eCPPT Gold Passed 6/4/2018

chrisone

Just got the email today that I passed the eCPPT Gold certification. It is version 1, as the new course just came out during the middle of my test.

It was a journey, but I am happy with the entire course and certification attempt. The course did a very good job but like all forms of testing you should understand sometimes you may need to hear someone else's explanation of said technology/topic. That being said I didn't really use any external sources of study other than running through pentester academy's Exploiting Simple Buffer Overflows on WIN32. Even before using the pentester course, I had already ran through the PTP course materials, labbed, and understood the buffer overflow materials on PTP. I just supplemented further practice with the pentester academy course, and even then I only went through half of the pentester academy course, so I still need to finish it on my own personal account. I did not really learn anything new on the pentester course, but it did help to hear another viewpoint and strategy.

There is no substitute for working hard, failing forward, getting back up, owning and passing the exam.

Time line of my progress:
2013 PTPv3 purchased
2014 PTPv3 failed first attempt. (Failed, was fustrated and quit because I was a network engineer focused on cisco exams.
2014 PTPv3 retry, expired. (I didn't care I had my sights on my career "network engineering", hacking courses were just for fun.)
2016 Upgraded to PTPv4 (I now work in security, but delayed studying PTP because I was focused on CISSP, LFCS, and renewing my cisco certs)
2018 PTP second attempt, failed. (Its a personal mission now!)
2018 PTP third attempt, passed! (ah!!!! Finally!)

Whats next:
Well I just started PWK and I am hoping to obtain the OSCP around September October.
I want to start CTP in October if all goes well with the OSCP. Then OSCE by 2019 feb/march
I am also looking at the doing the ARES course from eLearnSecurity. I bought it back in the day and feel like it will be a fun challenge as well.
Going to look at SLAE from pentester academy too.

It is a lot to tackle but that is what motivation does to crazy people like us lol

Thanks and best of luck to those tackling eCPPT v1 or v2!

Skyyyyy2001

thank you for the post, very motivating.

do you have any specific guidance for each topic? any blind spot we need to be aware of?

katawia

Thanks for sharing your journey along with the 'feed backs' - and no they are not failures. Persistence on any tasks with feed backs are the only way to succeed in life as far as I know... wishing you the best of luck and pls keep it up.

Moldygr33nb3an

You should be well equipped for the OSCP then, friend!

chrisone

Skyyyyy2001 wrote: »

thank you for the post, very motivating.

do you have any specific guidance for each topic? any blind spot we need to be aware of?

There isn't really a blind spot if you come from the eJPT/PTS course. eLearnSecurity does a really good job at guiding you and holding your hand. At some point when I couldn't figure something out, I started to question myself and if I was trying hard enough, was I seeking for the answer to be given to me? did I even make an attempt to open up google and do a little research?

I could only recommend redoing the labs several times. I think I did each lab over 3-4 times until I understood every aspect, intention of the lab, and especially where in the attack phase I could use this technique.

That being said PTS course is free right now by invite. Anyone can get the course materials get a good grasp of the PTS topics without taking the certification and jump into PTP.

eLearnSecurity does a good job of guiding you enough to where you "SHOULD" feel responsible enough to do further research. Understanding that aspect in the penetration testing field of studies is key for anyone trying to "understand" how one should go about these certifications.

Moldygr33nb3an wrote: »

You should be well equipped for the OSCP then, friend!

Reading over the course pdf it seems like I have a good and decent grasp of most of what is covered in the course book. I am still going to go extra hard in my studies with the lab and course work. I got to go into this course with the same hungry mentality of wanting to learn more. I am not going to take my test until late August early september until I have rooted 40-44 machines in the lab. So although I may feel comfortable with the topics already, I need to practice practice practice.

Skyyyyy2001

thanks for the pointers.

may i ask, how about the lab time for PTP. are you on the elite package and by going through the lab several times, do you have spare hours left?

chrisone

I have 28 hours left of lab time on the PTP course. I wonder if they can transfer them to other courses? If not I will just practice the labs here and there until the time runs out.

I would say 5-10 hrs of the 120 labs hours I had were wasted at work from having a lab open, then my attention was taken away from an issue/email/coworker/or boss.

averageguy72

Congrats and thanks for the write-up. Hope to begin on this one again shortly myself.

ArridTatooine

Congrats Chris !!
This is my next cert I will be working on after finishing that daunting CISSP.....

EANx

chrisone wrote: »

I have 28 hours left of lab time on the PTP course. I wonder if they can transfer them to other courses? If not I will just practice the labs here and there until the time runs out.

I don't know if they can transfer but I can say that if you have more than one course, the hours are not automatically pooled.

Skyyyyy2001

same thoughts here, I still have more than 40 hrs remaining from PTS lab and I'm thinking if I can test some of the lab examples from PTP in PTS.

JensBada

The lab hours are specific to the labs related to a course...

Naruto985

Congrats Chrisone on completing PTP. Good luck with oscp

chrisone

Naruto985 wrote: »

Congrats Chrisone on completing PTP. Good luck with oscp

Thanks Naruto. You working on any certifications at the moment or have any future plans on studying for a cert?

Naruto985

@chrisone, I took the elite Pentester bundle PTP plus WAPT. I was waiting for upgrade as I took the bundle on last day of April 30. I got a free upgrade. Till it got confirmed I was attending RHCSA training. Just completed RHCSA exam last Friday. Will start PTP v5 soon. I keep a watch on your post and few othersn on PTP and make a note of things I need to refer. 😊. From this Thursday I will start PTP. Want to complete my studies plus lab by end of August and want to appear for exam on first week of September. After completion of PTP, want to join for OSCP. Plan to give OSCP in January or February. After OSCP want to give a try for CTP or OSCE this is my current plan. Will try to write WAPT post OSCP.

Regards

chrisone

That is very awesome Naruto! I like your list of goals and your game plan of jumping into one thing after the next. I can tell you one thing for sure. After doing PTP, it has prepped me very well for PWK(OSCP). I understand a lot of the topics/concepts from PWK. PTP is like studying the certification guide before going into a boot camp (PWK) and you are more prepared to absorb and understand the material ahead of time. The PWK could be viewed as a boot camp since they throw a lot of material at you, its up to you to research and fill in the gaps, all in a short period of time. If you come from a PTP background and had several months of studying pentesting material, you will find the PWK material easy to digest and comprehend. You will still need to do a little more research, but you are not banging your head trying to figure out what you just read lol I am going into CTP (OSCE) right after OSCP as well. No point in waiting, worrying if I am ready, second guessing myself. No one will be ready if you don't start the CTP course, so I say go straight into it and work hard at it.

Naruto985

@Chrisone I heard a lot about the study material provided by OSCP and i felt that it may be not sufficient for me to just go through the same and give exam. On other hard i heard that PTP provides a good base for OSCP. So i have taken the same path as many here PTS >> PTP >> OSCP >>OSCE .
I dont have much experience in Pen testing so i need study material which gives me good foundation for OSCP.
Good luck with OSCP. Will be reading your post as and when you update about OSCP

Naruto985

@Chrisone, Just started PTP study material. And first module is assembly level programming many things are going above my head. Did you refer any other source for assembly level or buffer over flow. This is important as it will appear in OSCP and i guess more in OSCE so i want to study it properly. I dont mind studying 100 times but i want to be confident about this part. I have absolute no skills on c programming and C++
Hope your OSCP study i going well

Regards

chrisone

Naruto985 wrote: »

@Chrisone, Just started PTP study material. And first module is assembly level programming many things are going above my head. Did you refer any other source for assembly level or buffer over flow. This is important as it will appear in OSCP and i guess more in OSCE so i want to study it properly. I dont mind studying 100 times but i want to be confident about this part. I have absolute no skills on c programming and C++
Hope your OSCP study i going well

Regards

In all honesty the system "exploit development" portion of the course WILL take awhile. Especially if PTP is your first pentesting course as it was for me. I want to say it took me like 3-4 reviews of that entire module, some youtube videos, website tutorials, and practice to finally start to get it. Granted I was busy with some linux LFCS studies, mixed in with the security onion development project I had going on at work, but it took me several months to really understand the system module.

The idea with the system module that was a little hard for me was that there was no step by step lab manual. It is basically just the system course module and then VPN access to a windows XP host with the materials you need to practice. It isn't a structured step by step lab manual like the other labs. Therefore, since I was babied and reliant on the step by step lab manual approach, when it came to the system exploit development practicing, I just didn't want to go through it, I wasn't even motivated, it wasn't handed to me on a platter. I actually had to do some research!

What finally pushed me over the hump was, I finally set up my own windows XP vm and followed the systems course module and setup my own environment. Then I followed all the examples and tried to replicate them on my windows XP. After doing this 3-4 times, the picture started to become clearer. It took me a few tries and attempts trying to understand the python scripts that help send the shellcode or payloads to bof the apps. They provide you with the code but you will need to adjust the python scripts to your bof and that wasn't really being clear to me. It took me a while practicing and trying to understand that portion. But after some time of practicing and seeing other online tutorials, I started to see similar patterns and I started to understand little by little what the python scripts were doing, how they are sending your payload, and how to manipulate the python code. Its bad enough one needs to understand how BOF, stacks, assembly lang (architecture), all come in to play here, but now I was stuck trying to figure out how the python code/script works in order to send my payload / shellcode.

So it was like, ok I just figured something out. I just learned the concept. Let me go to my VM , load up the app, and send my bof. Oh wait, how do I send this again? oh wait, where do I put this in that one python script again? ah damn it....this isn't working, my python script is not right.

It takes practice, practice, practice and yes its good to see others online show you (tutorials, youtube videos) etc.

Here are some tutorials in order to follow along. "Do yourself a favor, get a windows XP vm and practice locally on your desktop, without wasting your lab hours"

Mad Irish :: Writing Windows Buffer Overflows
0x0 Exploit Tutorial: Buffer Overflow – Vanilla EIP Overwrite
https://www.exploit-db.com/papers/13147/
https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/

I leave it up to you in order to find the youtube videos, there are plenty. Just watch them, you will start to see a pattern. Part of this journey is learning how to do a little research.

-Chris

Edit: Regarding OSCP. Its been two weeks and I have gone over all the PWK PDF. Because of my eCPPT journey and spending over a year on and off finally truly being able to dedicate time to eCPPT, I understood everything in the PWK course. Yes the PWK leaves a lot out, and I get where you have to try harder and part of that is your own research however a lot of that was done during the eCPPT studies. I still have to go over some stuff and sharpen the edges but I was not shocked or baffled at certain topics. I was introduced to some new creative ways of pentesting but I was able to understand and comprehend what PWK was attempting to do. I will need to practice it and apply it but I am not breaking my head trying to figure out why or what they are doing. I am hoping by mid august I pass the OSCP. Take the entire month of September off from studying and jump into CTP OSCE in October.

Naruto985

Thanks chrisone. I had 8085 during my bachelor degree and almost every one hated that subject lol now I see back I feel, wish I had put some efforts earlier and studies. But past is past now I see 8086. Will check the YouTube videos and will refer guide and start understanding things.
Initially I tried to work on the lab elearn gave but then I thought I will be wasting time. Tried to install the software as per manual on win 10 and it had issues. So late evening, installed Windows XP and installed the software mentioned in the book. It works like charm . Will read again and again before I go to module two. If I hesitate now, I know later I won't come back and study module one. Thanks again for the tips and also the links. I have book marked it. Will read and also practise the same. Python, I will start by reading "learn python the hard way" then may be will take up gray hat python once I am comfortable with python.

Regards

ottucsak

To be honest, you don't need to know Assembly. All you need to know is how a stack overflow works in theory, how you can find the offset for the EIP, how a payload is constructed (offset, EIP, NOP sled, shellcode) and how you can interact with a service through Python/Ruby sockets. If you can do the Exploitation with Ruby lab, you won't have any problems with most buffer overflow stuff.

humanbean

Congratulations. I am utterly stuck on the exam at the moment. I set up a separate windows XP vm but cant crash the application. Script and everything else is fine and have all the necessary information. I looked over all the material + online resources and I cant understand what is wrong. I am thinking the exam itself is bugged.

johndoee

humanbean wrote: »

Congratulations. I am utterly stuck on the exam at the moment. I set up a separate windows XP vm but cant crash the application. Script and everything else is fine and have all the necessary information. I looked over all the material + online resources and I cant understand what is wrong. I am thinking the exam itself is bugged.

:)That was funny

ottucsak

The exam environment is super slow and a pain in the ass in general, but it works. Try crashing it manually with nc.

MalwareMike

Congrats! And great feedback regarding your BO post.

supasecuritybro

chrisone wrote: »

In all honesty the system "exploit development" portion of the course WILL take awhile. Especially if PTP is your first pentesting course as it was for me. I want to say it took me like 3-4 reviews of that entire module, some youtube videos, website tutorials, and practice to finally start to get it. Granted I was busy with some linux LFCS studies, mixed in with the security onion development project I had going on at work, but it took me several months to really understand the system module.

The idea with the system module that was a little hard for me was that there was no step by step lab manual. It is basically just the system course module and then VPN access to a windows XP host with the materials you need to practice. It isn't a structured step by step lab manual like the other labs. Therefore, since I was babied and reliant on the step by step lab manual approach, when it came to the system exploit development practicing, I just didn't want to go through it, I wasn't even motivated, it wasn't handed to me on a platter. I actually had to do some research!

What finally pushed me over the hump was, I finally set up my own windows XP vm and followed the systems course module and setup my own environment. Then I followed all the examples and tried to replicate them on my windows XP. After doing this 3-4 times, the picture started to become clearer. It took me a few tries and attempts trying to understand the python scripts that help send the shellcode or payloads to bof the apps. They provide you with the code but you will need to adjust the python scripts to your bof and that wasn't really being clear to me. It took me a while practicing and trying to understand that portion. But after some time of practicing and seeing other online tutorials, I started to see similar patterns and I started to understand little by little what the python scripts were doing, how they are sending your payload, and how to manipulate the python code. Its bad enough one needs to understand how BOF, stacks, assembly lang (architecture), all come in to play here, but now I was stuck trying to figure out how the python code/script works in order to send my payload / shellcode.

So it was like, ok I just figured something out. I just learned the concept. Let me go to my VM , load up the app, and send my bof. Oh wait, how do I send this again? oh wait, where do I put this in that one python script again? ah damn it....this isn't working, my python script is not right.

It takes practice, practice, practice and yes its good to see others online show you (tutorials, youtube videos) etc.

Here are some tutorials in order to follow along. "Do yourself a favor, get a windows XP vm and practice locally on your desktop, without wasting your lab hours"

Mad Irish :: Writing Windows Buffer Overflows
0x0 Exploit Tutorial: Buffer Overflow – Vanilla EIP Overwrite
https://www.exploit-db.com/papers/13147/
https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/

I leave it up to you in order to find the youtube videos, there are plenty. Just watch them, you will start to see a pattern. Part of this journey is learning how to do a little research.

-Chris

Edit: Regarding OSCP. Its been two weeks and I have gone over all the PWK PDF. Because of my eCPPT journey and spending over a year on and off finally truly being able to dedicate time to eCPPT, I understood everything in the PWK course. Yes the PWK leaves a lot out, and I get where you have to try harder and part of that is your own research however a lot of that was done during the eCPPT studies. I still have to go over some stuff and sharpen the edges but I was not shocked or baffled at certain topics. I was introduced to some new creative ways of pentesting but I was able to understand and comprehend what PWK was attempting to do. I will need to practice it and apply it but I am not breaking my head trying to figure out why or what they are doing. I am hoping by mid august I pass the OSCP. Take the entire month of September off from studying and jump into CTP OSCE in October.

Man I really appreciate this post. I have been a little distracted from completing the BoF section since it has been a little time consuming and I didn't want to waste more time, so I have been doing some research outside of the lab to not waste time. It's nice to hear someone say it, that its not as simple as it sounds and it will take some work. Everywhere I read people seem like they just got it and I am not able to. I figure its most people do not figure it out and they feel dumb admitting it or something. I will use your recommendation.

chrisone

@humanbean
The exam works fine. Hopefully before taking the exam you had a working WINXP enviornment you were using to successfully BOF'ing similar scenarios from the course materials. Doing a remote BOF is difficult if you do not have access to the application in order to load it into a debugger to analyze. My first step would be to locate that app somewhere in order to analyze it with a debugger.


@malwaremike
Thanks Mike! My BOF studies weren't smooth or simple like many "claim" they walked right through that module. Perhaps many did, but perhaps many just want to feed their ego I suppose? My journey was hard and it was no cake walk. I had zero BOF experience, plain and simple. I only decided I really wanted this cert and that mean I needed to desire understanding the system module more than running nmap scans, vuln scans, searching metasploit for exploits lol It wasn't going to be that easy, and I did not want to come to that conclusion, I wanted to blame it on poor teaching, "new company", etc, I had many excuses.


@supasecuritybro
Thanks supa! It was hard work, it sucked at times, I was lost and fustrated, but I trusted elearnsecurity and realized I was the one who still needed to put more effort. One may ask "what do you mean by more effort?" Well to me that meant, did I do more research? did I setup a WINXP testing lab and followed along? did I check out any youtube videos or online tutorials about simple bofs? If I really wanted to understand this, was I willing to accept that for my current skillset on BOFs I may need a couple months, if not even more in order to understand this? When I did not understand what the module was was teaching. did I even attempt to check how others were teaching it? If I really wanted to "GET IT" I wouldn't stop at seeing 50 examples over and over again until it made sense.

humanbean

johndoee wrote: »

:)That was funny

Heh. I managed to finally crash it but the payload part is DEFINITELY bugged. **** man this is the most frustrating thing ever. Everything is bugged

humanbean

chrisone wrote: »

@humanbean
The exam works fine. Hopefully before taking the exam you had a working WINXP enviornment you were using to successfully BOF'ing similar scenarios from the course materials. Doing a remote BOF is difficult if you do not have access to the application in order to load it into a debugger to analyze. My first step would be to locate that app somewhere in order to analyze it with a debugger.

Yeah I finally got that down. Ive tried just about every payload metasploit has to offer lol. And yeah, I am making sure theres no bad characters, its encoded, etc. ZZzz. I receive a response from the server but no established session from the multi/handler

shreenag

Congrats Chrisone! I am doing the eJPT course now and will take eCPPT once I am over with this.

shreenag

Chrisone, Is it advisable to do the LFCS+LFS201 course and exam before taking the eCPPT and OSCP ?I have basic linux skills that is all.So I have this doubt.