Hugely disappointed in Elearnsecurity- outdated, not working

ITSec_guyITSec_guy Registered Users Posts: 3 ■□□□□□□□□□
I purchased the 4 in a box bundle and I have never been so disappointed. What a waste of money. I chose PTS, PTP, WAPT and WAPTx.

Here's the story:
The CEO told me to evaluate these courses. I am not allowed to write the name, but it is a fortune 500 company based in New York and London. Our team is about 40-50 and are looking to spend our yearly training budget. They purchased it for me, so I was luckily.

Going through the courses, I have seen nothing but outdated or non-working material. Here's a summary of the report submitted to the CEO.

Complaint 1:
PTP: Buffer Overflow with XP?? WTF, is this 2002? Yes, the material is adequate, and VERY outdated. Labs not always working.

Complaint 2:
PTS: no Powershell, labs work only half the time (overall and excellent course)

Complaint 3:
ABSOLUTELY no support on their forum. Questions are ignored. I doubt they monitor it....

Complaint 4:
WAPT/WAPTx: Labs don't work correctly, 2-3 years old. (because you know that the web has not changed in that time.)

Complaint 5:
While stating lifetime access, that is not true. The labs are accessible for around a year or so.

Overall, the material is nice for fun, but if you want serious training. I suggest looking somewhere else.
Tagged:
«1

Comments

  • ottucsakottucsak Member Posts: 146 ■■■■□□□□□□
    Have you contacted them directly with your problems? They answered my questions in several hours, even in weekends.
    I don't see problems with outdated exploits and environments, these are only there to show you the basics. If you want to learn cutting edge exploit development, you have to do your research.

    Nevertheless I do get your disappointment, that's why I always do a lot of research before buying anything.
  • beniisanbeniisan Member Posts: 9 ■□□□□□□□□□
    That's strange. I took Waptx and Wapt and in my experience, the support forum is quite good. Usually the admins reply in a day, usually faster.
    And all of my labs worked in both course.
    I agree with the statement, that the material are rarely updated, but it's the same with other courses. I have yet to see a course with Windows 10 exploit development. :)
    I think they want to teach you the basic and to make you capable to research about topics learned.
    If you want to take the hardcore approach then take OSCP. On that course you won't get other help then "Try harder"...
  • jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
    I've never had an issue with them.

    As far as complaint 1, why does the OS matter? Just curious.
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    ITSec_guy wrote: »

    Complaint 1:
    PTP: Buffer Overflow with XP?? WTF, is this 2002? Yes, the material is adequate, and VERY outdated. Labs not always working.

    These courses are about the process, not teaching how to do the latest cutting edge exploits on the latest OS releases. A lot of these older exploits teach the process well. If you want the latest cutting edge stuff, you'll need to attend courses at Blackhat, DefCon, BSides, etc. Usually those courses teach the latest and greatest.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • LonerVampLonerVamp Member Posts: 518 ■■■■■■■■□□
    ITSec_guy wrote: »
    Overall, the material is nice for fun, but if you want serious training. I suggest looking somewhere else.
    What were you expecting? A course that will only teach you attacks on the most current patch level of an OS? Without knowing this, it's hard to contextualize your review. Courses like these teach you how to attack systems and a methodology, neither of which has changed all that much over the years, notwithstanding new features that create risk.

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    ITSec_Guy: sorry mate but the labs work, as evidenced by everyone in this forum who used them
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • vynxvynx Member Posts: 153 ■■□□□□□□□□
    as far i know, corporate not always do the latest patch for the software, also i saw some corporate still use old software because compatibility of apps,
    so sometimes the technique itself still can use with a bit modification.
  • yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
    I've only done the eJPT. I thought it was pretty decent. I was surprised by how well it was set up. Maybe I'm missing out and don't know the difference:

    For serious training, what do you recommend?
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • jm0202jm0202 Member Posts: 87 ■■□□□□□□□□
    I agree with @ITSec_guy: same with emapt... the material for V1 was very outdated , finally they released the V2... that material looked rushed and incomplete, complained about it, after 3 months they vowed to create "a lab guide" after SIX months they released the guide, again incomplete (meaning not in the exam level), the exam was a lot of fun, and now you guys are going to found out that these guys changed they mind on what they are asking for (i.e: the letter of engagement asks for one thing, then the reviewer fails you telling you, he has changed his mind and he wants this and this now). some BS right there.
    I took the ewapt and it was pretty decent. But it seems the quality level is decreasing in elearnsecurity!
  • PC509PC509 Member Posts: 804 ■■■■■■□□□□
    jm0202 wrote: »
    (i.e: the letter of engagement asks for one thing, then the reviewer fails you telling you, he has changed his mind and he wants this and this now).

    I wouldn't go beyond the scope of the letter of engagement. This would be on the reviewer and I'd challenge it. In a real setting, going out of scope of the letter of engagement can lead to lawsuits or other bad stuff. If they want to change the rules, they need to provide a new one.

    "I know the website wasn't part of this, but I went ahead and broke into that and changed a few things as proof. See?". Not gonna happen, and a job would have been lost and possibly a lot of legal fees. Reviewer was wrong, and if challenged, I'm sure eLearnSecurity would agree. If they didn't, I'd be throwing a big stink.
  • jm0202jm0202 Member Posts: 87 ■■□□□□□□□□
    Totally agree @PC509 but what you can do if the grader of the exam is the owner of elearnsecurity and pretty much tells you: "you know what you have to do if you want to pass this exam"
    In the real world your SOW is rock solid and is a contract... it seems that in elearnsecurity's world that means crap!
    pretty disappointed with elearnsecurity!
  • adrenaline19adrenaline19 Member Posts: 251
    They have a ton of problems, but they are growing.

    I'm disappointed with eLearnSecurity too. I took one of their courses. I won't take another.
  • mokazmokaz Member Posts: 172
    I do not really agree with this post, I've had a lot of support on the forums and I've witnessed eLearnSecurity CEO sending me PM's and showing a lot of understandings regarding not only technical matters. I mean I do hear you with the possibility of some things being outdated but mate the buffer overflow section in PWK/OSCP isn't really cutting edge cuisine either. Nor is the CTP/OSCE very up-to-date either.
  • ITSec_guyITSec_guy Registered Users Posts: 3 ■□□□□□□□□□
    Fortunately, I have not had to interact with the CEO. But I have read his forum posts. Sounds like he has a god complex. He basically berates people asking for help and support.

    mokaz, yes OSCP is not very up to date either, but they have an industry name. Not to be pompous.. But being born in the U.K. and living in the US, I expect either up-to-date material, or at least a product that is grammatically coherent (another problem I didn't mention). Reading their basic English mistakes makes my head hurt.

    unixguy, I am only stating my experience with their labs.

    jm0202, no feedback besides: you know what you have to do if you want to pass this exam"???
  • bootboot Member Posts: 22 ■□□□□□□□□□
    When you learned mathematics in school, did you start with addition and subtraction, or trigonometry and algebra?

    Teaching buffer overflows on Windows XP lets you learn the fundamentals without having to work around the mitigations in modern operating systems. Fundamentals is a key word, they teach you how it works and enough for you to do additional research to expand your knowledge outside of the course syllabus. It's an introduction to pentesting, not nation state full time employed hacker boot camp.

    The fact that labs are only available for two years I'll agree is crap and well hidden (until after you purchase your course).
  • mokazmokaz Member Posts: 172
    boot wrote: »
    The fact that labs are only available for two years I'll agree is crap and well hidden (until after you purchase your course).

    Agree - although is this so from the time you start the labs or from your purchase date??? Its kind of weird though because life time to me means life time... anyways..

    Asking this because i've purchased some ELS trainings but have no time to properly start until November I'd say...
  • jm0202jm0202 Member Posts: 87 ■■□□□□□□□□
    @ITSec_guy yes the CEO has a god complex, I finally passed the exam after I resubmitted my exploit according to what he was asking for
  • wd40wd40 Member Posts: 1,017 ■■■■□□□□□□
    boot wrote: »
    The fact that labs are only available for two years I'll agree is crap and well hidden (until after you purchase your course).

    I just had to pay 299$ to renew my ewapt lab .. to be fair, if it takes you "or me in this case" more than 2 years to finish any course then maybe this type of courses is not for you.
  • bootboot Member Posts: 22 ■□□□□□□□□□
    wd40 wrote: »
    I just had to pay 299$ to renew my ewapt lab .. to be fair, if it takes you "or me in this case" more than 2 years to finish any course then maybe this type of courses is not for you.

    Not so much that it takes two years to get through it, more that I bought it when there was budget for it, even though I planned to go through it later (full time job + degree my employer asked that I take). The top tier screams unlimited in every direction in their marketing, so I did not expect that restriction.
  • rdrunnerrdrunner Registered Users Posts: 4 ■■□□□□□□□□
    Everyone,

    I am not sure if I should comment or not. But, I used work for eLS. I will not make any comments on any products, procedures or people, but I do know that if you are having any issues with any of their products for ANY reason, they will address it as soon as possible.

    V
  • EANxEANx Member Posts: 1,077 ■■■■■■■■□□
    boot wrote: »
    The fact that labs are only available for two years I'll agree is crap and well hidden (until after you purchase your course).

    The terms of service, stating a 24-month period, are available to anyone before purchase. If they make the info available and you don't read it, is that their fault?
  • infosec123infosec123 Member Posts: 48 ■■■□□□□□□□
    rdrunner wrote: »
    Everyone,

    I am not sure if I should comment or not. But, I used work for eLS. I will not make any comments on any products, procedures or people, but I do know that if you are having any issues with any of their products for ANY reason, they will address it as soon as possible.

    V

    Sorry, but when an organization explicitly states a student must follow the instructions on a letter of engagement to pass a cert, then the CEO of said company tells the student to deviate from the instructions to pass, there are some real issues at the company which need to be addressed.
  • armando_elsarmando_els Registered Users Posts: 1 ■■□□□□□□□□
    Hi everybody.
    This is Armando, CEO of eLearnSecurity.


    I hope I can have the chance to express our point of view and bring some facts to the table, since mine and my team's hard work and integrity have been questioned (to say the least).


    Let me clarify one thing: Each of our student is entitled to have an opinion on our courses and as many of you already stated, I'm always open to admit, apologize, go back to work and try to improve if any mistake is made.


    Proof is where we, as eLearnSecurity, started and where we are right now. I won't make a tedious list of Fortune500 that trust our courses and certifications.


    I'm not interested in arguing about course feedback here. I'll let other students talk about it.


    What I am concerned the most is the groundless bashing of our certification grading procedure that tries to undermine the hard earned trust in our company and requires clarification.

    jm0202, who I hope will use his real name in this forum as I am doing right now, submitted the eMAPT exam providing 2 apk's as deliverable instead of 1 as required. Moreover the proof of concept was giving an output in logcat rather than on screen. The latter not a deal breaker but an extra request to make the POC more clear.

    At that point we had asked to provide 1 apk instead of 2 as suggested by the Letter of Engagement (that I cannot share in full here for obvious reasons)
    This is an excerpt:
    "Once you have created your malicious application (source code + .apk) , create a .tar.gz file and upload it in the members area"

    We say: "Your malicious application". NOT "Your malicious applicationS".


    So yes, jm0202 knew what he had to do to pass the exam: read the Letter of engagement properly.


    NOTE: I had explained to jm0202 that this was not considered a FAIL. He would have to provide 1 apk showing the POC on screen and we would re-evaluate his exam. So he was not using up one of the two attempts provided by our exam vouchers.


    Actually this is MORE than we are supposed to do.
    I challenge anybody with a degree having had the chance to submit their final exam twice for a mistake they had made.


    In 3 years from launching this exam we didn't have one single certified professional having an issue with this letter of engagement.


    Eventually jm0202 produced what we asked for and he passed the exam.


    Our private conversation and email is the proof for what I am saying and I will be ready to use it anywhere necessary.


    I hope this clarifies that in no way me or any other in my company has ever "deviated" from the Letter of Engagement or has had any misconduct as stated in this forum.


    Anonymous, groundless comments in a forum cannot and will not destroy the reputation we had to work hard to achieve.
    I have the duty and the right to defend it.


    Thank you for reading thus far and sorry for the long post.
  • jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
    Okay awesome. If some of yall aren't happy with ELS then don't use them. Yes, there are outdated things. Yes, they're growing. Yes, they might not be on top of everything that they can be on. We all have opinions and facts. Fact is that if you're not happy with how things are ran with the courses then don't use them. Or just suck it up and deal with what you have to deal with to be successful in the course as much as possible and learn what you can from it.

    You're getting a baseline to learn from. The work that they do is best as possible. Some of the stuff that I've had issues with, I got help from them.

    There might be things that are changing. If you have instructions on how to do something and the CEO says something else, then go with it. You have it in writing so whats the issue... It's not like the guy verbally told you something before the work was done and then wrote something different in the email after the work was done.


    TLDR: Since there are issues with ELS, they have their own forums that some of yall can post on and have it addressed there.
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • jm0202jm0202 Member Posts: 87 ■■□□□□□□□□
    @rdrunned
    wrong, it took them at least 6 months to release their lab material for emapt v2 (they were silent for months before replying)
  • infosec123infosec123 Member Posts: 48 ■■■□□□□□□□



    If you have instructions on how to do something and the CEO says something else, then go with it. You have it in writing so whats the issue...

    Deviate from the scope during a pen test and find out what happens... This is a big deal because elearn advertises the exam as mimicking a real world engagement, the CEO of all people shows he either does not understand the consequences of his ask or does not care. Either way, its a REALLY bad example to set, and coming from the CEO makes it even worse..
  • tripleatriplea Member Posts: 190 ■■■■□□□□□□
    I'll agree with the fact that they are not very helpful if you post on their forum. Currently doing eJPT

    'It is in the manual meer mortal!' Perhaps rather than giving you a manual to read for the 'solution' another video would be helpfull. Monkey see, monkey do.

    Its a real shame as this course is setup really well and their labs are good but help is dire. They reply like you are ******* stupid for asking.

    Wont be taking a further course with them.Shame really.


  • new2Secnew2Sec Member Posts: 24 ■■□□□□□□□□
    That is what I have been trying say.
    Many people blast me, but only remember old elearnsecurity 3+ years past.
    Now, $600 for 2 new modules, no new exam, no forum help.
    Treat students/customers like we nuisances.
  • tripleatriplea Member Posts: 190 ■■■■□□□□□□
    Because I kept trying to get some help and trying to reword it each time because maybe something was lost in tryping translation I was told this is spamming the forum. What a d**k!
  • wd40wd40 Member Posts: 1,017 ■■■■□□□□□□
    Can you give us an example of the type of questions that you asked? or send me the links in private message.

    I feel that sometimes they will ignore some questions, in other times the students ask the wrong questions especially about exams.
Sign In or Register to comment.