eLearnSecurity Exploit Developer Student - New Course

EnderWigginEnderWiggin Posts: 551Member ■■■■□□□□□□
Looks like eLS is pumping out another new offering soon. They're calling it Student, which makes it sound like it'll be a shorter, easier course, similar to PTS. Guess we'll see in a few weeks at the launch.

Comments

  • JoJoCal19JoJoCal19 California Kid Posts: 2,802Mod Mod
    I’m super pumped for this. An entry level exploit dev course is something I’ve been hoping for for a while. 
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • new2Secnew2Sec Posts: 24Member ■■□□□□□□□□
    I am completely soured on els. In May, they were acquired by INE, and since that time, Armando and Jens have left.  This is not the company of old.  Years ago, great reviews and an excellent product. Based on their past few courses, their quality and support has diminished greatly. 

    Before, the quality had a chance to be worthwhile. Now with no accountability, we get courses like IHRPv1  

    Using a phrase from their Digital Forensics course (Filesystem Analysis-Module 5, p312) What they now offer is frugal manure.

    Student level or not. I suggest keeping our expectations as low as possible, so when they fail to meet that, it won't hurt so bad.  
     
  • JoJoCal19JoJoCal19 California Kid Posts: 2,802Mod Mod
    Oh snap! I didn’t know they were acquired by INE and that Armando was gone. I hope the course is good and not overpriced. Guess we’ll see. 
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • new2Secnew2Sec Posts: 24Member ■■□□□□□□□□
    Yep.
    (Sorry, can't post links..)


  • JDMurrayJDMurray Certification Invigilator Surf City, USAPosts: 11,497Admin Admin
    I have access to INE via my employer, but I haven't seen any eLS courses appear yet. Maybe that content a separate licensing deal that needs to be made.

    And Frugal Manure is a great gaming handle. Claim it while you can still be the first to own it! :D
  • tedjamestedjames Scruffy-looking nerfherdr Posts: 1,062Member ■■■■■■■□□□
    JDMurray said:
    And Frugal Manure is a great gaming handle. Claim it while you can still be the first to own it! :D
    Sounds more like a racehorse name. "Coming around the back, it's Frugal Manure for the win!"
  • chrisonechrisone CISSP, CRTP, eCPPT, LFCS, CEH, Azure Fundamentals, Retired Cisco NPs Posts: 1,900Member ■■■■■■■■□□
    Official INE statement released last Wednesday 
    @new2Sec wasn't lying , even though he is a elearn hater :lol: 

    https://ine.com/blogs/ine-news-updates/ine-expands-cybersecurity-content-with-elearnsecurity
    2020 Goals:
    Courses: SpecterOps Adversary Tactics: Detection
    Certs: AZ-500 (in-progress), MS-500, Pentester Academy - PACES, Pentester Academy - CRTE, OSCP
  • new2Secnew2Sec Posts: 24Member ■■□□□□□□□□
    I am more of an elearn realist.. LOL

    Unfortunately, I easily spot their glaring flaws, and hope that they improve. But they don't, they only get worse. 
  • yoba222yoba222 Posts: 1,068Member ■■■■■■■■□□
    edited September 7
    Damn this is terrible news. Please please please eLearnSecurity, don't turn into EC Council!

    Edit: Maybe I'm jumping the gun a little. I don't know anything about INE, but I do see they offer an OSCP prep course. Maybe this isn't terrible news.
    2017: GCIH | LFCS
    2018: CySA+ | PenTest+ |CCNA CyberOps
    2019: VHL 20 boxes
    2020: OSCP eCPPT OSCP eCPPT (a bit undecided)
  • chrisonechrisone CISSP, CRTP, eCPPT, LFCS, CEH, Azure Fundamentals, Retired Cisco NPs Posts: 1,900Member ■■■■■■■■□□
    edited September 8
    yoba222 said:
    Damn this is terrible news. Please please please eLearnSecurity, don't turn into EC Council!

    Edit: Maybe I'm jumping the gun a little. I don't know anything about INE, but I do see they offer an OSCP prep course. Maybe this isn't terrible news.
    Yoba, they are one of the best trainers for the network field. Their labs were awesome for CCNP/CCIE studies. As you know, studying for those certs require lots of equipment. I am sure you can virtualize many of these labs, but INE has you covered. Many will have their opinions about INE but they have always been one of the main players for Cisco workbooks and labs. 

    I trust INE in moving eLearnSecurity to the next level in their business model. 

    INE = Strong presence and Experience. 
    2020 Goals:
    Courses: SpecterOps Adversary Tactics: Detection
    Certs: AZ-500 (in-progress), MS-500, Pentester Academy - PACES, Pentester Academy - CRTE, OSCP
  • new2Secnew2Sec Posts: 24Member ■■□□□□□□□□
    edited September 17
    OMG!!! 
    Another incomplete course. What a f-up it was when they conned people into getting the IHRPv1 course....
    I am not impressed.
    Oh wait... it is windows XP. Now I am impressed. More advanced than I expected...

    LOL

    Real World?? How many XP machines are out there in the wild??
  • LonerVampLonerVamp OSCP, GCFA, GWAPT, CISSP, OSWP, CCNA Cyber Ops, Sec+, Linux+, AWS CCP, CCSK Posts: 405Member ■■■■■■□□□□
    edited September 18
    Here we are, walking right into the "but the security course is oudated" trope.

    I recently saw this post, and I think it addresses this common "issue" with things like exploit dev courses using "old" things: https://connormcgarr.github.io/CTP-OSCE-Thoughts/

    Please don't fall into that thinking.


    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, CCNA Cyber Ops, Sec+, Linux+, AWS CCP, CCSK
    2019 goals: GWAPT, Linux+, (possible: SLAE, CCSK, AWS SA-A)
  • iBrokeITiBrokeIT GXPN GPEN GWAPT GCIH GCFE GICSP GSEC eJPT Sec+ Posts: 1,265Member ■■■■■■■■■□
    new2Sec said:
    OMG!!! 
    Another incomplete course. What a f-up it was when they conned people into getting the IHRPv1 course....
    I am not impressed.
    Oh wait... it is windows XP. Now I am impressed. More advanced than I expected...

    LOL

    Real World?? How many XP machines are out there in the wild??
    Your rage and emotions around a previously bad experience are interfering with your ability to objectively assess the new course and is harming your credibility. 

    You don't learn the basics of exploit dev by starting in an environment with all exploit mitigations turned on... SANS, OffSec and now elearnsecurity all take the same approach of starting with everything off then introduce them one at a time. I'm actually surprise they are introducing ROP chains in a "student" level course.
  • JoJoCal19JoJoCal19 California Kid Posts: 2,802Mod Mod
    iBrokeIT and LonerVamp, exactly my thoughts. "outdated" stuff is still extremely helpful in learning the concepts. With a 40% off discount since I'm a current member, it's a no brainer since security researching and exploit dev is my main area of interest.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • chrisonechrisone CISSP, CRTP, eCPPT, LFCS, CEH, Azure Fundamentals, Retired Cisco NPs Posts: 1,900Member ■■■■■■■■□□
    edited September 18
    The following is purely speaking out of lack of exploit dev experience. 

    The class seems pretty good based off the syllabus.

    Not that anyone asked for my opinion but, honestly, this is a subject I probably just want to work based on the books/online turorials I have. 
    I have the following books I need to work on, whether they cover the material in the elearn course or not. This to do list below:

    Online tutorials
    Practical Malware Analysis 
    IDA Pro 2nd Edition
    Art of Assembly Language, Second Edition
    Practical Reverse Engineering 
    The Art of Memory Forensics
    Practical Binary Analysis
    RootKits and BootKits  

    I feel I am not ready or in any need for an exploit certification. I would advise not to be entirely influenced by my statement/comment but $1000 with unlimited lab time (although a great deal, especially compared to SANS) I paid around $200-250 at best for the books above (less if you get humble bundle). 

    My conclusion is based off money and my state of interest for exploit development. If you have no additional material or just getting started with exploit dev the course seems highly valuable. 
    2020 Goals:
    Courses: SpecterOps Adversary Tactics: Detection
    Certs: AZ-500 (in-progress), MS-500, Pentester Academy - PACES, Pentester Academy - CRTE, OSCP
  • JDMurrayJDMurray Certification Invigilator Surf City, USAPosts: 11,497Admin Admin
  • EANxEANx Posts: 1,078Member ■■■■■■■■□□
    new2Sec said:
    OMG!!! 
    Another incomplete course. What a f-up it was when they conned people into getting the IHRPv1 course....
    I am not impressed.
    Oh wait... it is windows XP. Now I am impressed. More advanced than I expected...

    LOL

    Real World?? How many XP machines are out there in the wild??
    You'll eventually learn that there is a significant amount of "old" stuff out there and it is often found in modern, large western companies as well. IT professionals often have a heads-down focus on the stuff they support, forgetting there's all sorts of end-points that don't support users. Think about environmental monitoring (HVAC), security monitoring, digital signage, etc. And then if you really want to talk old, think about Linux endpoints and IoT. Personal networking, security and environmental will again be large contributors. Heck, what OS runs the office printer closest to you? When did it last have it's flash updated?
  • SecretUserSecretUser Posts: 6Member ■■□□□□□□□□
    Did anyone buy the course already? How are the materials? I'm still deciding on whether to buy this or just download the syllabus and self study. 
  • chrisonechrisone CISSP, CRTP, eCPPT, LFCS, CEH, Azure Fundamentals, Retired Cisco NPs Posts: 1,900Member ■■■■■■■■□□
    The course was just released 3 days ago. Not all the materials have been released as they are releasing sections of the course & labs every 2 weeks. So you could not get an honest review anywhere. 

    If you have previous experience with elearnsecurity and its positive, you trust the authors, you trust the parent company, you like what you see in the syllabus, you liked what you saw in the webinar, you have no dev exploit materials, then probably look into the course. 

    You could also research other dev exploit courses, wage the price tag, compare syllabus', check what others are saying about the other offerings. 

    Here at TE, some of seem to think the syllabus is not bad, the price is fair if not better than most. The course is not recognized as of yet, but elearnsecurity is growing fast (Especially if INE was focused on buying them out).

    2020 Goals:
    Courses: SpecterOps Adversary Tactics: Detection
    Certs: AZ-500 (in-progress), MS-500, Pentester Academy - PACES, Pentester Academy - CRTE, OSCP
  • iBrokeITiBrokeIT GXPN GPEN GWAPT GCIH GCFE GICSP GSEC eJPT Sec+ Posts: 1,265Member ■■■■■■■■■□
    Did anyone buy the course already? How are the materials? I'm still deciding on whether to buy this or just download the syllabus and self study. 
    https://www.pentesteracademy.com would probably be the route to go at a much better price point if you aren't interested in the cert.
  • SecretUserSecretUser Posts: 6Member ■■□□□□□□□□
    I have a subscription to pentesteracademy and I know that they have a Win32 Buffer Overflow course as well as a lab platform (attackdefense). I do remember Vivek mentioning that he was going to release more buffer overflow videos in the future, but that was a long time ago. 

    chrisone said:
    The course was just released 3 days ago. Not all the materials have been released as they are releasing sections of the course & labs every 2 weeks. So you could not get an honest review anywhere. 

    If you have previous experience with elearnsecurity and its positive, you trust the authors, you trust the parent company, you like what you see in the syllabus, you liked what you saw in the webinar, you have no dev exploit materials, then probably look into the course. 

    You could also research other dev exploit courses, wage the price tag, compare syllabus', check what others are saying about the other offerings. 

    Here at TE, some of seem to think the syllabus is not bad, the price is fair if not better than most. The course is not recognized as of yet, but elearnsecurity is growing fast (Especially if INE was focused on buying them out).

    I do have experience with eLS. I have the eJPT, eCPPT, and am currently working on their eWPT course. The quality of these three courses is great in my opinion. I also bought their IHRP course when it came out but the quality of that course wasn't as good as their previous courses, so I ended up returning that course. I trust INE, but I was hoping to see a review of the quality of the XDS course before buying it. Also, I thought that Don said that the course was complete and it was just the extra labs that we have to wait 2 weeks for. 
  • chrisonechrisone CISSP, CRTP, eCPPT, LFCS, CEH, Azure Fundamentals, Retired Cisco NPs Posts: 1,900Member ■■■■■■■■□□
    . Also, I thought that Don said that the course was complete and it was just the extra labs that we have to wait 2 weeks for. 
    You may be right. I guess you may have to wait or take a leap of faith? I enjoy elearnsecurity courses, I have the IHRP, haven't cracked it open yet, I don't feel like returning it either. 

    Speaking of INE, I wonder if they are going to still honor or keep the full lifetime course upgrade access if you pass any of elearnsecurity's training paths
    "If you complete a path by obtaining all the certifications in it, you'll receive lifetime course-updates for those courses at no cost. More details in the F.A.Q.
    2020 Goals:
    Courses: SpecterOps Adversary Tactics: Detection
    Certs: AZ-500 (in-progress), MS-500, Pentester Academy - PACES, Pentester Academy - CRTE, OSCP
  • SaSkillerSaSkiller OSWP, GPEN, GWAPT, GCIH Posts: 337Member ■■■□□□□□□□
    edited September 21
    The course was just released 3 days ago. Not all the materials have been released as they are releasing sections of the course & labs every 2 weeks. So you could not get an honest review anywhere.

    Yeah that's a stupid idea IMO, and surprise, by the time all the material is released, the sales (currently good through the end of the month) are over, and they've gotten their money.

    I found myself disappointed that they are still so focused on slide decks vs video content. 1000+ slides and 2 hours of video I think they said?

    Also they haven't released a course video yet. I should have just recorded the launch. I was really hoping to get an idea of how much programming was essential to the course and what would be covered. Did anyone get that?

    Now with no accountability, we get courses like IHRPv1

    What happened there?

    As far as their acquisition by INE, I will say I like the OSCP prep course overall. I also wasn't a big fan of Armando's way of doing things, they actually nearly turned one of my friends away from ELS. They had a policy of "not responding" to queries about discounts. "This is an industry standard", no it's not. Even if you aren't giving them, you can send a pre-canned email, you don't not respond to potential customers.
    OSWP, GPEN, GWAPT, GCIH, CPT, CCENT, CompTIA Trio.
  • jeremy_dfirjeremy_dfir CISSP, eCDFP, eCTHP GreecePosts: 19Member ■■■□□□□□□□
    From their syllabus, on Linux they went all the way from fundamentals to advanced techniques and bypassing "modern"/current mitigations like NX/DEP, ASLR, Stack Cookie etc. (inluding x64) and on Windows they went all the way to Win7 ROP. For the price i consider it a very "cool" course. I say cool because i am not qualified enough to judge it (i am a blue team guy). The little hours of video would bug me too to be honest, but they have 19 labs on the other hand.

    PS: I have two of their certifications already, so you can consider me a fan boy.
  • chrisonechrisone CISSP, CRTP, eCPPT, LFCS, CEH, Azure Fundamentals, Retired Cisco NPs Posts: 1,900Member ■■■■■■■■□□
    edited September 22
    Its fair to say they are a young company trying to make a big impact with plans and ideas for massive growth. They try to cover most bases of security topics. It is not easy and finding the correct instructors is very difficult.

    They are not the very BEST and with such a large footprint to cover in security some areas will be thinner than others. Some courses will be newer & less thorough than others as they plan to map out upgrades to courses from listening to clients and members.

    You can pretty much hear it from any forum, about any security course, that they suck or that someone is unimpressed about (insert your bad experience here with course xyz).
    2020 Goals:
    Courses: SpecterOps Adversary Tactics: Detection
    Certs: AZ-500 (in-progress), MS-500, Pentester Academy - PACES, Pentester Academy - CRTE, OSCP
  • yoba222yoba222 Posts: 1,068Member ■■■■■■■■□□
    I'm starting to think that the IHRP was rushed to market to sweeten up the acquisition by INE and this is also possibly one of the reasons why ELS has been perceived as chopping up certs. Hopefully now that the acquisition is done, they'll get back to quality and fast track a v2 for IHRP. No idea on how valid my theory is, but I suspect the exploit dev course may have been rushed too. And I'm about to propose doing the eCPPT to my employer.
    2017: GCIH | LFCS
    2018: CySA+ | PenTest+ |CCNA CyberOps
    2019: VHL 20 boxes
    2020: OSCP eCPPT OSCP eCPPT (a bit undecided)
  • SaSkillerSaSkiller OSWP, GPEN, GWAPT, GCIH Posts: 337Member ■■■□□□□□□□
    "I'm starting to think that the IHRP was rushed"

    What are the details of this, how bad was it?
    OSWP, GPEN, GWAPT, GCIH, CPT, CCENT, CompTIA Trio.
  • jeremy_dfirjeremy_dfir CISSP, eCDFP, eCTHP GreecePosts: 19Member ■■■□□□□□□□
    edited September 24
    There is a dedicated post on IHRP, my opinion is on the last page.

    I was perfectly fine with the course to be honest. Still applying what I found there in my day to day activities.

    There are also great reviews about the exam on LinkedIn and Twitter.
  • SaSkillerSaSkiller OSWP, GPEN, GWAPT, GCIH Posts: 337Member ■■■□□□□□□□
Sign In or Register to comment.