My journey to OSCP - Part 1: eCPPT
t17hha
Member Posts: 52 ■■■□□□□□□□
Pre-amble
So I finally managed to get a chance to write my review of the eCPPT. Just for information my journey started many years ago, around 2011, when I purchased PWB (before PWK) as I wanted to improve my skills within pentesting. However, considering I had little knowledge of Linux and programming and the birth of my son, my lab time went out the window and I decided to leave it at the time.
Over the years it was eating at me to do my OSCP, especially as I purchased the upgrade to the PWK and kept paying for my labs being renewed, so last year I opted to purchase the PTP and gave myself the goal of completing the OSCP by December 2017. As part of the PTP I obtained access to PTS which I sat and managed to complete within a short period of time, I found the course interesting and a good prep for the PTP.
PTP
I began studying for the PTP as I did previously with the PWB noting down every command within an excel spreadsheet and also creating mindmaps of all the commands and different areas. I found the course insightful and really enjoyed the learning considering the effort the instructors had put into the material. I decided to skip the Wireless and Ruby modules as I had read these were not relevant for the exam. I found the labs very fast and straight forward considering they were dedicated to you. I ended up using approx 30 hours of the 120 hours which were purchased so I would say the Full version would be sufficient for most people.
Where I feel eLearnSecurity excel is the depth of knowledge they put into the material, they definitely hand hold you more but I like that element as due to having a full-time job, a few children and juggling with other responsibilities I don't have that much time to dig around for lots of information. After going through all the material and all the labs I was at a point that I did not want to go through the labs again and just wanted to sit the exam. Considering I had started approx February-March 2017 it took me until June before I was in a position to book the exam, I had spent most evenings and weekends studying as a lot of effort was required.
Exam
I recall anxiously waiting for my login credentials and for the exam lab to start, once this was provided I began to scope out my attack vectors and wanted to capture as much information as possible to assist with the exam report. I don't want to go too much into the exam considering all the material available across numerous sites. But I felt 1 week was definitely enough and this was with me going down numerous black holes and being a little narrow minded with my attempt. I seem to focus on the exam objectives and then took a back seat and realised closer to lab expiring that there were additional machines which I did not pick up due to not continuously scanning for new machines after compromising. I spent long hours in the initial days with very little sleep.
I moved onto the report which I was able to complete in a few days and had approx 100 pages of the main content and another 100+ pages for supplementary data (e.g. scan report).
I really feel eLearnSecurity are very generous but the exam is representative of a pentest which is exactly as it should be if you want to move into pentesting as the onus is on the quality of the report and your abilitiy to apply your technical skills.
The next step was the worst, waiting for weeks to find out if I had passed, finally I received an email which felt like eternity to say I had passed!
I was over the moon and happy to have passed but the blatantly obvious was awaiting me!! It was now September and I had 3 months to complete the OSCP!!
So I finally managed to get a chance to write my review of the eCPPT. Just for information my journey started many years ago, around 2011, when I purchased PWB (before PWK) as I wanted to improve my skills within pentesting. However, considering I had little knowledge of Linux and programming and the birth of my son, my lab time went out the window and I decided to leave it at the time.
Over the years it was eating at me to do my OSCP, especially as I purchased the upgrade to the PWK and kept paying for my labs being renewed, so last year I opted to purchase the PTP and gave myself the goal of completing the OSCP by December 2017. As part of the PTP I obtained access to PTS which I sat and managed to complete within a short period of time, I found the course interesting and a good prep for the PTP.
PTP
I began studying for the PTP as I did previously with the PWB noting down every command within an excel spreadsheet and also creating mindmaps of all the commands and different areas. I found the course insightful and really enjoyed the learning considering the effort the instructors had put into the material. I decided to skip the Wireless and Ruby modules as I had read these were not relevant for the exam. I found the labs very fast and straight forward considering they were dedicated to you. I ended up using approx 30 hours of the 120 hours which were purchased so I would say the Full version would be sufficient for most people.
Where I feel eLearnSecurity excel is the depth of knowledge they put into the material, they definitely hand hold you more but I like that element as due to having a full-time job, a few children and juggling with other responsibilities I don't have that much time to dig around for lots of information. After going through all the material and all the labs I was at a point that I did not want to go through the labs again and just wanted to sit the exam. Considering I had started approx February-March 2017 it took me until June before I was in a position to book the exam, I had spent most evenings and weekends studying as a lot of effort was required.
Exam
I recall anxiously waiting for my login credentials and for the exam lab to start, once this was provided I began to scope out my attack vectors and wanted to capture as much information as possible to assist with the exam report. I don't want to go too much into the exam considering all the material available across numerous sites. But I felt 1 week was definitely enough and this was with me going down numerous black holes and being a little narrow minded with my attempt. I seem to focus on the exam objectives and then took a back seat and realised closer to lab expiring that there were additional machines which I did not pick up due to not continuously scanning for new machines after compromising. I spent long hours in the initial days with very little sleep.
I moved onto the report which I was able to complete in a few days and had approx 100 pages of the main content and another 100+ pages for supplementary data (e.g. scan report).
I really feel eLearnSecurity are very generous but the exam is representative of a pentest which is exactly as it should be if you want to move into pentesting as the onus is on the quality of the report and your abilitiy to apply your technical skills.
The next step was the worst, waiting for weeks to find out if I had passed, finally I received an email which felt like eternity to say I had passed!
I was over the moon and happy to have passed but the blatantly obvious was awaiting me!! It was now September and I had 3 months to complete the OSCP!!