eCPPT over here, even though everyone I know is doing the OSCP

supasecuritybrosupasecuritybro Posts: 204Member ■■■■□□□□□□
Good morning everyone. I wanted to start a thread for some eCPPT from eLearn folks. I have been working through the material a lot slower than I have seen my peers doing so and moving on to the OSCP. I have seen that the motivation is a little different since I am not technically on a time limit at this time. Still have some time left on my labs and I am really stopping to get some concepts in my mind before going to the next topic. Doing some research on my own and such. I was wondering, do any of you do that? OR are you pushing through topics and circling back later?

I am just wondering if I am wasting time doing that or should I just move through the material and circle back.
Completed: CISSP, GPEN, GWAPT, eJPT, CySA+, M.S. Information Security
Current Goal: GREM
Continuous Education Plan:​ eCTHP (paused), eCPPT (paused), CISM, OSCP, AWS
Book/CBT/Study Material:​ FOR610 & Practical Malware Analysis

Comments

  • hal9k2hal9k2 Posts: 76Member ■■□□□□□□□□
    Hey

    I am myself considering buying eCPPT but I am thinking about this like a step to OSCP as I am not so confident for the last one.

    Regarding your question. During eJPT I moved trough the material quite fast (you can't memorize everything) I was also doing a lot of notes (in OneNote) especially from exercises and labs. Stuff like commands used etc... It was a good strategy when attempted exam, as they saved my ... I think this is will be for eCPPT as well ;)

    Can you say why you decided to go for eCPPT instead of OSCP? As I am still undecided...
  • supasecuritybrosupasecuritybro Posts: 204Member ■■■■□□□□□□
    Going to the eCPPT was a financial decision for me. I was able to save some money going to the v4 when they launched so I went for it. Also my company paid for it. I would have done the OSCP if that would have not been the case. I like the method they teach and also the MAJOR difference between the two is that the eCPPT goes into a lot more detail about treating as a PenTest and not just breaking into machines. I would prefer the fun of breaking in but I want to be able to make a business out of it.
    Completed: CISSP, GPEN, GWAPT, eJPT, CySA+, M.S. Information Security
    Current Goal: GREM
    Continuous Education Plan:​ eCTHP (paused), eCPPT (paused), CISM, OSCP, AWS
    Book/CBT/Study Material:​ FOR610 & Practical Malware Analysis
  • hal9k2hal9k2 Posts: 76Member ■■□□□□□□□□
    Thanks for the answer
    MAJOR difference between the two is that the eCPPT goes into a lot more detail about treating as a PenTest and not just breaking into machines.

    What do you mean by that?
  • yoba222yoba222 Posts: 887Member ■■■■□□□□□□
    Hi supasecuritybro,
    I see you have GPEN. How did it compare to how the eCPPT is? Do you favor one over the other? Do you feel that you're getting less out of the eCPPT now? I ponder self-studying for the GPEN using their course books. Value of the cert on the resume aside, I wonder if I should just skip GPEN and do eCPPT because of the value from doing all the labs.
    Obtained: A+ | Network+ | Security+ | CySA+ | PenTest+ | CAPM | eJPT | CCNA R&S | CCNA CyberOps | GCIH | LFCS
    2018: Virtual Hacking Labs
    2019: eCPPT &/or OSCP | CISSP
  • mokazmokaz Posts: 172Member
    Hey there, i've done OSCP/OSCE and will do eCPPT as well. So nothing wrong really!! Go search knowledge =)
  • supasecuritybrosupasecuritybro Posts: 204Member ■■■■□□□□□□
    hal9k2 wrote: »
    Thanks for the answer



    What do you mean by that?

    From the looks of the post people do on these forums, the OSCP is enumerate, pillage, show proof and write up a report of findings. With the eCPPT, you will be given Rules of Engagement and you have to complete those requirements and provide a report. It is also a longer period of time. So it will be like an actual PenTest engagement.

    I want to be clear before anyone puts my head on a pike, I completely respect anyone who has done the OSCP and will want to complete it next year. I am not bashing one over the other. Its just an observation made over the information provided. Also I have a few friends who have the OSCP and they mention its about getting in and knowing your way around. I will circle back to this theory when I have completed both.
    Completed: CISSP, GPEN, GWAPT, eJPT, CySA+, M.S. Information Security
    Current Goal: GREM
    Continuous Education Plan:​ eCTHP (paused), eCPPT (paused), CISM, OSCP, AWS
    Book/CBT/Study Material:​ FOR610 & Practical Malware Analysis
  • supasecuritybrosupasecuritybro Posts: 204Member ■■■■□□□□□□
    yoba222 wrote: »
    Hi supasecuritybro,
    I see you have GPEN. How did it compare to how the eCPPT is? Do you favor one over the other? Do you feel that you're getting less out of the eCPPT now? I ponder self-studying for the GPEN using their course books. Value of the cert on the resume aside, I wonder if I should just skip GPEN and do eCPPT because of the value from doing all the labs.


    Two completely different animals. I would say that the GPEN is more introductory, building of the framework for anyone who really wants to learn how to be a pentester. The real benefit is going to the class I would say. Ed Skoudis shares so much real world knowledge that I still am processing some of the MP3s and I took the class in in April. The eCPPT is way more in depth. The web app section is completely a school house of information regarding not just breaking in but how things work on web apps. In the GPEN it’s not that deep. The hands on and research I am putting in now is where not having recognition on resumes I am valuing. Most interviews will happen if you have a cert to get you in, you have a GCIH you are getting in. But what happens afterwards… can you explain in plain english how to do what you do? Do you know how application works and how to break them?? I am trying my best to learn those things so I can be a value not just a cert holder.
    Completed: CISSP, GPEN, GWAPT, eJPT, CySA+, M.S. Information Security
    Current Goal: GREM
    Continuous Education Plan:​ eCTHP (paused), eCPPT (paused), CISM, OSCP, AWS
    Book/CBT/Study Material:​ FOR610 & Practical Malware Analysis
  • tedjamestedjames Scruffy-looking nerfherdr Posts: 868Member ■■■■□□□□□□
    Still have some time left on my labs and I am really stopping to get some concepts in my mind before going to the next topic. Doing some research on my own and such. I was wondering, do any of you do that? OR are you pushing through topics and circling back later?

    I am just wondering if I am wasting time doing that or should I just move through the material and circle back.

    I'm working on eJPT. I've been through the material once, and now I'm going through it again in more detail. After following each tutorial, I'm following them up with outside training to reinforce the topics. I'm almost finished with Bucky Roberts' Burp Suite course. It's much more detailed than the eJPT material, and I'm retaining more. I'm going to do the same with his nmap, Wireshark, and Metasploit courses. It's free, and it's excellent as far as I'm concerned. Check it out: https://thenewboston.com/
  • KhohezionKhohezion Posts: 57Member ■■■□□□□□□□
    Hey, I'm starting the eCPPT as well since my CSA+ was a fail... but for myself I plan on understanding each topic thoroughly before I go onto the next topic.

    I got the bundle with the eWPT because I though prices were going to go up... also I've attempted the OSCP before and it did not end well, I think that the format of eLearnSec's courses holds you hand and walks you through concepts which is good stepping stone towards the OSCP.
  • TimBakerTimBaker Posts: 8Registered Users ■■□□□□□□□□
    How long do you guys reckon is required to complete studying for eCPPT and then taking the exam?

    It would be nice if we can start a study group at least to keep us motivated.
  • supasecuritybrosupasecuritybro Posts: 204Member ■■■■□□□□□□
    TimBaker wrote: »
    How long do you guys reckon is required to complete studying for eCPPT and then taking the exam?

    It would be nice if we can start a study group at least to keep us motivated.

    Tried it with a group but most of them jumped towards the OSCP and others (like me started slow stepping). I think about three months at the most to get all the information in, research, lab and do the exam (7 days, most people say it takes less). So are you planning on it?
    T
    Completed: CISSP, GPEN, GWAPT, eJPT, CySA+, M.S. Information Security
    Current Goal: GREM
    Continuous Education Plan:​ eCTHP (paused), eCPPT (paused), CISM, OSCP, AWS
    Book/CBT/Study Material:​ FOR610 & Practical Malware Analysis
  • TimBakerTimBaker Posts: 8Registered Users ■■□□□□□□□□
    Tried it with a group but most of them jumped towards the OSCP and others (like me started slow stepping). I think about three months at the most to get all the information in, research, lab and do the exam (7 days, most people say it takes less). So are you planning on it?
    T

    Hahaha, about jumping to OSCP. I actually plan on OSCP but not yet. I bought the PTPv4 material last year but stalled due to work and lack of discipline.

    I'm hoping i can take the exam by end of March 2018, I've got CCNA Security exam in about a month so I just want to get into the eCPPT material slowly.

    When do you plan on taking the exam?
  • supasecuritybrosupasecuritybro Posts: 204Member ■■■■□□□□□□
    I’d like to be done with it no later than Jan 2018. I have a 1 year old and another coming in March. I’d like to be done with the OSCP before he shows up but it may be after.
    Completed: CISSP, GPEN, GWAPT, eJPT, CySA+, M.S. Information Security
    Current Goal: GREM
    Continuous Education Plan:​ eCTHP (paused), eCPPT (paused), CISM, OSCP, AWS
    Book/CBT/Study Material:​ FOR610 & Practical Malware Analysis
  • globalenjoiglobalenjoi Posts: 104Member
    Two completely different animals. I would say that the GPEN is more introductory, building of the framework for anyone who really wants to learn how to be a pentester. The real benefit is going to the class I would say. Ed Skoudis shares so much real world knowledge that I still am processing some of the MP3s and I took the class in in April. The eCPPT is way more in depth. The web app section is completely a school house of information regarding not just breaking in but how things work on web apps. In the GPEN it’s not that deep. The hands on and research I am putting in now is where not having recognition on resumes I am valuing. Most interviews will happen if you have a cert to get you in, you have a GCIH you are getting in. But what happens afterwards… can you explain in plain english how to do what you do? Do you know how application works and how to break them?? I am trying my best to learn those things so I can be a value not just a cert holder.

    Actually glad to hear this. I paid for the PTP course last December, but haven't had the chance to focus on it until very recently (after my GCIH). I'll be going to the SANS Hackfest Summit next month for the GPEN course and was curious where it would fall in relation to the eCPPT.
  • TimBakerTimBaker Posts: 8Registered Users ■■□□□□□□□□
    Two completely different animals. I would say that the GPEN is more introductory, building of the framework for anyone who really wants to learn how to be a pentester. The real benefit is going to the class I would say. Ed Skoudis shares so much real world knowledge that I still am processing some of the MP3s and I took the class in in April. The eCPPT is way more in depth. The web app section is completely a school house of information regarding not just breaking in but how things work on web apps. In the GPEN it’s not that deep. The hands on and research I am putting in now is where not having recognition on resumes I am valuing. Most interviews will happen if you have a cert to get you in, you have a GCIH you are getting in. But what happens afterwards… can you explain in plain english how to do what you do? Do you know how application works and how to break them?? I am trying my best to learn those things so I can be a value not just a cert holder.

    Actually glad to hear this. I paid for the PTP course last December, but haven't had the chance to focus on it until very recently (after my GCIH). I'll be going to the SANS Hackfest Summit next month for the GPEN course and was curious where it would fall in relation to the eCPPT.
    Just checking to see if you both have taken the exam and learn from your test experience. If not, are you planning to do it anytime soon?
Sign In or Register to comment.