eCPPT Gold Passed 6/4/2018

Just got the email today that I passed the eCPPT Gold certification. It is version 1, as the new course just came out during the middle of my test.
It was a journey, but I am happy with the entire course and certification attempt. The course did a very good job but like all forms of testing you should understand sometimes you may need to hear someone else's explanation of said technology/topic. That being said I didn't really use any external sources of study other than running through pentester academy's Exploiting Simple Buffer Overflows on WIN32. Even before using the pentester course, I had already ran through the PTP course materials, labbed, and understood the buffer overflow materials on PTP. I just supplemented further practice with the pentester academy course, and even then I only went through half of the pentester academy course, so I still need to finish it on my own personal account. I did not really learn anything new on the pentester course, but it did help to hear another viewpoint and strategy.
There is no substitute for working hard, failing forward, getting back up, owning and passing the exam.
Time line of my progress:
2013 PTPv3 purchased
2014 PTPv3 failed first attempt. (Failed, was fustrated and quit because I was a network engineer focused on cisco exams.
2014 PTPv3 retry, expired. (I didn't care I had my sights on my career "network engineering", hacking courses were just for fun.)
2016 Upgraded to PTPv4 (I now work in security, but delayed studying PTP because I was focused on CISSP, LFCS, and renewing my cisco certs)
2018 PTP second attempt, failed. (Its a personal mission now!)
2018 PTP third attempt, passed! (ah!!!! Finally!)
Whats next:
Well I just started PWK and I am hoping to obtain the OSCP around September October.
I want to start CTP in October if all goes well with the OSCP. Then OSCE by 2019 feb/march
I am also looking at the doing the ARES course from eLearnSecurity. I bought it back in the day and feel like it will be a fun challenge as well.
Going to look at SLAE from pentester academy too.
It is a lot to tackle but that is what motivation does to crazy people like us lol
Thanks and best of luck to those tackling eCPPT v1 or v2!
It was a journey, but I am happy with the entire course and certification attempt. The course did a very good job but like all forms of testing you should understand sometimes you may need to hear someone else's explanation of said technology/topic. That being said I didn't really use any external sources of study other than running through pentester academy's Exploiting Simple Buffer Overflows on WIN32. Even before using the pentester course, I had already ran through the PTP course materials, labbed, and understood the buffer overflow materials on PTP. I just supplemented further practice with the pentester academy course, and even then I only went through half of the pentester academy course, so I still need to finish it on my own personal account. I did not really learn anything new on the pentester course, but it did help to hear another viewpoint and strategy.
There is no substitute for working hard, failing forward, getting back up, owning and passing the exam.
Time line of my progress:
2013 PTPv3 purchased
2014 PTPv3 failed first attempt. (Failed, was fustrated and quit because I was a network engineer focused on cisco exams.
2014 PTPv3 retry, expired. (I didn't care I had my sights on my career "network engineering", hacking courses were just for fun.)
2016 Upgraded to PTPv4 (I now work in security, but delayed studying PTP because I was focused on CISSP, LFCS, and renewing my cisco certs)
2018 PTP second attempt, failed. (Its a personal mission now!)
2018 PTP third attempt, passed! (ah!!!! Finally!)
Whats next:
Well I just started PWK and I am hoping to obtain the OSCP around September October.
I want to start CTP in October if all goes well with the OSCP. Then OSCE by 2019 feb/march
I am also looking at the doing the ARES course from eLearnSecurity. I bought it back in the day and feel like it will be a fun challenge as well.
Going to look at SLAE from pentester academy too.
It is a lot to tackle but that is what motivation does to crazy people like us lol
Thanks and best of luck to those tackling eCPPT v1 or v2!
Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
2023 Cert Goals: SC-100, eCPTX
2023 Cert Goals: SC-100, eCPTX
Comments
do you have any specific guidance for each topic? any blind spot we need to be aware of?
Next: CCNP (R&S and Sec)
Follow my OSCP Thread!
There isn't really a blind spot if you come from the eJPT/PTS course. eLearnSecurity does a really good job at guiding you and holding your hand. At some point when I couldn't figure something out, I started to question myself and if I was trying hard enough, was I seeking for the answer to be given to me? did I even make an attempt to open up google and do a little research?
I could only recommend redoing the labs several times. I think I did each lab over 3-4 times until I understood every aspect, intention of the lab, and especially where in the attack phase I could use this technique.
That being said PTS course is free right now by invite. Anyone can get the course materials get a good grasp of the PTS topics without taking the certification and jump into PTP.
eLearnSecurity does a good job of guiding you enough to where you "SHOULD" feel responsible enough to do further research. Understanding that aspect in the penetration testing field of studies is key for anyone trying to "understand" how one should go about these certifications.
Reading over the course pdf it seems like I have a good and decent grasp of most of what is covered in the course book. I am still going to go extra hard in my studies with the lab and course work. I got to go into this course with the same hungry mentality of wanting to learn more. I am not going to take my test until late August early september until I have rooted 40-44 machines in the lab. So although I may feel comfortable with the topics already, I need to practice practice practice.
2023 Cert Goals: SC-100, eCPTX
may i ask, how about the lab time for PTP. are you on the elite package and by going through the lab several times, do you have spare hours left?
I would say 5-10 hrs of the 120 labs hours I had were wasted at work from having a lab open, then my attention was taken away from an issue/email/coworker/or boss.
2023 Cert Goals: SC-100, eCPTX
This is my next cert I will be working on after finishing that daunting CISSP.....
I don't know if they can transfer but I can say that if you have more than one course, the hours are not automatically pooled.
Thanks Naruto. You working on any certifications at the moment or have any future plans on studying for a cert?
2023 Cert Goals: SC-100, eCPTX
Regards
2023 Cert Goals: SC-100, eCPTX
I dont have much experience in Pen testing so i need study material which gives me good foundation for OSCP.
Good luck with OSCP. Will be reading your post as and when you update about OSCP
Hope your OSCP study i going well
Regards
In all honesty the system "exploit development" portion of the course WILL take awhile. Especially if PTP is your first pentesting course as it was for me. I want to say it took me like 3-4 reviews of that entire module, some youtube videos, website tutorials, and practice to finally start to get it. Granted I was busy with some linux LFCS studies, mixed in with the security onion development project I had going on at work, but it took me several months to really understand the system module.
The idea with the system module that was a little hard for me was that there was no step by step lab manual. It is basically just the system course module and then VPN access to a windows XP host with the materials you need to practice. It isn't a structured step by step lab manual like the other labs. Therefore, since I was babied and reliant on the step by step lab manual approach, when it came to the system exploit development practicing, I just didn't want to go through it, I wasn't even motivated, it wasn't handed to me on a platter. I actually had to do some research!
What finally pushed me over the hump was, I finally set up my own windows XP vm and followed the systems course module and setup my own environment. Then I followed all the examples and tried to replicate them on my windows XP. After doing this 3-4 times, the picture started to become clearer. It took me a few tries and attempts trying to understand the python scripts that help send the shellcode or payloads to bof the apps. They provide you with the code but you will need to adjust the python scripts to your bof and that wasn't really being clear to me. It took me a while practicing and trying to understand that portion. But after some time of practicing and seeing other online tutorials, I started to see similar patterns and I started to understand little by little what the python scripts were doing, how they are sending your payload, and how to manipulate the python code. Its bad enough one needs to understand how BOF, stacks, assembly lang (architecture), all come in to play here, but now I was stuck trying to figure out how the python code/script works in order to send my payload / shellcode.
So it was like, ok I just figured something out. I just learned the concept. Let me go to my VM , load up the app, and send my bof. Oh wait, how do I send this again? oh wait, where do I put this in that one python script again? ah damn it....this isn't working, my python script is not right.
It takes practice, practice, practice and yes its good to see others online show you (tutorials, youtube videos) etc.
Here are some tutorials in order to follow along. "Do yourself a favor, get a windows XP vm and practice locally on your desktop, without wasting your lab hours"
Mad Irish :: Writing Windows Buffer Overflows
0x0 Exploit Tutorial: Buffer Overflow – Vanilla EIP Overwrite
https://www.exploit-db.com/papers/13147/
https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
I leave it up to you in order to find the youtube videos, there are plenty. Just watch them, you will start to see a pattern. Part of this journey is learning how to do a little research.
-Chris
Edit: Regarding OSCP. Its been two weeks and I have gone over all the PWK PDF. Because of my eCPPT journey and spending over a year on and off finally truly being able to dedicate time to eCPPT, I understood everything in the PWK course. Yes the PWK leaves a lot out, and I get where you have to try harder and part of that is your own research however a lot of that was done during the eCPPT studies. I still have to go over some stuff and sharpen the edges but I was not shocked or baffled at certain topics. I was introduced to some new creative ways of pentesting but I was able to understand and comprehend what PWK was attempting to do. I will need to practice it and apply it but I am not breaking my head trying to figure out why or what they are doing. I am hoping by mid august I pass the OSCP. Take the entire month of September off from studying and jump into CTP OSCE in October.
2023 Cert Goals: SC-100, eCPTX
Initially I tried to work on the lab elearn gave but then I thought I will be wasting time. Tried to install the software as per manual on win 10 and it had issues. So late evening, installed Windows XP and installed the software mentioned in the book. It works like charm
Regards
:)That was funny
2019 Goals: CISSP, Splunk certifications (Certified Core, Power User, Admin, and Architect)
Twitter: https://twitter.com/Malware_Mike
Website: https://www.malwaremike.com
Man I really appreciate this post. I have been a little distracted from completing the BoF section since it has been a little time consuming and I didn't want to waste more time, so I have been doing some research outside of the lab to not waste time. It's nice to hear someone say it, that its not as simple as it sounds and it will take some work. Everywhere I read people seem like they just got it and I am not able to. I figure its most people do not figure it out and they feel dumb admitting it or something. I will use your recommendation.
Current Goal: CCSE
Continuous Education Plan: AWS-SAA, OSCP, CISM
Book/CBT/Study Material: Max Power
The exam works fine. Hopefully before taking the exam you had a working WINXP enviornment you were using to successfully BOF'ing similar scenarios from the course materials. Doing a remote BOF is difficult if you do not have access to the application in order to load it into a debugger to analyze. My first step would be to locate that app somewhere in order to analyze it with a debugger.
@malwaremike
Thanks Mike! My BOF studies weren't smooth or simple like many "claim" they walked right through that module. Perhaps many did, but perhaps many just want to feed their ego I suppose? My journey was hard and it was no cake walk. I had zero BOF experience, plain and simple. I only decided I really wanted this cert and that mean I needed to desire understanding the system module more than running nmap scans, vuln scans, searching metasploit for exploits lol It wasn't going to be that easy, and I did not want to come to that conclusion, I wanted to blame it on poor teaching, "new company", etc, I had many excuses.
@supasecuritybro
Thanks supa! It was hard work, it sucked at times, I was lost and fustrated, but I trusted elearnsecurity and realized I was the one who still needed to put more effort. One may ask "what do you mean by more effort?" Well to me that meant, did I do more research? did I setup a WINXP testing lab and followed along? did I check out any youtube videos or online tutorials about simple bofs? If I really wanted to understand this, was I willing to accept that for my current skillset on BOFs I may need a couple months, if not even more in order to understand this? When I did not understand what the module was was teaching. did I even attempt to check how others were teaching it? If I really wanted to "GET IT" I wouldn't stop at seeing 50 examples over and over again until it made sense.
2023 Cert Goals: SC-100, eCPTX
Heh. I managed to finally crash it but the payload part is DEFINITELY bugged. **** man this is the most frustrating thing ever. Everything is bugged
Yeah I finally got that down. Ive tried just about every payload metasploit has to offer lol. And yeah, I am making sure theres no bad characters, its encoded, etc. ZZzz. I receive a response from the server but no established session from the multi/handler