New eCPPT GOLD certification

YuckTheFankees

Hey guys, it looks like elearnsecurity came out with a new certification this week. Take a look ECPPT GOLD - Practical Penetration Testing Certification .

I know a lot of people here are fans of the OSCP but I think this certifications deserves some attention.

I spoke to elearnsecurity regarding the certifications and found some interesting information.

*This is the 1st "real" pentest certifications because you will need to find every vulnerability in the network and also create your own exploit regarding an in house application..and of course turning in a detailed report. I really think these two main points of the new certification are intriguing.

dbrink

Interesting, definitely something to check out.

Hypntick

Thanks for the info YuckTheFankies, i'm seriously considering going through the student course when i'm done with my MS. Luckily it seems like i've got management buy-in for my aspirations at work, so hopefully they'll be willing to foot the bill.

YuckTheFankees

And they are coming out with 4 new courses by July 2013, this should be interesting.

Bodanel

This should be interesting. Seems similar to OSCP. I'm waiting though on a few reviews before signing up.

coty24

Man this is great, I can't wait to hear some reviews as well. I need to do the student course

YuckTheFankees

I would probably skip the student course. I would get the Professional v2 course and do outside research to learn topics you do not understand..save the $300-400.

Bodanel

I've used the form on their website and asked them a few questions about the course. No answer after 2 weeks.
Not very promising.

webgeek

YuckTheFankees wrote: »

I would probably skip the student course. I would get the Professional v2 course and do outside research to learn topics you do not understand..save the $300-400.

I am probably going to start at the student level to learn python and c++. Also it states lifetime access to the course materials. Very tempting......

dbrink

webgeek wrote: »

I am probably going to start at the student level to learn python and c++. Also it states lifetime access to the course materials. Very tempting......

I wouldn't take the student course just for the c++ and python modules, there are free resources on the Internet that go more in depth.

YuckTheFankees

I agree with dbrink.

@bodanel,

They are usually quick on their responses but I havent received an email back either, from a message I sent last week. I do know they are in the middle of deploying two certifications this month and another two in July ...it's possible they are using all their resources on that? Still, they do need to be more available in my opinion.

elearnsecurity

Here we are. Please feel free to ask any question you may have here so that answers can benefit all.

-Armando

Bodanel

1. For an experienced sys admin or network admin with no previous knowledge of C++ or Python do you recomend the Professional course directly or they should do the student course first ?
2. After you activate the lab there is a time frame in which you should use your lab hours?
3. The labs are shared between students or each student has it's own lab?

Thks

elearnsecurity

Hi
Good questions. Let's answer each.

Bodanel wrote: »

1. For an experienced sys admin or network admin with no previous knowledge of C++ or Python do you recomend the Professional course directly or they should do the student course first ?

During the training course (and also part of the exam) you will be exposed to source code. Languages? PHP/C++/ASM/Python.
Do you need to be a developer? No. You should be able to read what the code does. You are not required to produce your own code.

As you can understand this is a highly practical course and 100% practical exam as well so in some parts this kind of knowledge is recommended. (Buffer overflow, Shellcoding modules, Rookit coding modules for example).

The Student course can help with that. It has lots of samples about C++ and Python and also starts from the very basics.

Bodanel wrote: »

2. After you activate the lab there is a time frame in which you should use your lab hours?

We have 2 kind of lab access: Flat and On-Demand.
Flat means 30 or 60 days. That is 30 consecutive days from the moment you activate your lab time. You can activate your lab time within 90 days from purchase.

On-demand means 30 or 60 hours to use at any time in the future with no expiration.
If you spend 20 minutes on the lab you will only be accounted for 20 minutes. If you spend 5 minutes, only 5 minutes.
Time starts once your VPN connection is established. We also give additional 30 minutes for any seconds wasted during VPN connection (if any, let's consider it a gift)

Bodanel wrote: »

3. The labs are shared between students or each student has it's own lab?

Sharing is nice but not in this case.
You are given completely isolated access to every and each lab scenario you will want to use.
So if you want to use lab #7, click Start, few seconds and a new environment is deployed only for you.
No one else on the machines or in the VPN tunnel. So it's fully dedicated to you.



Hope this answers your questions.
If you have more, feel free to ask.

Regards

ChooseLife

elearnsecurity wrote: »

Good questions. Let's answer each.

Nice to see questions being addressed by Armando himself right on this forum

r0ckm4n

Has anyone on this message board taken both the OSCP course and the eCPPT GOLD course? If so would you recommend this course to someone that has been through the OSCP course? I passed my OSCP exam and was thinking about this course.

qasimchadhar

Armando, thanks for detailed FAQ. I'm studying for eCPPT gold and wanted to know how much of system security module is covered in exam? I found it a bit difficult for me since I do not have much knowledge of C++ and shell coding.

TK1799_st

I'm doing eCPPT next....seems to be more secure platform and professional compared to OSCP VPN.
Having finished OSCP 90 day lab course - I found that most (if not all) machines were old and outdated...and that if you stay connected to the VPN too long, I got 3 different root, password crackers, and a log tool installed on my host laptop through the KALI VM.... I lost week wiping those tools off my machine and then monitoring what they could have stolen -- all within weeks of logging on to OSCP Labs... not good...

Someone on here has taken both the OSCP and eCPPT -- stated you learn the same skill set. Also, speaking to certain US govt red teams - they use both - one or the other -- it's relevant to the Pen Test being performed. So don't think that OSCP is it -- after completing it - I wished I had skipped altogether and just save my time and $$$ and took the eCPPT... just my two cents...