eCPPT journey

2

Comments

  • MooseboostMooseboost Member Posts: 778 ■■■■□□□□□□
    Broke down today and went ahead with PTPv3 Elite. Even if I have to pay to upgrade later, I can still get a good bit of the material covered between now and then.
  • dbailey007dbailey007 Banned Posts: 21 ■□□□□□□□□□
    Count me in too on eCPPT. I went ahead and bought the PTPv3 Elite. I do pentesting in my day job but most of the time it is with web applications. I'm looking forward to having some fun on the network side of things. I'm planning on this being a prelude to OSCP.
  • UnixGuyUnixGuy Mod Posts: 4,564 Mod
    Let's get studying icon_cheers.gif

    I wanna do the labs for the web security section, hopefully by this weekend. Must.stop.slacking.
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Check out my YouTube channel: https://youtu.be/DRJic8vCodE 


  • MooseboostMooseboost Member Posts: 778 ■■■■□□□□□□
    Currently looking at module 2 in web app... The one thing I can say on the PTP so far versus the PTS - there is alot ​more information.
  • dbailey007dbailey007 Banned Posts: 21 ■□□□□□□□□□
    How long are you guys giving yourselves to do the labs? From what I heard, the Ruby and WiFi stuff is not needed for the exam. I might go back to those after the test to shorten the review time. One of my buddies in the industry just jumped into the exam without even studying knowing that with 7 days he could brush up on any topic as needed. Not sure I want to take that route though.
  • MooseboostMooseboost Member Posts: 778 ■■■■□□□□□□
    I started the Web App first. Maybe I should look at the syllabus. I just went from tab to tab in the PTS course.
  • dbailey007dbailey007 Banned Posts: 21 ■□□□□□□□□□
    I think I am going to start with the Network Security first since information gathering seems like a logical place to start. Then I'm going to do System Security to better understand how to exploit the boxes that I discover. Then I'll review the Web App section.
  • UnixGuyUnixGuy Mod Posts: 4,564 Mod
    I started with the webapps first...haven't been studying, major life set backs but I'll snap out of it soon
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Check out my YouTube channel: https://youtu.be/DRJic8vCodE 


  • MooseboostMooseboost Member Posts: 778 ■■■■□□□□□□
    I started the System module, trying to keep to the syllabus. First time messing with Assembly. It is different.

    @Unix - Hope things clear up for you!
  • UnixGuyUnixGuy Mod Posts: 4,564 Mod
    Just a bit confused as the slides/videos don't map directly to labs - unlike eJPT -. Skipped labs for the Web Section and now in the network security module. Seems less organised than the eJPT. I will go back to Web Security Labs once I finish Network Security.
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Check out my YouTube channel: https://youtu.be/DRJic8vCodE 


  • UnixGuyUnixGuy Mod Posts: 4,564 Mod
    Question: are you guys using Kali 1.1 or Kali 2. ?? I've had issues with Kali 2 so I stayed with Kali 1.x for eJPT...curious what everyone's using for eCPPT?
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Check out my YouTube channel: https://youtu.be/DRJic8vCodE 


  • chazb0tchazb0t Member Posts: 42 ■■□□□□□□□□
    UnixGuy wrote: »
    Question: are you guys using Kali 1.1 or Kali 2. ?? I've had issues with Kali 2 so I stayed with Kali 1.x for eJPT...curious what everyone's using for eCPPT?

    I'm still using Kali 1.1.0a because I'm used to it from eJPT, it's hard enough to work my way through the labs as a beginner/amateur, without worrying about why I can't get some tool or metasploit to work properly because there are so many changes with Kali 2.

    I'll probably keep using Kali 1.1.0a for the OSCP as well just because it's what I'm familiar with, I don't think any of the new changes will benefit me or make anything easier in my studies.
  • chazb0tchazb0t Member Posts: 42 ■■□□□□□□□□
    I'm just finishing up the Ruby modules and videos now too, they took me super long to get through. I started the Ruby modules on April 20th, I changed up my strategy a little bit. I'm going to finish all the study material and videos first, and then do all the labs back to back before starting the exam, as opposed to doing the labs after each module/chapter. That way the tools and techniques will be fresh in my mind before I need to use them in the exam.
  • iBrokeITiBrokeIT Member Posts: 1,318 ■■■■■■■■■□
    Must... not... buy... more... classes! icon_lol.gif
    2019: GPEN | GCFE | GXPN | GICSP | CySA+ 
    2020: GCIP | GCIA 
    2021: GRID | GDSA | Pentest+ 
    2022: GMON | GDAT
    2023: GREM  | GSE | GCFA

    WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops SANS Grad Cert: Incident Response
  • MooseboostMooseboost Member Posts: 778 ■■■■□□□□□□
    Currently using Kali 2. I have no previous experience with Kali or BT, so I don't know the differences.

    The only issue I have had so far was with nmap and a few other tools - this ended up being an issue with the setup of my VM. I had it set to NAT behind my computer. Once I had it bridged, those issues cleared up.

    In most of the videos they seem to be using BT - but they do mention Kali in the slides.

    @ Unix - I agree with you on the point that it is not as organized as eJPT was. I'm guessing that this will be corrected in the next version, which should be out sometime this year.
  • wd40wd40 Member Posts: 1,017 ■■■■□□□□□□
    I just started punching through the Systems Security module this week myself. I'm trying to setup all the programs in the labs on my personal machine and going kind of slow so far. Had a little trouble getting one of them to work. Been setting them up my Windows 10 comp.

    You should do it on Kali, I failed to make it through eJPT on Windows, so I installed Kali on a spare 7 years old PC, it made my life a lot easier.

    I am planning to start eWPT soon (paid for it last year), I have been doing some research, I read somewhere that if you can't make Kali work then maybe penetration testing is not for you (I tend to agree with that view).

    So I downloaded the latest Kali (2016.1) on the same 8 years old PC, it is slow but it is 100 times better than struggling with a Kali vm.
  • UnixGuyUnixGuy Mod Posts: 4,564 Mod
    chazb0t wrote: »
    I'm still using Kali 1.1.0a because I'm used to it from eJPT, it's hard enough to work my way through the labs as a beginner/amateur, without worrying about why I can't get some tool or metasploit to work properly because there are so many changes with Kali 2.

    ....


    There isn't a signifcant different, kali 1 or 2, just different interface to me. U can just have it in another VM....no difference really as the tools are the same.



    chazb0t wrote: »
    as opposed to doing the labs after each module/chapter.

    I'd be wary of leaving the labs towards the end, I feel that the actual learning happens in the labs, so my strategy would be to finish as much labs as possible, so that I can keep on going through labs until I can finish them without any problem - only then I'll be ready for the exam.
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Check out my YouTube channel: https://youtu.be/DRJic8vCodE 


  • UnixGuyUnixGuy Mod Posts: 4,564 Mod
    @NetworkNewb: don't waste your time with Windows, get kali linux on a VM machine, and you will have all the tools ready for you! you're making your life way too hard by install all the tools on Windows! some tools aren't even compatible with Windows
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Check out my YouTube channel: https://youtu.be/DRJic8vCodE 


  • MooseboostMooseboost Member Posts: 778 ■■■■□□□□□□
    As far as when to do the labs, I am trying to do the same as I did with the eJPT. I go through the whole section first, kind of just as a summary. Then I will try the labs once. If I have any trouble with the lab, I will go through the section again but this time in more depth and work through the lab (without looking at solution) to see what I am missing. Then once I go through all the labs, I will go back through each one to make sure I remember what to do and take notes as I go through the lab.
  • chazb0tchazb0t Member Posts: 42 ■■□□□□□□□□
    UnixGuy wrote: »
    I'd be wary of leaving the labs towards the end, I feel that the actual learning happens in the labs, so my strategy would be to finish as much labs as possible, so that I can keep on going through labs until I can finish them without any problem - only then I'll be ready for the exam.

    I agree with you here, however I went absolutely nuts doing the eJPT. I managed to do it in 2 weeks at a crazy pace, spending 8 hours a day on top of a full time job.

    So the problem now is I'm doing eCPPT at a much more relaxed pace, I did the first few labs months ago, so I'd rather start the labs over from the beginning as a refresher/practice for the exam.
  • Sch1smSch1sm Member Posts: 64 ■■■□□□□□□□
    Anyone know how eCPPT compares to OSCP? I passed eJPT a few weeks ago without getting the materials, just the exam. I'm thinking of doing the same for eCPPT whilst I wait on the cooldown period for my OSCP resit.
  • MooseboostMooseboost Member Posts: 778 ■■■■□□□□□□
    I have heard mixed comparisons between the two. OSCP is more well known and I think overall is more difficult. eCPPT holds you hand a lot more in the lab (labs provide solutions) - but I think their training material is good.

    If I had a little more experience and 90 days to completely dedicate to the course, I would have went for the OSCP. But since I don't, the eCPPT made more sense for me.
  • xXxKrisxXxxXxKrisxXx Member Posts: 80 ■■■■□□□□□□
    Sch1sm wrote: »
    Anyone know how eCPPT compares to OSCP? I passed eJPT a few weeks ago without getting the materials, just the exam. I'm thinking of doing the same for eCPPT whilst I wait on the cooldown period for my OSCP resit.

    Hey Schism,

    I've done both. There's some comparison and overlap (it's too much to re-type out). I suggest going through some of my previous posts. If you are an OSCP, you can pass the eCPPT Examination. Obviously I can't get into specifics on either of the examinations but I was given a free voucher for the eCPPT Gold (current version of the exam), being an eCPPT Silver Holder. It was suggested I upgrade my PTP material from v1 to v2 at the time to be able to acquire the skill set to stand a chance at the eCPPT Gold Exam. I took my free voucher and instead of upgrading my course material challenged it and was able to pass. I picked up my OSCP a few months before the eCPPT Silver and had it a couple years before eLearnSecurity revised and made the eCPPT exam a bit more of a challenge.

    Sufficeth to say, if you're on a cool down period from failing your OSCP examination - you obviously know what you need to brush up on to pass. The re-take fee is dirt cheap. Go back and pass it, opt-in purchase a voucher for the eCPPT and kick some ass. Don't forget about the OSCP and CRT Pen equivalency OSCP and CRT Equivalency | CREST - Ethical Security Testers
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    UnixGuy wrote: »
    @NetworkNewb: don't waste your time with Windows, get kali linux on a VM machine, and you will have all the tools ready for you! you're making your life way too hard by install all the tools on Windows! some tools aren't even compatible with Windows

    Been a busy week but got a Kali VM spun up yesterday and should be finally be starting to get going on the course this week. Started watching the "Penetration Testing with Linux Tools" on CBTNuggets that last couple days while at work as well. Definitely interesting so far.
  • MooseboostMooseboost Member Posts: 778 ■■■■□□□□□□
    Looks like they are doing a big announcement tomorrow. I suspect new course or a refresh of the PTP course.
  • xXxKrisxXxxXxKrisxXx Member Posts: 80 ■■■■□□□□□□
    Likely version 2 of their Mobile Application Penetration Testing course. They haven't updated this one in years.
  • UnixGuyUnixGuy Mod Posts: 4,564 Mod
    My studies for this is on hold...working on something else (will post a new thread once I actually finish what I'm doing..) then I'll come back to this!


    How's everyone progress going?
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Check out my YouTube channel: https://youtu.be/DRJic8vCodE 


  • MooseboostMooseboost Member Posts: 778 ■■■■□□□□□□
    Progress is somewhat stalled. Haven't had much time to lab - work has been crazy busy. Not to mention I was foolish enough to cover on-call for someone else, so I have been on call-back back to back rotations. Hopefully I can get back into it and get this course knocked out!
  • SaSkillerSaSkiller Member Posts: 337 ■■■□□□□□□□
    Same, on hold while I work on GREM.
    OSWP, GPEN, GWAPT, GCIH, CPT, CCENT, CompTIA Trio.
  • MooseboostMooseboost Member Posts: 778 ■■■■□□□□□□
    Looks like the announcement was for PTPv4.
Sign In or Register to comment.