eLearnSecurity - Penetration Testing Professional (eCPPT) Journey

r3nzsecr3nzsec Posts: 39Member ■■■□□□□□□□
So after taking the Digital Forensics Professional from eLearnSecurity, I am about to take PTP course as my last cert for this year. Initially, my goal for this year is to complete atleast one cert per quarter for me to keep going and be active at all levels. Now, here's my brief background.

- Passed CFR (CyberSec First Responder) - March 2018
- Passed eJPT (Junior Penetration Tester) - July 2018
- Passed eCDFP (Digital Forensics Professional) - September
- Been with Blue Team (SOC/IR) for 6 years and counting

Now my goal is to atleast finish eCPPT before the year ends or atleast before the end of January 2019 (I'm just being realistic because of too much labs covered in the course :) ) and this will serve as my journey and will keep you guys posted for every progress that I will make throughout this course.

Thank you! :)
Tagged:

Comments

  • LonerVampLonerVamp OSCP, GCFA, GWAPT, CISSP, OSWP, CCNA Cyber Ops, Sec+, Linux+, AWS CCP, CCSK Posts: 393Member ■■■■■□□□□□
    Nice! What's the 2019 roadmap look like? :)

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, CCNA Cyber Ops, Sec+, Linux+, AWS CCP, CCSK
    2019 goals: GWAPT, Linux+, (possible: SLAE, CCSK, AWS SA-A)
  • r3nzsecr3nzsec Posts: 39Member ■■■□□□□□□□
    LonerVamp wrote: »
    Nice! What's the 2019 roadmap look like? :)

    It's actually my preparation to take my first OffSec course next year. (OSCP could be Q3) :) Gaining confidence first and skillsets before trying harder! :)
  • u1trasu1tras OSCP, eCTHP MoscowPosts: 81Member ■■■□□□□□□□
    After eCPPT you will be pretty ready for PWK/OSCP.
    Certs: OSCP, eCTHP
    2019 Goals:
    eCTHP (done), FOR578 (done), FOR555 (done), Python (in progress), ELK, eCIR, SEC599, NetWars DFIR, FOR610
  • r3nzsecr3nzsec Posts: 39Member ■■■□□□□□□□
    u1tras wrote: »
    After eCPPT you will be pretty ready for PWK/OSCP.

    That's the plan. To gain skillsets before taking the whole PWK journey! :) thanks man.
  • yoba222yoba222 Posts: 1,055Member ■■■■■■■□□□
    2 1/2 months seems like a bit of a squeeze for eCPPT, but I haven't taken it yet. Judging by video content length, it appears to be about 4X the size of eJPT.
    2017: GCIH | LFCS
    2018: CySA+ | PenTest+ |CCNA CyberOps
    2019: VHL 20 boxes
    2020: OSCP | CISSP
  • r3nzsecr3nzsec Posts: 39Member ■■■□□□□□□□
    yoba222 said:
    2 1/2 months seems like a bit of a squeeze for eCPPT, but I haven't taken it yet. Judging by video content length, it appears to be about 4X the size of eJPT.
    Yes I know. So I think I might extend my deadline atleast end of January to take the exam. I just don't want to rush the learning and I wanted to absorb every modules of it :)
  • r3nzsecr3nzsec Posts: 39Member ■■■□□□□□□□
    Okay so I have completed the SYSTEM SECURITY module which is the first module in PTP (Penetration Testing Professional). 

    - Atleast somehow I got an overview of how BoF, shellcoding and assembler debugger works
    - ELS made a tremendous impact on explaining these stuff during this course. It's not an easy topics for me that they made the explanation as easy as possible.
    - This module also includes Cryptography, Password Cracking and Malware that absolutely a refresher for me (I could used this on answering interview questions)
    - Architecture Fundamentals is really top notch. I've encountered some of these topics during college but thank you ELS for putting this module on this course as I have understood most of the topics in just one week compare to what I had way back college days. lmao :) 

    So now I am focusing in Network Security which is a bit fun for me as it includes some topics I encountered during my eJPT journey.
  • yoba222yoba222 Posts: 1,055Member ■■■■■■■□□□
    If your goal is to talk people that are on the fence into doing the eCPPT, it's working :smiley:. Now that you've got a taste, does it feel like Jan 2019 is still doable?
    2017: GCIH | LFCS
    2018: CySA+ | PenTest+ |CCNA CyberOps
    2019: VHL 20 boxes
    2020: OSCP | CISSP
  • r3nzsecr3nzsec Posts: 39Member ■■■□□□□□□□
    yoba222 said:
    If your goal is to talk people that are on the fence into doing the eCPPT, it's working :smiley:. Now that you've got a taste, does it feel like Jan 2019 is still doable?
    Thank you for the kind words @yoba222. I hope I can, I'll keep you guys posted. I am enjoying the Network Security modules now. Will send an update later next week for the whole experience! :)
  • mvparishmvparish CISSP, CCSP, CISA, CEH, Sec+, CCSK, ITILv3, IC3GS5 Posts: 6Member ■■■□□□□□□□
    Hope things are going well and look forward to the outcome.  What are your thoughts on skipping over the eJPT and going straight to the eCPPT?  Are most of what you are seeing in the eCPPT a rehash of the eJPT?
  • r3nzsecr3nzsec Posts: 39Member ■■■□□□□□□□
    mvparish said:
    Hope things are going well and look forward to the outcome.  What are your thoughts on skipping over the eJPT and going straight to the eCPPT?  Are most of what you are seeing in the eCPPT a rehash of the eJPT?
    Hi @mvparish . I took the eJPT last year I think that was around March or Apri. I would say that eJPT course was really a good warm up before taking eCPPT. If you are familiar with some basic pentesting techniques and you've been doing this for a while, then you may skip it. But if you are new to on this field, or let's say you've been into blue team side for years and wanted to transition to pentest role, then this course is really good for you. 

    The way eLS helps you is that they will build your foundation knowledge and will give you privilege to test your knowledge on their world class environment. 

    I am taking eCPPT now but was paused due to attending lots of interviews and transitioning of work since last month. Once I finished all the paper works again then I will proceed on finishing this course. I think I'm done with 40% of the course as well as the lab. I'll probably finish the exam on February last week
  • r3nzsecr3nzsec Posts: 39Member ■■■□□□□□□□
    So now I'm back. Due to some changes in my employer and had my 2 week vacation and needed to exit the country, I went offline for a while. Not counting all the preparations and stuff to pass my interviews. But now, I'm back to my game. So I am now continuing the eCPPT course from eLearnSecurity. I have done 2 modules already but not given any reviews yet so there you go:

    Network Security:
    This could be one of the amazing modules on this course and enjoyed each topics. Ranging from Infromation Gathering, Sniffing, Enumeration, MiTM, Exploitation, Post Exploitation, Anonymity and Social Engineering. I gained so much learnings from this module and while taking this module, I had also my interview on-going for 3 companies and it helped me well to answer some pentest questions threw by the interviewer. I am not actually from the red side,  as I am a blue teamer ever since but bec. of eCPPT, I was able to answer pentest questions that commonly ask in an interview for a senior role - SOC/IR/Threat Hunter.

    The downside of this module was that sometimes I had a hardtime performing lab due to some issues. Don't get me wrong because it's not eLS fault I think? Normally it's because of the msf that is not actually stable due to version updates. Remember that when you encounter issue doing labs, do a quick search in community as someone had encounter this already (probably 90% of the issue was there and has a fix already). 

    Offensive Powershell:
    Incredible module it was. Just a quick story of mine, I was working in EDR project last year and one of the use cases I did was how to detect malicious powershell activities from the wild. So I gone through on this topic and it gives me so much idea on how I can start building these use cases of mine. After reading this, I was also invited to train my colleagues and created a simple presentation about Offensive Powershell. From this topic you will learn the most common commands, cmdlets and techniques used by the pentester in order to utilize a "living off the land" tool to avoid nor bypass detection and successfully perform their attack. I think this topic is only available for those who purchased elite version? I don't know but this is something that you need to get as this could be helpful, not just in offensive side but also in defensive side.

    I am now taking the Linux Exploitation module and currently, trying to finish this within this week. I'll probably do the labs next week and will give an update again. 


  • greengeekgreengeek CISSP, CISA, CCSP, CASP+, CEH, Pentest+, CySA+ Posts: 8Registered Users ■■■□□□□□□□
    r3nzsec Did you finish the course?  If so, how did you like it?  How is the OSCP going?
Sign In or Register to comment.