Passed the eCPPT first time!

Chris:/*

So I have completed the eCPPT training and test. Passed the whole thing the first time through and thoroughly enjoyed the material.

I will say the web portion was good for me in particular because that was a weaker area for me prior to the certification training and test. The Hera Labs and Coliseum are absolutely worth it if not just to play with, besides you cannot beat that price.

the_Grinch

Congrats!!

ipchain

Chris:/* wrote: »

So I have completed the eCPPT training and test. Passed the whole thing the first time through and thoroughly enjoyed the material.
.

Congratulations on a job well done, Chris:/* . What is next for you? Any plans?

jamesleecoleman

Congratulations on the pass.

I'm trying to work on the certification right now.

Chris:/*

ipchain wrote: »

Congratulations on a job well done, Chris:/* . What is next for you? Any plans?

Thanks for the congrats from everyone.

I am changing locations right now so I will get back into the swing when I get settled with my new job. I plan on starting the OSCP followed by GCIH, GCIA and then GPEN. I plan to continue to grow in the Penetration Testing arena and expand my knowledge with the GSE track. I hope to be ready to start my DSc in 2014.

SephStorm

How long did it take to complete the course?

the_hutch

I might do this before hitting OSCP as well. What was the price for the program? And how much lab access do you get?

Chris:/*

It took me 120 days to finish the training because I was completing it with my M.S. and a Gold Paper for SANS. I took the full 30 days for the certification portion to make sure that I found and documented everything. I spent just under a thousand for the course and all the labs.

You get 30 days of access to each set of labs with the package I paid for. The Hera Labs are based on network based exploitation and the Coliseum labs are based on web exploitation.

I had plenty of network exploitation knowledge so I probably could have skipped it but I was hopping to see if there was anything in the course that I did not know. That being said the labs were very good overall especially if you have limited engagement experience.

SephStorm

im looking for a course to beef up my hands on experience before starting OSCP Personally I am concerned, I havent found a course that supposedly has a good course on programming. I understand the ELS Pro course has some ASM requirements, and the OSCP has required knowledge of Python, and maybe some others. While i'm sure there may be a module on basics in the PWB course, that is not the time for me to hear "try harder".

But anyway, after the CCNA/CCNA Security next month, i'll start looking for options.

the_hutch

SephStorm wrote: »

im looking for a course to beef up my hands on experience before starting OSCP Personally I am concerned, I havent found a course that supposedly has a good course on programming. the OSCP has required knowledge of Python, and maybe some others.

I've been pretty happy with my SecurityTube Python Scripting Expert Course.

the_hutch

Chris:/* wrote: »

It took me 120 days to finish the training because I was completing it with my M.S. and a Gold Paper for SANS. I took the full 30 days for the certification portion to make sure that I found and documented everything. I spent just under a thousand for the course and all the labs.

You get 30 days of access to each set of labs with the package I paid for. The Hera Labs are based on network based exploitation and the Coliseum labs are based on web exploitation.

I had plenty of network exploitation knowledge so I probably could have skipped it but I was hopping to see if there was anything in the course that I did not know. That being said the labs were very good overall especially if you have limited engagement experiencetyle.

I might take this. Having reviewed both the sample material for both OSCP and eCPPT courses, I was surprised to find that I liked the presentation style for eCPPT better.

Chris:/*

When I was going through the course the designers of the course were talking about adding a coding section to the course in the future. I recommend picking up a couple of O'reily books and download the interpreter then go from there.

SephStorm

"Scripting Expert"= scary. lol Well Ive done some bash scripting in preparation for the OSCP, but I doubt im ready to proceed to python or another real language. I think i'll need some hand-holding through that process. Although there was a programming book I was looking at that seemed to be written in English. Sams Teach Yourself Python in 24 Hours (Teach Yourself -- 24 Hours): Ivan Van Laningham,Ivan Van Laningham: 9780672317354: Amazon.com: Books

Now that I look at it, I only read the first chapter in the store, looks like it goes to hell after that.

One issue I fear is that I have no real interest in programming outside of hacking. The programming for dummies books says that I should think of something id like to do and think of the steps... "hack system. produce shell..."

Chris:/*

You have to walk before you can run, if you do not understand variable scoping you cannot understand how to properly produce buffer overflow exploits. Avoid the Dummies and Sams books they teach you how to code in a fast but sloppy manner that will allow your code to be exploited.

the_hutch

SephStorm wrote: »

"Scripting Expert"= scary. lol Well Ive done some bash scripting in preparation for the OSCP, but I doubt im ready to proceed to python or another real language. I think i'll need some hand-holding through that process.

In my experience, there is no such thing as hand-holding when it comes to programming. You don't learn to code by having someone teach it to you. You learn it by someone giving you the general concepts and then you working through your own mistakes. You learn by diving in head first, making a large number of really dysfunctional scripts/programs and then figuring out where you went wrong. I personally think SPSE is a really good place to start coding...even if you have no former experience. It gives you all the basics you need (the general concepts). Once you start using some of the more complex libraries for security purposes, things do get hard and he does kinda throw you in the deep end. So it definitely takes some persistence, but its an awesome feeling each time you get a legit security tool working. I just recently created a script that uses Scapy to perform a MITM attack. Then sniffs for DNS query packets and then poisons DNS with a modified response from the gateway. Anytime a user on the victim machine attempts to access facebook, they are routed to a malicious duplicate under my control (created with SET - Social Engineering Toolkit). Enter your username and password...that information is passed to a backend database. And then re-routes them back to the legit facebook site so no foul play is suspected.

SephStorm wrote: »

One issue I fear is that I have no real interest in programming outside of hacking. The programming for dummies books says that I should think of something id like to do and think of the steps... "hack system. produce shell..."

This was exactly how I felt at first. But you might find that once you start getting into it, you actually really enjoy it. I went from only being interested in exploit code, to regretting that I did my bachelors in info systems instead of compsci.

goharnaseem

Hi...my name is Gohar Naseem (University of Birmingham).....i need very badly the password for admin ... a requirement to pass the eCPPT exam... i would be very thankful to you if you provide me with password for admin ....waiting for a positive response...thanks in advance...and please give me your skype id or any other detail so that i can contact you...