eLearnSecurity WAPT Journey (Starting December 2019)

2»

Comments

  • si20si20 Member Posts: 543 ■■■■■□□□□□
    Sounds like a great plan! Good luck!

    Yep! I'll give myself a week break, then I'll get onto the AWAE. I don't think I'm at that level if I'm honest, but I'll give it a whirl anyway! :D
    chrisone said:
    That is awesome! Hopefully I clear IHRP next Friday so that I can jump into WAPT right after. 

    By the way are you jumping back on AWAE now? Had to ask :smile:



  • si20si20 Member Posts: 543 ■■■■■□□□□□
    Report has now been submitted! I'll be sure to update this thread once I get the results. Thanks everyone for following along - apologies I took 5 months with this one due to personal issues. Hopefully I get some good news and can write-up a little course review.
  • chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    If you think about it, within 5 months you cleared eWPT and had some time working on AWAE. That is impressive already, you may look back 4-5 months from now with OSWE cleared all within 1 year. From Dec to Dec, its going to be an awesome year for you! 
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
  • nathandrakenathandrake Member Posts: 69 ■■■□□□□□□□
    @si20 Were you able to complete the HTML5 challenge lab?  It was the only one I was never able to complete.   I still have like 40+ hours of lab time left.  I think I may try to tackle it again maybe this weekend of next.  I really want to say I was able to complete everything 100% before I enroll in the WAPTX course.   
  • si20si20 Member Posts: 543 ■■■■■□□□□□
    @si20 Were you able to complete the HTML5 challenge lab?  It was the only one I was never able to complete.   I still have like 40+ hours of lab time left.  I think I may try to tackle it again maybe this weekend of next.  I really want to say I was able to complete everything 100% before I enroll in the WAPTX course.   
    Were you the guy I spoke to on LI about that lab? I remember saying it was the most difficult. I did complete it in the end - although mostly because the solution was practically given away in the eLearn forums. I don't think I'd have had the javascript knowledge to carry it out. That's my next task over the coming year or so - I will start coding in html, php, javascript - even to get an entry level understanding. It has been years since I touched the coding side of things, but the ethical hacking certs all require at least a bit of scripting/dev knowledge.

  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    You're a beast mate, what an inspirational effort! Gives me motivation to work harder!
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • iBrokeITiBrokeIT Member Posts: 1,318 ■■■■■■■■■□
    edited May 2020
    Cheers on the submission and hopefully a pass!  
    2019: GPEN | GCFE | GXPN | GICSP | CySA+ 
    2020: GCIP | GCIA 
    2021: GRID | GDSA | Pentest+ 
    2022: GMON | GDAT
    2023: GREM  | GSE | GCFA

    WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops SANS Grad Cert: Incident Response
  • si20si20 Member Posts: 543 ■■■■■□□□□□
    edited May 2020
    UnixGuy said:
    You're a beast mate, what an inspirational effort! Gives me motivation to work harder!
    Thanks! (Thanks iBrokeIT too).

    Truth be told, I'd lost the mindset for these sorts of exams. And what with lots of stuff happening in my personal life it has been difficult. But I'm motivated again! Having free time and spending it wisely is key. Onwards and upwards as they say!

    Hopefully the results come in this week. And next weekend I begin the AWAE (again).
  • chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    edited May 2020
    Hey @si20 what are you initial impressions between WAPTv3 and AWAE, are they completely different? Any similarities, granted AWAE is more advanced but going through both training any similarities? do you think WAPTv3 will help you understand AWAE any better?
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
  • si20si20 Member Posts: 543 ■■■■■□□□□□
    chrisone said:
    Hey @si20 what are you initial impressions between WAPTv3 and AWAE, are they completely different? Any similarities, granted AWAE is more advanced but going through both training any similarities? do you think WAPTv3 will help you understand AWAE any better?
    Hey! First impressions were that they were totally different. With eWAPT it teaches more commonly found attacks such as XSS, SQLi, Xpath etc whereas AWAE teaches XSS but then wants you to essentially reverse engineer a program, find XSS and create a script/PoC to exploit it.

    I think when my AWAE resumes I'll only have around 50 days left on it. Maybe less. I'll be able to give a better idea about it in the coming weeks. I truly don't expect to pass it. I've never reversed software before and never created PoCs. But I'll have a much better idea soon and I'll make sure to do an AWAE journey like I did with WAPT, although I'll keep it more regular rather than take a hiatus in the middle of it lol !
  • si20si20 Member Posts: 543 ■■■■■□□□□□
    WAPT officially passed! I take back what I said about a potentially long marking time. 4 working days. Not too bad!

    So that's it for this journey. Next will be the AWAE journey which starts Sunday. I'll update Sunday evening (UK time).
  • chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    Dude! Epic! congrats brother! Hopefully I will soon be joining you :smile:

    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
  • nathandrakenathandrake Member Posts: 69 ■■■□□□□□□□
    si20 said:
    WAPT officially passed! I take back what I said about a potentially long marking time. 4 working days. Not too bad!

    So that's it for this journey. Next will be the AWAE journey which starts Sunday. I'll update Sunday evening (UK time).
    Have any interest in doing the WAPTX in the near future?   I'm torn between WAPTX and AWAE, so I'm looking forward to reading your AWAE journey.  
  • si20si20 Member Posts: 543 ■■■■■□□□□□
    chrisone said:
    Dude! Epic! congrats brother! Hopefully I will soon be joining you :smile:

    Thanks man! I'm certain you will!

    si20 said:
    WAPT officially passed! I take back what I said about a potentially long marking time. 4 working days. Not too bad!

    So that's it for this journey. Next will be the AWAE journey which starts Sunday. I'll update Sunday evening (UK time).
    Have any interest in doing the WAPTX in the near future?   I'm torn between WAPTX and AWAE, so I'm looking forward to reading your AWAE journey.


    I am tempted to do the WAPTx next year. I need to have a look at how beneficial the course material is for what I do. Once the AWAE is over, I'll take a good look at the syllabus and see whether it looks like something I should try.

  • usoopusoop Member Posts: 4 ■■□□□□□□□□
    Excellent mate
  • iNoSeciNoSec Registered Users Posts: 2 ■■□□□□□□□□
    I enroll on ine.com on WAPT and im really disapointed about some exercises... The exercises statement arent clear at all or simply not related at all with the lesson!!

    Before i must say, they have the good idea to ask you if you are still connected to the lab every 45min, but not on the lab page, no on the main site, and if no answer, because who look the main website when you are on burp or on the lab website, they stop the lab and you must connect again to the VPN etc, you lose the focus, and lose time... anyway that's not the worst.
    I will pass on their stupid regex who dont img/src as xss payload when img src work... anyway, read the rest of the post the best come...

    Let's take the exercise/lab with title "Failure to restrict URL Access"
    Here the Scenario etc:


    So it is not written to connect to an account to learn about what page are protected/behind the login page but the solution is to connect to an account to have all the authenticated page and after try to access them being unauthenticated...
    Totally stupid to not have the credentials or at least state you must be log to retrieve the page to test for "Failure to restrict URL Access"...
    When you see a "Failure to restrict URL Access" and no cred are given you try to bruteforce directories, look at source code to find the hidden URL...
    it is exercise, not real world or whatever so i follow the scenario... what a mistake...


    After that we have an exercise on "Bypassing authentication through SQL Injection" so for all who know web hacking and already do CTF etc we all know bypassing login with SQLi mean OR 1=1 style payload but no ine/elearnsecurity decide to use only sqlmap (which really bad teaching for me but personal POV), and they must say to solve it with only the tool but the worst is : the SQLi is an error-based where you **** the db... So where is the auth bypass here??? what the **** a SQLi error based exercise have to do with a lesson on authentication/authorization???

    Before all guys here come to say im a noob etc, i must say i already found real bug on h1/bugcrowd/intigriti/yes we hack platforms, im not a beginner and i didnt paid for the course (it is a gift). 
    The problem is the exercise must be in relation to the lesson (see SQLi on auth bypass), they must be clearer on what we must do on the lab (see "failure to restrict access url"). Someone can say me, in real world you have no hint or exercise statement but the goal of exercise in a lesson is to practice what you just learn not to make a real world pentest...

    For all of that i think they must work a LOT on some part of their course/exercise but like all is not black or white, i must say their content is really well made and you will learn tons of things, i have no vpn issue except the 45m i talk at the beginning.



Sign In or Register to comment.