Has anyone taken the Student eCPPT course?
YuckTheFankees
Member Posts: 1,281 ■■■■■□□□□□
Im looking to buy the student and pro course at the end of the month and I just wanted to know if the student course is "really really" basic or is it worth taking if I have no experience in pentesting but I have knowledge of routing, TCP/IP, and a little linux.
thanks!
thanks!
Comments
-
JDMurray Admin Posts: 13,091 AdminThe eCPPT looks to be the same flavor as the OSCP, but with more tools and targets. They also offer a pay-as-you-go option, which I like. I'd be interested in knowing more about this course, too, from people who have taken it.
Penetration testing training course -
YuckTheFankees Member Posts: 1,281 ■■■■■□□□□□From what I have read the path seems to be CEH >eCCPT > OSCP
-
docrice Member Posts: 1,706 ■■■■■■■■■■I have somewhat taken (but still in the slow process of going through) the Professional eCPPT course. I think it's great for what it is, but overall I think I'd prefer to go straight to the OSCP, although I haven't taken it. If the OSCP experience is just like the OSWP, that would be my choice.Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
-
Bl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□I am in it (but I haven't finished it). I think it is worth it. I will probably get the pro version sometime next year.
-
YuckTheFankees Member Posts: 1,281 ■■■■■□□□□□So what is the course like? How long do you think it would take to complete it? thanks BR
-
the_Grinch Member Posts: 4,165 ■■■■■■■■■■I have access to the Pro course (life got in the way and didn't finish it). The material was pretty good and I think overall, if you put in some extra effort for the parts you don't know you should be ok. I am on the side of doing it prior to OCSP because both require that you write a report, so why not get your feet wet and know that once you get to OCSP the report will be no big thing?WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff -
Bl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□That's really a good question. I think that if I was hurrying through it, I could get it done in a month. When I start it up, I'll probably get through the course in 3 months. I personally think that you shouldn't rush things that are foundational.
-
YuckTheFankees Member Posts: 1,281 ■■■■■□□□□□Grinch: I agree with you about the reporting. I plan to take eCPPT and hopefully after that I'll be ready for OSCP. I havent heard any bad things about either eCPPT or OSCP.
BR: Yeah I agree with not rushing the material. I want to buy the labs that come along with the courses but I dont want to waste most of my lab time with the student course. So I dont know how thats going to work. -
Bl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□Do you plan on doing elearn student>elearn pro>oscp
-
the_Grinch Member Posts: 4,165 ■■■■■■■■■■I'd say just go for the Pro course. I'm fairly certain you could gather enough material for the topics you feel your weak on. Looking at it price wise, I guess it could make sense to do the student, but some of the topics would be redundant. Either way, I believe it is definitely a good place to start and I will finish it myself eventually....WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff -
YuckTheFankees Member Posts: 1,281 ■■■■■□□□□□Yeah thats my goal and hopefully maybe OSCE after OSCP. But I still need to review a lot of stuff (ASM, more Linux, PHP, a little python). What about you?
-
the_Grinch Member Posts: 4,165 ■■■■■■■■■■Linux I am confident enough on. I am currently learning Python, I know no ASM so that is on the list, PHP is on the list, but not to worried about that. I fall into a solid theory base, but putting it into practice is where I am somewhat deficent. At this point I have to focus a little more on what I do everyday. The end goal is to get a job doing security related work. I thought pentesting might be the way I go, but I'm kinda leaning more towards exploit development and defense. I read the intro of Thor's Microsoft Security Bible and let me just say that it is eye opening. I'd suggest everyone read that intro, as it is life changing to security views in general.
My main goal at this point is to specialize in some form of technology and then work from there to secure it. It's looking like Microsoft will win out as I work with Server 2003/2008 daily (and it definitely needs securing). Numerous members on this forum has pointed out having a firm foundation to work off of and then build into security from that foundation. So the current plan (it's ever changing):
Finish CCNA (ICND2), while reading up on Python
Work has approved paying for Linux+, but I believe I will go for MCITP:SA first (might try both)
Finish eCPPT
Maybe OCSP next summer?
Read the following books that I already have:
Wireshark Network Analysis
NMAP Network Scanning
Human Hacking
Backtrack 4
Grayhat Hacking 3rd Edition
Thor's Microsoft Security Bible (haven't purchased yet)
Shell Coder's Handbook (haven't purchased yet)
Metasploint Unleashed (haven't purchase yet)
I'd also like to look into the Microsoft Internals exam as I believe it would be beneficial in my daily work and would probably be a good way to get into exploit writing. So I have some sort of plan and some end goals, just a matter of executing them. Sometimes I feel like I am trapped in the episode of SouthPark with the underpants Gnomes. Long story short, they had a three step plan that looked like the following:
1. Steal underpants
2. ?
3. Profit
Just have to kick my lazy habbits and set out to conquer the world!WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff -
YuckTheFankees Member Posts: 1,281 ■■■■■□□□□□In the past month I have read Metasploit unleashed and backtrack 4..When I start my student and eCPPT course Ill be able to use and understand those books more. I also bought the wireshark book (pretty damn exspensive), I really havent touched it yet but Im excited to learn wireshark in depth and to learn more networking. I also have the remaining books you mentioned on my amazon wishlist haha. Im really interested in the Thor book now, so Ill probably order it tonight.
My goal is to get the eCPPT, CEH, ESCA, LPT, CHFI and OSCP done by next summer so I can go to Defcon and really enjoy it. -
YuckTheFankees Member Posts: 1,281 ■■■■■□□□□□Grinch,
I just read the intro as well and I can see what you mean about eye opening. After 3 minutes of reading that part, I already began to question myself..am I really doing this for a career or just to show off? Also..with all the hacking tricks we learn(or will learn)..how often will we actually see these in use or against our companies systems? thanks for the book suggestion -
the_Grinch Member Posts: 4,165 ■■■■■■■■■■Ah, I wouldn't question your career choice over it. I like that he points out focusing on defense, it is something that I think gets lost in the shuffle sometimes. A lot of times you will see "oh the trick to a good defense is a great offense." True to a point, but there is a reason why they say offense wins games and defense wins championships. Coming through school I kept thinking, "man I will get a job and will start breaking into networks/servers to make things better". But then you realize reality is a b****.
A lot of companies (especially smaller ones) security is an after thought (if it is thought of at all). Beyond antivirus and possibly a firewall, a lot of our customers don't care to know about anything else. Plus the security industry as a whole (and rightfully so) want experience. So I want to focus on the fundamentals and do security related studies on the side. Where I'm at now, they know my background and when security things come in they give me a shot. I recently fix the failures a customer received on their PCI Compliance Audit. I had never done one, but looked up all the information I could find on it. Read through the checklist, determined the one the company used was correct, used our security product (SAINT) to confirm their findings, and then fixed the issues (again through research as I hadn't dealt with it prior). 40 hours later, they were PCI compliant. Of course, 3 months later they get scanned again and failed because the company couldn't scan the mail server. I just did a rescan and that did the trick.
But Thor's book I like because from the get go he says the things you are going to learn you will be able to apply to other scenarios. So it is definitely on my list, but probably after I get the MCITP:SA complete so I can see how Microsoft wants things implemented. Plus, rather save up for Safari Online so I don't flood my place with books lol. So my advice, keep doing what you're doing and focus on the fundamentals. Do that and keep learning, you'll go far fast.WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff -
YuckTheFankees Member Posts: 1,281 ■■■■■□□□□□The book made me think if I want to be on the offensive side or defensive (pretty much what you said, when you first read the intro).Once I get more into the material, Ill figure out my pathway.
I have never heard of safari online, its a damn good website. My book collection is getting almost annoying at my house, so recently I have been thinking about going digital...and I think safari online is my answer. Thanks again. -
JDMurray Admin Posts: 13,091 AdminYuckTheFankees wrote: »The book made me think if I want to be on the offensive side or defensive
-
impelse Member Posts: 1,237 ■■■■□□□□□□It is true, after I saw some offensive issues I begin to protect more equipment in the right wayStop RDP Brute Force Attack with our RDP Firewall : http://www.thehost1.com
It is your personal IPS to stop the attack. -
Change Registered Users Posts: 1 ■□□□□□□□□□I recently finished and successfully passed the eLearnSecurity Professional Course and thought I should write some thoughts down about the course.
The course material is well written and well presented.
I went through similar course materials i.e. CEH and I must say that the eLearnSecurity material is concise and up to date.
You can study at your own pace and from anywhere in the world.
When I started my course they introduced the Coliseum Labs which is an amazing asset for your preparation for the exam.
The course covers the following topics in great detail:
1. System Security
2. Network Security
3. Web Application Security
System Security cover things like Cryptography and Password cracking, Buffer Overflow, Shell Coding, Malware and Rootkit Coding
Network Security cover things like Info Gathering, Scanning, Enumeration, Sniffing, MITM, VA, Exploitation, Anonymity and Social Engineering.
Web Application Security covers Info Gathering, Vulnerability Assessment, XSS, SQL Injection.
The exam itself is only based on the web application security side of things, well at least when I did my exam.
There is a new version of this course out called Penetration Testing Professional v2, which includes the new Hera Virtual Labs, a revamp on all course material interfaces and then added modules in regards to some Microsoft based systems.
They also updated all current course material to stay with current trends and attack types and scenarios.
I personally woud recommned this course above the rest to start out with, if you are a real beginner I would suggest looking at their Student Package first.
eLearnSecuruty can be visited at eLearnSecurity - Worldwide IT Security training provider
If you are going to attempt this course, read the forums,study hard and most importantly, enjoy what you do.
- Good Luck
- Change -
coty24 Member Posts: 263 ■□□□□□□□□□Thanks for the post, this courseware should be what I need to keep growing!Passed LOT2 Working on FMV2(CHFI v8 ) Done!
-
dbrink Member Posts: 180I'm in the middle of doing the eLearn Student v2 course. So far it is pretty good. Has some good labs and then gives you solutions to the labs which always helps. I also did 30 days of the Coliseum but I haven't activated it yet.Currently Reading: Learn Python The Hard Way
http://defendyoursystems.blogspot.com/