eLearnSecurity WAPT Journey (Starting December 2019)
Comments
-
si20 Member Posts: 543 ■■■■■□□□□□Sounds like a great plan! Good luck!
Yep! I'll give myself a week break, then I'll get onto the AWAE. I don't think I'm at that level if I'm honest, but I'll give it a whirl anyway!chrisone said:That is awesome! Hopefully I clear IHRP next Friday so that I can jump into WAPT right after.
By the way are you jumping back on AWAE now? Had to ask
-
si20 Member Posts: 543 ■■■■■□□□□□Report has now been submitted! I'll be sure to update this thread once I get the results. Thanks everyone for following along - apologies I took 5 months with this one due to personal issues. Hopefully I get some good news and can write-up a little course review.
-
chrisone Member Posts: 2,278 ■■■■■■■■■□If you think about it, within 5 months you cleared eWPT and had some time working on AWAE. That is impressive already, you may look back 4-5 months from now with OSWE cleared all within 1 year. From Dec to Dec, its going to be an awesome year for you!Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
2023 Cert Goals: SC-100, eCPTX -
nathandrake Member Posts: 69 ■■■□□□□□□□@si20 Were you able to complete the HTML5 challenge lab? It was the only one I was never able to complete. I still have like 40+ hours of lab time left. I think I may try to tackle it again maybe this weekend of next. I really want to say I was able to complete everything 100% before I enroll in the WAPTX course.
-
si20 Member Posts: 543 ■■■■■□□□□□nathandrake said:@si20 Were you able to complete the HTML5 challenge lab? It was the only one I was never able to complete. I still have like 40+ hours of lab time left. I think I may try to tackle it again maybe this weekend of next. I really want to say I was able to complete everything 100% before I enroll in the WAPTX course.
-
UnixGuy Mod Posts: 4,570 ModYou're a beast mate, what an inspirational effort! Gives me motivation to work harder!
-
iBrokeIT Member Posts: 1,318 ■■■■■■■■■□Cheers on the submission and hopefully a pass!2019: GPEN | GCFE | GXPN | GICSP | CySA+
2020: GCIP | GCIA
2021: GRID | GDSA | Pentest+
2022: GMON | GDAT
2023: GREM | GSE | GCFA
WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops | SANS Grad Cert: Incident Response -
si20 Member Posts: 543 ■■■■■□□□□□UnixGuy said:You're a beast mate, what an inspirational effort! Gives me motivation to work harder!Thanks! (Thanks iBrokeIT too).Truth be told, I'd lost the mindset for these sorts of exams. And what with lots of stuff happening in my personal life it has been difficult. But I'm motivated again! Having free time and spending it wisely is key. Onwards and upwards as they say!Hopefully the results come in this week. And next weekend I begin the AWAE (again).
-
chrisone Member Posts: 2,278 ■■■■■■■■■□Hey @si20 what are you initial impressions between WAPTv3 and AWAE, are they completely different? Any similarities, granted AWAE is more advanced but going through both training any similarities? do you think WAPTv3 will help you understand AWAE any better?
Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
2023 Cert Goals: SC-100, eCPTX -
si20 Member Posts: 543 ■■■■■□□□□□chrisone said:Hey @si20 what are you initial impressions between WAPTv3 and AWAE, are they completely different? Any similarities, granted AWAE is more advanced but going through both training any similarities? do you think WAPTv3 will help you understand AWAE any better?Hey! First impressions were that they were totally different. With eWAPT it teaches more commonly found attacks such as XSS, SQLi, Xpath etc whereas AWAE teaches XSS but then wants you to essentially reverse engineer a program, find XSS and create a script/PoC to exploit it.I think when my AWAE resumes I'll only have around 50 days left on it. Maybe less. I'll be able to give a better idea about it in the coming weeks. I truly don't expect to pass it. I've never reversed software before and never created PoCs. But I'll have a much better idea soon and I'll make sure to do an AWAE journey like I did with WAPT, although I'll keep it more regular rather than take a hiatus in the middle of it lol !
-
si20 Member Posts: 543 ■■■■■□□□□□WAPT officially passed! I take back what I said about a potentially long marking time. 4 working days. Not too bad!So that's it for this journey. Next will be the AWAE journey which starts Sunday. I'll update Sunday evening (UK time).
-
chrisone Member Posts: 2,278 ■■■■■■■■■□Dude! Epic! congrats brother! Hopefully I will soon be joining you
Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
2023 Cert Goals: SC-100, eCPTX -
nathandrake Member Posts: 69 ■■■□□□□□□□si20 said:WAPT officially passed! I take back what I said about a potentially long marking time. 4 working days. Not too bad!So that's it for this journey. Next will be the AWAE journey which starts Sunday. I'll update Sunday evening (UK time).
-
si20 Member Posts: 543 ■■■■■□□□□□chrisone said:Dude! Epic! congrats brother! Hopefully I will soon be joining youThanks man! I'm certain you will!nathandrake said:si20 said:WAPT officially passed! I take back what I said about a potentially long marking time. 4 working days. Not too bad!So that's it for this journey. Next will be the AWAE journey which starts Sunday. I'll update Sunday evening (UK time).I am tempted to do the WAPTx next year. I need to have a look at how beneficial the course material is for what I do. Once the AWAE is over, I'll take a good look at the syllabus and see whether it looks like something I should try.
-
iNoSec Registered Users Posts: 2 ■■□□□□□□□□I enroll on ine.com on WAPT and im really disapointed about some exercises... The exercises statement arent clear at all or simply not related at all with the lesson!!
Before i must say, they have the good idea to ask you if you are still connected to the lab every 45min, but not on the lab page, no on the main site, and if no answer, because who look the main website when you are on burp or on the lab website, they stop the lab and you must connect again to the VPN etc, you lose the focus, and lose time... anyway that's not the worst.
I will pass on their stupid regex who dont img/src as xss payload when img src work... anyway, read the rest of the post the best come...
Let's take the exercise/lab with title "Failure to restrict URL Access"
Here the Scenario etc:
So it is not written to connect to an account to learn about what page are protected/behind the login page but the solution is to connect to an account to have all the authenticated page and after try to access them being unauthenticated...
Totally stupid to not have the credentials or at least state you must be log to retrieve the page to test for "Failure to restrict URL Access"...
When you see a "Failure to restrict URL Access" and no cred are given you try to bruteforce directories, look at source code to find the hidden URL...
it is exercise, not real world or whatever so i follow the scenario... what a mistake...
After that we have an exercise on "Bypassing authentication through SQL Injection" so for all who know web hacking and already do CTF etc we all know bypassing login with SQLi mean OR 1=1 style payload but no ine/elearnsecurity decide to use only sqlmap (which really bad teaching for me but personal POV), and they must say to solve it with only the tool but the worst is : the SQLi is an error-based where you **** the db... So where is the auth bypass here??? what the **** a SQLi error based exercise have to do with a lesson on authentication/authorization???
Before all guys here come to say im a noob etc, i must say i already found real bug on h1/bugcrowd/intigriti/yes we hack platforms, im not a beginner and i didnt paid for the course (it is a gift).
The problem is the exercise must be in relation to the lesson (see SQLi on auth bypass), they must be clearer on what we must do on the lab (see "failure to restrict access url"). Someone can say me, in real world you have no hint or exercise statement but the goal of exercise in a lesson is to practice what you just learn not to make a real world pentest...
For all of that i think they must work a LOT on some part of their course/exercise but like all is not black or white, i must say their content is really well made and you will learn tons of things, i have no vpn issue except the 45m i talk at the beginning.