ElearnSecurity PTXv2 Coming soon

FYI, it was announced earlier today on the Ethical Hacker webinar "Bad As You Want To Be – Adversary Emulation Basics", that they will be releasing the updated Pentester Extreme v2 in June. June is their Red Team Month with discounts as well.

Find more posts tagged with

Comments

alert_1

Glad to hear it’s coming, but also a little frustrated since I just signed for PTX v1 in March. Anyone know what the typical “upgrade” cost it?

chrisone

Usually you will get a free upgrade if you bought the previous course within 6 months. You should be good to go

chrisone

The date is here June 23rd!

Elitis

June 23rd, nice. I've got my OSCP scheduled for 4th of July weekend so if I pass the first try I'll definitely be looking into getting started on either this or PA ADAD. After a little break from pentesting studying of course. I should probably decide soon, so if I go with eCPTX I can get that sweet 25% discount on the course as well that eLS is doing this month. Brings the current v1 course down to $1350 or so for the full plan.

chrisone

My guess is, the current course prices are $1799 for FULL version and $1999 for elite.

During new course sales, you usually get a 30% current student (not to be confused with current course holder) discount. While non students with no previous course purchases will get around a 20-25% discount.
So if the full course remains at 1799 - %30 you are looking at $1,259.30 with a free upgrade to ELITE version.

So that is what I am anticipating to put on my credit card

Elitis

Sweet, did not know about the current student discount and upgrades. I'm really hoping they upped the number of labs, since that seemed to be a sticking point for people.

yoba222

Damn $2000. Does sound like a nice alternative to the ancient CTP though. The AD, WMI, and DCOM stuff sounds very appealing and useful. Maybe Offensive Security will upgrade later this year and we'll get into some sort of Playstation vs Xbox cert war. That would be a good thing.

chrisone

To be honest CTP and PTX are entirely different. PTX doesn't focus on exploit development like CTP does. This is more of a red team internal pentest where you are trying to own the domain.

Obscure ways of exploitation and backdooring
Advanced client side exploitation techniques
Custom attack vector and payload creation
In depth Active Directory Reconnaissance & Enumeration
In depth analysis of Active Directory exploitation
Stealthy lateral movement and evasion against modern defenses
In depth analysis of critical domain infrastructure exploitation
In depth details of common misconfigurations and weaknesses
Details for covert operations and stealthy persistence
Extremely Hands-on with challenges in virtual-labs
Obtaining the eCPTX certification qualifies you for 40 CPE

securityorc

If you are interested in red teaming and attacking Active Directory modern environments, I highly recommend RastaMouse's Red Team Ops course. The course materials and labs are fantastic, he's been updating the course since its release, there's an active Slack channel for discussion and the price is really affordable compared to big companies offerings.

chrisone

If anyone is interested, the webinar starts in 25 minutes

chrisone

The course looks really awesome! I bought the elite edition with unlimited lab time.
You can view the course content/syllabus here.

However in the labs you get 3 fully dedicated active directory labs with plenty of hosts and mis-configurations to test most of not all documented AD attack vectors.

Lab 1
Custom Undetectable Macro Development - Your goal is to develop a custom macro-based attack (and the accompanying payloads), to compromise a target without being detected. Practical

Lab 2
Establishing A Shell Through The Victim's Browser - During the lab you will develop a payload from scratch that will establish a shell through the victim’s browser. Practical

Lab 3
Serving a Malicious Update Through WSUS - You are engaged in an internal network penetration test. Your goal is to compromise a Windows 7 machine (10.100.11.101) through a Windows 10 machine (10.100.11.100), leveraging weak network configurations and abusing WSUS. Practical

Lab 4
SQL injection to Domain Administrator Hash - You are engaged in an external network penetration test. Your goal is to stealthily capture the Domain Administrator's password hash through the internet facing Web App 1, leveraging weak SQL Server and database configurations as well as legitimate SQL Server capabilities. Practical

Lab 5
Red-teaming Active Directory Lab #1 (Covenant C2 VS ELS.LOCAL) - In this fully-featured Active Directory lab you will heavily use Covenant C2 and modern C#/.NET tradecraft to achieve a great number of red-teaming objectives. You will have the opportunity to practice: attack path enumeration using Bloodhound, pivoting, lateral movement, (targeted) kerberoasting, golden/silver ticket creation, SIDHistory attacks, abusing constrained/unconstrained delegation, DCSync, SMB-based C2, bypassing Constrained Language Mode/AMSI/Applocker, attacking SQL Server, HTTP NetNTLM Relaying, privilege escalation, ACL-based attacks and much more... Educational

Lab 6
Red-teaming Active Directory Lab #2 (ELS.BANK) - In this fully-featured and hardened Active Directory lab you will have to opportunity to practice: abusing a PAM trust, privilege escalation, ACL-based attacks, DCSync, abusing constrained delegation, decrypting a powershell secure string, malicious Kerberos ticket creation, abusing AD description attributes, abusing resource-based delegation, the “printer bug”, abusing the machine key of IIS and much more... Educational

Lab 7
Red-teaming Active Directory Lab #3 (ELS.CORP) - In this fully-featured Active Directory lab you will have to opportunity to practice: Phishing, stealthy enumeration, pivoting and lateral movement, SQL Server attacks, abusing forest trusts, Linux and Windows privilege escalation, malicious Kerberos ticket creation, the “printer bug”, exploiting web app vulnerabilities to gain initial foothold, exploiting domain-joined Linux machines and Jumphosts and much more... Educational

securityorc

I was really disappointed to see it being a rip-off of Red Team Ops. Incredible to see how they steal so shamelessly. It's just like they did with WAPTXv2, when everything that was added as v2 material was stolen from PentesterLab and using free resources from Github and OWASP.

Now I'm convinced that I'll never buy from them again.

chrisone

Misconfigurations and vulnerabilities are "disclosed" to the public. Everyone uses the same source from time to time. If two vendors use kerberoasting in their teaching materials, most likely they will look and be taught the same in both product materials.

Technically you can make the "rip off" statement towards PentesterLab , Pentester Academy, OWASP, Offsec, etc.

Red Team Ops is fairly new, PTXv1 was out before Rasta even had an idea to do his course. I bet Red Team Ops is very similar to Pentester Academy's Active Directory Course. But I wouldn't make the claim Rasta specifically "ripped" off Nikhill/Pentester Academy. I didn't go for RTO because I already went through and did PA AD. I knew all the vulnerabilities and methods were the same. Still I would not go and claim Rasta RTO is a rip off to PA AD / PA RE / or PACES.

I understand a lot of people don't like companies profiting off publicly disclosed information. Heck some people have an idea to NOT like Authors for Cisco products because they sell "certification" guides and courses, when their own manuals are available to the public. The idea is "ANYONE" can get these materials for free anywhere on the internet. Yes you don't need a course. However, most people don't want to simply dig or search for such materials when a course could have all that for you, give you a testing environment, and grade you on your performance. Even better, the company that validates your skills has a known name in the industry to help you get a job.

My two cents, unless Rasta contains the same slides word for word, the same amount of labs and lab pdfs, then its a rip off. If not then, I am not going to insert words into your mouth and claim you have a personal issue with elearn.

securityorc

Wow, someone got defensive real quick! Yeah, putting words in someone else' s mouth is fun and all, but I prefer good ol' fashioned facts.

PentesterLab has a lot of vulnerability categories. For direct comparison:

- serialize badge of 5 exercises with different frameworks

- SAML and OpenAuth attacks

- lots of crypto, including padding oracle

- SSTI

- GraphQL

Don't have time to go through all, but then here comes WAPTXv2 whoop whoop, adding all these. And the labs material? Free, they are resources from Github. Ok, let's say that it's the slides that counted (which are heavily referencing other resources, but at least they're including those).

As for AD labs..it's not the attacks and techniques that are a ripoff. You can do a Kerberoast and teach a Kerberoast in a dozen ways, but in the end, it's still the same thing..a Kerberoast. Would that mean that whoever sold a course on it first has claim over it and no one else ever can do it? No.

However, PTXv1, which was labeled as a red teaming course, was heavy on slides and poor on labs. Despite it being a red teaming course, it didn't use C2 frameworks, which there were plenty of at the time of the release. It didn't showcase many of the attacks covered in the slides. Big problem? Still no.

Then comes PTXv2, just months after Red Team Ops was launched. RTO is lab heavy and goes through the execution of a red team engagement starting from outside and up to the objective, with the Covenant framework. Though it's often updated and now also includes Cobalt Strike. The major AD attacks are covered. Does that mean that Pentester Academy was first and everything else was a copy because it also covers the major AD attacks? No. PA uses PS for the labs only, specifically it's being stated that the goal is to live off the land and so it shows PS for all attacks. Which is great.

But it doesn't teach C2, .NET tradecraft, AV evasion, interacting with other offensive tools, and it already starts from the assumed breach scenario. So you can't say that it's being ripped off. At the essence, both cover AD attacks mostly, but they differ in tooling, depth in some topics vs the others, ways of accomplishing the same thing. And doing both would certainly benefit someone vs doing just one.

Here comes PTXv2, this time with a proper AD lab and examples for most attacks - I can only tell as far as I saw in the launch. Choice of C2 framework? Covenant. Tzz tzz, there are loads of open source C2 frameworks out there, and one course that teaches one of them. What are the odds that Elearn would also pick that same framework for which there already is a course, when there are dozens of C2 frameworks out there that could be taught? Hmmm

This time heavy on exercises. Exercises that are common in AD, there are only so many, so you can't invent new ones to be original. Problem? No. Exercises shown with Covenant. Hmmm, what a coincidence. And .NET tradecraft too. Hmm

But hey, surely the slides will be awesome, after all there'll be 2k of them now.

chrisone

There is nothing defensive in me stating misconfigurations and vulnerabilities are disclosed to the public, and so companies will sell courses based on that free information.
Here is another whopper you might be amazed at! Hot tools will be used by many vendors too! Wow what a theory right?

You are nit picking, coming out with pseudo timelines of events, claiming a company is copying another company because they both use HOT security tools and topics that every company will use in their courses. It feels like you have some personal issue with elearnsecurity and we get it you are a huge fan of Rasta.

Your logic summed up right here "RTO uses Covenant, PTXv2 just upgraded their 3 year old course to use Covenant and .NET = Shameless RIPOFF!!!! RAGE!!! ROAR!!!!"

dude seriously?.....

securityorc

Haha, that's all you got out of it? That I'm inventing things, I have a problem with Elearn and everyone and their mother was using the same hot C2 already? More like it seems you have a personal affiliation with them.

Enjoy your Elearn courses then, I will sure as hell enjoy spending money elsewhere.

chrisone

securityorc said:

Then comes PTXv2, just months after Red Team Ops was launched. RTO is lab heavy and goes through the execution of a red team engagement starting from outside and up to the objective, with the Covenant framework.

Here comes PTXv2, this time with a proper AD lab and examples for most attacks - I can only tell as far as I saw in the launch. Choice of C2 framework? Covenant. Tzz tzz, there are loads of open source C2 frameworks out there, and one course that teaches one of them. What are the odds that Elearn would also pick that same framework for which there already is a course, when there are dozens of C2 frameworks out there that could be taught? Hmmm

sigh......alright man. C2 Covenant is not that new and RTO is a very basic AD pentesting course. /fin

To add: Rasta is going to replace Covenant with his new SharpC2 framework....so...?

Target Audience

This course is aimed at those with an existing background in Information Security and looking to gain knowledge and skills in red teaming tactics. The difficulty is pitched towards beginners and juniors - perfect for those relatively new to the industry.

Elitis

Just got the Elite edition. I was really debating hard on this one. It was between this and ADAD. The 25% discount was nice and everything but ADAD is so much cheaper, so I was really leaning towards it. Then I checked my email. 35% off. Combine that with my preference for the eLS teaching style and it was an instant buy. Very excited to start working on my active directory skills, and having the pdf from the Elite edition this time will be nice.

Edit: Just took a look at the pdf for the first module. Almost 400 slides. For the first module alone. Wow. This is going to be a very long course for me.

chrisone

Yeah the discount was awesome. It made it hard not to get. There is a lot of information to digest in this course. You should check out ADAD when you have the extra cash, it is definitely worth it. I have done ADAD and the BlackHat Advanced version of the course (similar to the expert CRTE course). I have no doubt, the Penteser Academy material will help me tons with PTXv2.

Elitis

How current/relevant would you say the ADAD course is today? I figured the PTXv2 would be just about as up to date as you could get with the latest and greatest, which was definitely another factor leading to purchasing. It definitely seems like an excellent course, so I'm sure at some point I'll go through it as well.

chrisone

Looking at the syllabus it seems to be a little more advanced than the Pentester Academy Red Team Expert course.

I see a more thorough coverage of the following, some are not covered in PA AD, PA RT, PACES.

Initial payload creation & Phishing techniques.
Coverage of C2 frameworks, Silent Trinity & Covenant.
Social Engineering
Abusing Privileged Access Management (PAM) - covered in PACES
Just Enough Administration (JEA) - covered in PACES
Abusing Just Enough Administration (JEA) - covered in PACES
DNSAdmins Privilege Escalation using DNSAdmins - covered in PACES
DPAPI Abuse
Remote Desktop Tunneling Using Virtual Channels
SocksOverRDP
Proxychains for Windows
SharpSocks
SSHuttle
RPivot
reGeorg
Intro to COM Hijacking
Phantom COM Objects
Scheduled Tasks COM Object Hijacking
COM “TreatAs” Hijack
WSUS Attacks
Exchange Attacks (Although CRTE covers some, PACES may cover more in depth.) < not entirely sure to be honest.

I am going to do CRTE after PTXv2 since all this red teaming will be fresh in my mind. I should be able to knock out CRTE in a month.

But to re-iterate, it seems like its only a notch or two jump in AD coverage from PA CRTE. There is no way it matches PACES as far as forests, size, and depth of brutality lol There is just no way you give every student that size of lab without sharing hahaha