eLearn PTX

jm0202

I just saw the video.. pretty cool stuff, that is really red team stuff

SleepCZ

I'm just finishing PTP and when I saw the video I was sure to take it. The topics are great And you will be learning totally different things from OSCP. Bit then I realised there are only 4 labs. And I was already dissapointed by +- 20 labs in Ptp. After I checked demo I noticed that the WinUpdate module is in the same way like PTP - public resources GIT links with some explains. So I think that I will skip this, go straight to OSCP. Well known and rich lab.

Extreme is very expensive certification with no recognition, very poor lab ( no matter how many machines < OSCP) with some topics that are not in OSCP but Google-able. Ibthink that elearnsecurity creates way too many expensive courses with questionable quality.

beniisan

At first I thought this will be something like the OSCE@Offensive Security.
After I checked the video and the sylabus it seems like there are only 4 labs and only Microsoft base products, no IoT, no embedded systems, no Linux.
It's clearly a disappointment for me...

SleepCZ

Yeah, I expected something like osce. Very challenging, proof of skills. I also do not like els's policy of not answering any questions regarding Offensive Security. I asked what are their intension regarding making the certifications more recognised. Also for comparison of OSCP, OSCE but no answer. I feel like they just make as many courses as possible to harvest money. With OffSec you need one cert for 1000usd and you are good to go. Ad . And no cloud security.

vynx

so definetly this PTX is really out of the game ?

vynx

beniisan wrote: »

At first I thought this will be something like the OSCE@Offensive Security.
After I checked the video and the sylabus it seems like there are only 4 labs and only Microsoft base products, no IoT, no embedded systems, no Linux.
It's clearly a disappointment for me...

have you take the exam ? just curious hows the exam model ... since this is very specific ( just 4 lab )

SleepCZ

There are no details about the extreme exam her if I'm correct. Will be released later.

SleepCZ

I think if you have limited budget, you should rather go to OSCP and get a recognition from an employer than spending more for extreme which is interesting I don't deny that, but everyone is asking for OSCP. No one gives a **** about PPT after few years being out. I guess non one will appreciate extreme at least few years. Extreme is like pricy side project, you will get some extra knowledge with some lab, but no one will appreciate that. I will take it maybe after osce, it's time to get hands dirty with OffSec. No paying for easy els.

vynx

SleepCZ wrote: »

I think if you have limited budget, you should rather go to OSCP and get a recognition from an employer than spending more for extreme which is interesting I don't deny that, but everyone is asking for OSCP. No one gives a **** about PPT after few years being out. I guess non one will appreciate extreme at least few years. Extreme is like pricy side project, you will get some extra knowledge with some lab, but no one will appreciate that. I will take it maybe after osce, it's time to get hands dirty with OffSec. No paying for easy els.

so if someone already take oscp then better take osce than take PTX?

SleepCZ

After my experience with ppt, if you have balls to do OSCE, then yeah. That's my plan. PPT, OSCP, OSCE.

vynx

SleepCZ wrote: »

After my experience with ppt, if you have balls to do OSCE, then yeah. That's my plan. PPT, OSCP, OSCE.

whats PPT ?

SleepCZ

Els's certified professional penetration tester

vynx

any recommendation for red team course/training another of specter?

SleepCZ

I guess, OffSec is only really worth-of certification, then there is ELS. Which is not bad, I honestly love it and I would go for all of them just for sake of interest, but they are SO overpriced. If each course was for 800 USD for the most expensive variant, then it would be worth it. OffSec is known, therefore best, and actually cheaper. Of course there are more options from SANS etc. I guess, but those are getting extremely pricy and if we talk about self-funding then this is all.

chopsticks

beniisan wrote: »

At first I thought this will be something like the OSCE@Offensive Security.
After I checked the video and the sylabus it seems like there are only 4 labs and only Microsoft base products, no IoT, no embedded systems, no Linux.
It's clearly a disappointment for me...

This is only version 1, they might include those in newer version, just my guess.

vynx

chopsticks wrote: »

This is only version 1, they might include those in newer version, just my guess.

are we need to pay again if there is any newer version launch and we already pay for this version 1 ?

SleepCZ

New lab sounds like major upgrade so yes, pay extra.

ottucsak

I got the 2.5 eMAPT update for free, which included new updated chapters and better lab exercises. Nevertheless, they will probably not include any Linux or IoT, because that's not part of the scope.

By the way, I just finished Module 1 and it's amazing as is. 300 slides of pure awesomeness, including hands-on examples, tips for obfuscation, etc. Looking forward to the video and the lab.

vynx

ottucsak wrote: »

I got the 2.5 eMAPT update for free, which included new updated chapters and better lab exercises. Nevertheless, they will probably not include any Linux or IoT, because that's not part of the scope.

By the way, I just finished Module 1 and it's amazing as is. 300 slides of pure awesomeness, including hands-on examples, tips for obfuscation, etc. Looking forward to the video and the lab.

i think they mention minor version is free major version is not free, which module 1 that you mean ? module 1 PTX or ?

ottucsak

It was a minor update, but it improved the original V2 eMAPT a lot.
Module 1 PTX.

vynx

ottucsak wrote: »

It was a minor update, but it improved the original V2 eMAPT a lot.
Module 1 PTX.

can i know total duration of video ?

ottucsak

The total length of the videos is 2 hours 55 minutes roughly.

SleepCZ

If you finished one module in 2 days then I would say that is bit too easy. I think a great social engineering book will do same.

vynx

SleepCZ wrote: »

If you finished one module in 2 days then I would say that is bit too easy. I think a great social engineering book will do same.

can you give the example of the book that you mean ?

SleepCZ

I would start with this one got recommended by a friend who based a master thesis on it. Then I found one more, brand new but would have to consult it with my desktop bookmarks, can provide later.

https://www.amazon.com/Social-Engineering-Art-Human-Hacking/dp/0470639539

vynx

social engineering is one part right ? how about another part ?

SleepCZ

Well, I do not kboe everything. That's why u pay. For convenience. But another part is AD hacking and there tools out for that. https://github.com/BloodHoundAD/BloodHound and many more. I believe the course is bases on AD users enumeration with their privileges and its exploitation. + weak configuration like users.XML file which is stored in all hosts in domain and contains domain password.

About SQL module and exchange module I have no clue. This is new for me and must do a research.

SleepCZ

After my experience with PTP I believe that in AD module they just recompile public info and give it some extra value.

https://byt3bl33d3r.github.io/automating-the-empire-with-the-death-star-getting-domain-admin-with-a-push-of-a-button.html

xxxkaliboyxxx

ottucsak wrote: »

I got the 2.5 eMAPT update for free, which included new updated chapters and better lab exercises. Nevertheless, they will probably not include any Linux or IoT, because that's not part of the scope.

By the way, I just finished Module 1 and it's amazing as is. 300 slides of pure awesomeness, including hands-on examples, tips for obfuscation, etc. Looking forward to the video and the lab.

Since there is only 4 labs for 6 modules, does that mean they want you to build your own Windows environment and follow along? I mean, the good thing about eLS is the labs. 300 slides and no lab? Is it just just a "slides of death" type of deal?

ottucsak

There are two labs in Module 1. One about getting a shell through Office macro malware and another about getting a shell through BeEF. There are two more labs, one about WSUS and another about escalating from SQL injection to getting domain admin access. I guess instead of several small labs, they went for a few big ones where you have to chain your exploits compromise multiple hosts/applications. Remember this is supposed to be an advanced course with less hand holding, but you are free to experiment with different payloads and exploitation techniques.

SleepCZ: Please don't be a wiseguy. I read through Module 1, took notes, tried a few of the potential Office macros, but haven't watched the videos or completed the labs. Also I have read Chris Hadnagy's book before and it has nothing to do with the content of PTX. Module 1 contains a bucketload of information about spearphishing, Excel/Word/Powerpoint macros, obfuscation, client browser based exploitation, blue team and AV evasion etc but it doesn't deal with the basic piggybacking, lockpicking or shouldersurfing. Yes, most of the material is available online, but you have to hunt down dozens of blogposts from various authors, assemble your own labs, buy/steal licenses and configure everything. If somebody has the time to do that, that's great, I'm pretty sure most of the people who work 9-5 in security don't.