revisions to the course are free. Major changes (total course revisions) are charged an upgrade fee if students want the new material. This isn't actually that bad, considering it is technically a new course. A lot of vendors will charge you full price or a hefty upgrade fee. You can still take the exam from PTPv3, even if they release the new version.

I emailed them yesterday and got a reply, but it didn't match up with what the forums say. She acknowledged that they have a new version in the works, but according to her it is still some months away.


@Unix

Time is my killer when looking at the OSCP. I don't think I properly dedicate the time currently, where as PTP allows me to go at my pace and not worry about lab time wasting away. Which is completely awesome. What module are you currently on?

xXxKrisxXx

For the guys in need of advise of going for PTP v3 and additionally wanting to purchase v4 after it comes out: I would just wait all around together. When eLearnSecurity rolls out with a new course, not only is it heavily discounted for current students, but for the public as well. It's very common that they'll even if you a free upgrade of the course (i.e - you can purchase PTP v4 Professional and receive PTP v4 Elite Bundle). Another reason I recommend waiting is, if you start digging into v3 of the course and feel ready for the eCPPT Gold Examination, what if you get your hands on the v4 material and feel inadequately prepared because the upgrade is a bit more than you thought? I'm not saying the challenge is going to change. I'm saying there shouldn't be a rush to purchase material the authors consider outdated if they've publicly acknowledge they're updating the materials.

The 20% discount they have going right now is great. If you attend release day of PTP v4, not only will they discount it at least 20%, but they're higher than likely going to allow you to upgrade your course to the next highest package for free for the first week or so.

UnixGuy

I see no problem with purchasing PTPv3, studying it and passing it then going for OSCP. The knowledge is still great even if PTPv4 comes around