eLearn PTX

SleepCZ

Well now we know what exactly is there thank you for that. I just think that the biggest income should be in the labs. And I was disappointed by previous content of labs from PTP therefore I do not expect that 4 labs now will make me as excited as OffSec. Still think that with limited budget one should focus on OSCP and OSCE.

xxxkaliboyxxx

ottucsak wrote: »

There are two labs in Module 1. One about getting a shell through Office macro malware and another about getting a shell through BeEF. There are two more labs, one about WSUS and another about escalating from SQL injection to getting domain admin access. I guess instead of several small labs, they went for a few big ones where you have to chain your exploits compromise multiple hosts/applications. Remember this is supposed to be an advanced course with less hand holding, but you are free to experiment with different payloads and exploitation techniques.

SleepCZ: Please don't be a wiseguy. I read through Module 1, took notes, tried a few of the potential Office macros, but haven't watched the videos or completed the labs. Also I have read Chris Hadnagy's book before and it has nothing to do with the content of PTX. Module 1 contains a bucketload of information about spearphishing, Excel/Word/Powerpoint macros, obfuscation, client browser based exploitation, blue team and AV evasion etc but it doesn't deal with the basic piggybacking, lockpicking or shouldersurfing. Yes, most of the material is available online, but you have to hunt down dozens of blogposts from various authors, assemble your own labs, buy/steal licenses and configure everything. If somebody has the time to do that, that's great, I'm pretty sure most of the people who work 9-5 in security don't.

Thanks ottucsak for your reply. I'm on the fence right now and trying to decide before the 31st so if I do buy it, I can use the 50% coupon.

chopsticks

ottucsak wrote: »

Module 1 PTX.

That's fast!

vynx

can I use it towards adding value to the OSCP syllabus?

ottucsak

That's what I plan to do. PTP, PTX and try again OSCP after these. During my time in the OSCP labs, I know that I encountered an MSSQL->Admin vulnerability and my friend told me that he also used BeEF during his lab time, so this could be potentially useful. (Although it's a bit expensive if you just want to do that)

vynx

ottucsak wrote: »

That's what I plan to do. PTP, PTX and try again OSCP after these. During my time in the OSCP labs, I know that I encountered an MSSQL->Admin vulnerability and my friend told me that he also used BeEF during his lab time, so this could be potentially useful. (Although it's a bit expensive if you just want to do that)

so you mean PTX can use for OSCP preparation ?

ottucsak

I think you can easily pick up a few tips and tricks for the Windows exploit/post-exploit part of the lab, but it's not worth it/overkill if you only want to use it for that. Only buy it if you want to learn more about this specific aspect of red teaming, otherwise you can pick up the basic necessary skills during the OSCP lab time.

By the way, I just finished the slides from module 6 and those who say that it sucks are totally right. No hands-on tips or tricks of any kind, just slides about what tool can be used for a specific task and reference links.

vynx

ottucsak wrote: »

I think you can easily pick up a few tips and tricks for the Windows exploit/post-exploit part of the lab, but it's not worth it/overkill if you only want to use it for that. Only buy it if you want to learn more about this specific aspect of red teaming, otherwise you can pick up the basic necessary skills during the OSCP lab time.

By the way, I just finished the slides from module 6 and those who say that it sucks are totally right. No hands-on tips or tricks of any kind, just slides about what tool can be used for a specific task and reference links.

so you finish PTX in less than 3 days ? can i know how long in hours estimate ?

SleepCZ

vynx wrote: »

so you finish PTX in less than 3 days ? can i know how long in hours estimate ?

I think that he meant only 6th. module. Maybe it's not the greatest course ever but no one can graps it in such a short time.

Could anyone describe briefly, the way how the modules are written? How much course is ;cd hacking; git clone; and how much is actually some advanced knowledge regarding developing something or actually describing really ;uber national-agency level hacking;?

And I would love to know if anyone has passed OSCE and now looking into PTX, that could be an ultimate comparison as OSCE seems like a god-like level for me at the moment.

ottucsak

Check out the syllabus. As far as I heard from friends who did it, it's more about exploit development. It's something you do for fun or creds, but not something that you can use in your day-to-day job, so I guess it's comparing apples to oranges.
Also eLearnSecurity courses will never be as recognized as OffSec, so if you are only going for the wow factor, it's pointless to go with eLearn.

vynx

we can understand it not fair compare apple with orange, but between oscp, osce and PTX, is PTX would help to prepare OSCP, or its between OSCP and OSCE, or its complement each other (OSCP,OSCE, PTX )?

chopsticks

I would say this is a very difficult course for non programmers. I need to learn VB.net, VBA first in order to better understand the first module. Work in progress.

vynx

chopsticks wrote: »

I would say this is a very difficult course for non programmers. I need to learn VB.net, VBA first in order to better understand the first module. Work in progress.

can you explain why need to learn VB.net / VBA?

ZzBloopzZ

monkykap wrote: »

I would say PTP: hit, PWD: hit, PTS: miss, WPTX: miss, MASPT: miss, and now PTXP: miss

Why do you feel that the PTS was a miss? I felt it was a good amount of web app and network pen testing. For only $300 I thought it was a huge hit for people that don't know much about pen testing and want some hands on. Fantastic intro course IMHO. In fact I landed my current pen testing job thanks to what I learned in eJPT. CISSP got me the money I wanted but the eJPT got me the job or in other words pass technical interview.

I do agree from reading around the other classes appear to be miss including PTX. I plan to do PTP next if they end up having a thanksgiving sale otherwise will just jump to OSCP.

vynx

ZzBloopzZ wrote: »

Why do you feel that the PTS was a miss? I felt it was a good amount of web app and network pen testing. For only $300 I thought it was a huge hit for people that don't know much about pen testing and want some hands on. Fantastic intro course IMHO. In fact I landed my current pen testing job thanks to what I learned in eJPT. CISSP got me the money I wanted but the eJPT got me the job or in other words pass technical interview.

I do agree from reading around the other classes appear to be miss including PTX. I plan to do PTP next if they end up having a thanksgiving sale otherwise will just jump to OSCP.

so you agree PTX miss ?

vynx

someone already take PTX can give review here ?

tedjames

vynx wrote: »

someone already take PTX can give review here ?

I doubt that anyone has had a chance to complete it.

UnixGuy

vynx wrote: »

someone already take PTX can give review here ?

Mate it's really early the course has just been released

Take the course if you want to learn the topics in the course, don't compare it to OSCP/OSCE it's a different course


/Thread.

vynx

UnixGuy wrote: »

Mate it's really early the course has just been released

Take the course if you want to learn the topics in the course, don't compare it to OSCP/OSCE it's a different course


/Thread.

sure ... i will give review later ...

chopsticks

vynx wrote: »

can you explain why need to learn VB.net / VBA?

Sorry to reply late because I was busy in the past few days. The first module already have some coding in VBA and in order to understand it better, VB.net need to be learned. Otherwise, I won't be able to understand the code even the explanation are given next to the chunks of codes.

vynx

someone take PTX can give review ?

Smeden

I would like to add some words to this thread, which will hopefully elaborate a bit on the confusion about the PTX, OSCP, OSCE comparison.


First of i'm a pentester in scandinavia with appr. 2,5 years of experience in the field. I hold the OSCP, eCPPT (PTPv4), eWPT (WAPTv2) and recently did the OSCE course, but failed the exam at about the same time when the PTX was launched and have been doing/focusing on the PTX since.


I agree with ottucsak's statement that trying to compare PTX with OSCP or OSCE is like comparing apples and oranges. Yes they are all covering topics in the field of penetration testing and will have some overlap, but their focus area is completely different from my perspective.


OSCP and eCPPT are both beginner courses in "traditional pentesting". They teach the basic toolset and methodology steps which are needed to perform a professional network pentest (and not just run nessus and verify like most pentest corps do, at least in my part of the world). When i say "Traditional pentesting" i mean the typical test, where you are to discover as many vulnerabilities as possible in the scope you have in the short amount of time you've been given to finish the test. Here stealth is not needed and you can run your nmap, nessus whatever scanning tool without caring about the potential logs they create.


OSCE is a next-level course, but is mostly focuses on low-level stuff and exploit development although there is also a little on some advanced web attack vectors were you chain vulnerabilities to get code execution and then there's some out-dated network attacks. The exploit development stuff taught in the course is also out-dated, but it's still a good course and if one whould like to go into the niche field of exploit development and security research, I think its a good way to get prepared to take one of the exploit dev. course which will teach the newer techniques like ROP, Heap-spraying, Feng shui etc.
But except for the cert recognition and offsec mindset, you won't gain any knowledge/techniques from the course that you can use on your daily pentest engagements.


PTX is also a next-level course but a different beast and tries to cover a different niche field, which is "Red Teaming"/"Adversary simulation" (Other names also exists and some might argue that back in the days this was what pentesting was about). PTX assumes that you have the "basic" knowledge taught in the OSCP and builds on top of that with the focus on red team/adversary simulation engagements.These kind of engagement are targeted mature organisations, which gets "traditional" pentesting done regularly and have good monitoring/SIEM capability and hopefully a SOC. In these kind of engagements, the specific vulnerabilities are not the focus, they are just the red teams means to reach their defined goals. The focus in these engagement is mostly on training the blue team to detect and react on a "real" breach. The red team is therefore to simulate real attackers techniques, tactics and procedures. Therefore stealth, customization and evasion is a big focus for the red team. PTX is trying to teach the skills needed for this, so there is alot of focus on building custom malware to get a foothold and stealthy ways to do info gathering etc. once foothold is obtained. While in the OSCP the testing is focused on pwn'ing individual systems, the PTX is focused on techniques to pwn the whole companies domain/forest and is therefore mostly focused on Windows, which is what you will face more than 90% of the time anyway if you are to perform these kind of engagements.
Yes PTX is definetly not a perfect course and sometimes covers a topic really briefly, but i still think its the best/only course option online at the moment which covers this area of testing. Before PTX you would either have to do some of the training like "Dark Side Ops" or "Adversary Tactics: Red team operations" or some of "Mósse Security"'s offerings at a conference or similar (If you are lucky to work at a place where they will pay for you) or you would have to do alot of searching and reading on the internet of sean metcalf and/or the guys from specterops, like harmj0y, sixdub, enigma's blogpost (Which is basically what i've been using to much of my sparetime on the last 1,5 year).
With PTX alot if this material is now collected and available at one place (The reference list is gold), so i can now tell someone in the department who want's to perform our red team services, to do the PTX and then i will know that he at least knows about Powerview, Empire, Run stuff in memory, knows the value of customizing stuff to suit your need etc. and i can then focus on teaching him our testplan/methodology and then how to benefit from Cobalt Strike. With just the OSCP i would properly also need to teach him all the other stuff.
Furthermore, before this course/cert you had no easy way to show the world that you possess this niche kind of skill/knowledge, but with PTX this now becomes an opportunity. Yes, at the moment this certification is completely unknown and therefore has no real value, but i think that if no similar course gets available online, from either offsec or some other well established firm, then this cert could become really valuable for the people wanting to work in the niche area of "red teaming", and with regulation and frameworks like CBEST, TIBER and iCAST becoming more and more expanded globally, the need for people with this specific skill level will also become more and more in demand.


Regarding the labs in PTX, then yes i was also disappointed about there only being 4 and i hope that in the future there will be added at least one where you can train to move between domain and/or forests. But still the attack-vectors taught in the current labs are still way more advanced than anything you'll hit in the OSCP lab, but again also different focus in courses.
I've been in contact with the Instructor for the PTX course and he has alot of ambitions with course and would love to get som constructive feedback, so he can evolve the course to become the defacto course for red teaming.


Again to try an put the difference between skills taught in OSCP and PTX in a black and white way this could be an example:
If one with the OSCP skill level/methodology would perform a red team engagement, then if he managed to get a foothold on a system, from lets say spear-phishing, then to detect potential exploitable services he would start to scan with nmap, instantly getting detected by the mature blue team. When he would try to move lateral, he would **** a binary to disc on the target system, giving the AV/endpoint protection a possibility to detect and flag the binary and properly again get detected instantly by the SOC team.


A guy with PTX skill level/methodology would know that finding services with nmap is to easily detected, so he would do something like "SPN Scanning" or in general use AD more instead, which is way more stealthy, and when he would begin to do lateral movement, he would know that "touching disc" is bad tradecraft when trying to stay under the radar, so he would try and get his payloads running in memory with a technique like reflective dll injection instead.


But yes if you do not already have the OSCP or similar skill level, then definitly do this first. Then if you wanna become an exploit developer, maybe do OSCE or jump straight to some of the newer course at conference.
If you wanna do "Red team" engagements, then i would say PTX is a good way to get started.

vynx

very detail review, i have question, why you take WAPT than take WAPTX directly?

UnixGuy

@Smeden: Excellent review THANK YOU!!

Would you be able to tell us the difference between eCPPT and OSCP if you don't mind?

hal9k2

@Smeden Great post about PTX.

woo777

Woww @Smeden, thank you very much for the detailed comparison.

Smeden

Well they are both targeting application testing, which is really not my area of interest, and at the time the WAPT was suitable to give me coverage of all the basics around performing a all-round web app test. WAPTX is covers less areas, but dives deeper.

I do perform some web app testing, but there are other guys in my department who are better in this area, so if the application becomes really complex they are more suited than me to perform this kind of testing.

I'm more into network pentesting and red teaming/Adversary simulation, so i try to focus my limited time on developing my skills in these areas.

So i guess thats the answer to your question.

chopsticks

Nice reviews.

vynx

the exam seems likely ready to take.
someone have take the exam can share the review ?

Smeden

vynx wrote: »

the exam seems likely ready to take.
someone have take the exam can share the review ?

I recently did the exam and became eCPTX certified. I will say that the exam i really fun and challenging and i think it sums up pretty well the different skills thaught in the course material.
While the labs in the course lacks at the moment (I think version 2 of PTX will correct this, as multiple people has commented on this), the exam is all what the labs are not and i learned alot of stuff during the exam.