ECSA v8 and V9 difference

dony2015dony2015 Member Posts: 27 ■■■□□□□□□□
Hi Guys,

Deeply disappointed that I failed my CISSP due to lack of proper preparation which is a result of my graveyard shift. I took both the CISSP, CEHv8, and ECSAv8 trainings last year. So far, I passed the CEHv8, I didn't bother with the ECSA test. Now I have just failed CISSP, I am looking to try the ECSA exams to console myself before I start tackling CISSP again.

Meanwhile, ECSA is now in V9. My question is, can anyone here tell me what is the difference between ECSAv8 and V9? I have looked at Amazon for books on V9 but can't find any. I have also looked at some of the test engines, there is nothing for ECSAv9. Can any informed member here please enlighten me?

Thanks in advance for your advice.


  • dochooddochood Member Posts: 11 ■■□□□□□□□□
    I have the ECSAv9, along with a long trail of other certs (including OSCP)...

    I took the ECSAv9 five day course (via online videos) and with a 30-day subscription to EC Council's "iLabs" cyber range. The course consists of about half lecture (done by Erik Reed, LPT Master), and hands-on labs, using iLabs. iLabs is pretty cool, because unlike the OSCP, you access it with a browser from anywhere. (Also, unlike the OSCP, you are not sharing your VMs with other students, who can wipe out everything you've doen with a VM reset... you have complete control over it.) You get a bunch of VMs to practice the techniques on. iLabs gives you a script for the ECSA exercises, but when you are done, you can go "free range" and play around (I haven't tried this, but I heard you could... and the mechanism would not prevent it).

    The five day course is designed for you to do lecture in the morning, and iLabs exercises in the afternoon, but you actually get 30 days of lab time to do all of the labs, then complete the "challenges", so you don't need to finish all of the labs within five days (nor the videos for that matter).

    You don't even really have to finish all of the videos and labs to start the challenges, or even to finish the cert. But, before the 60 days are up (you get up to 60 days to complete your pentest report... but you should shoot for 30, because you only get 30 days of iLabs access... and you need screenshots), you will have to submit a "pen-test report" with information on how you completed the challenges. They give you a sample template. It looks like a "real" pentest report, but really, you can just leave a lot of the stuff like the executive summary and the other fluff as is. You only need to fill in the technical details of how you completed the challenges.

    There are 12 challenges. Each has a specific objective you must complete. The objective will dictate the general methods you use, but you can pick from whatever tools will do the job. The objectives cover an interesting array of stuff covered from the course. You will have to take screen captures of each of the relevant steps you want to demonstrate, since you cant copy / paste stuff into or out of iLabs, and you have no internet access iLabs.

    Once you upload your pentest report, you wait a few days to hear if you passed or not. Then, you get a notification, and if you passed, you can schedule the exam through ProctorU / EC Exams. The written exam is like 150 questions (IIRC), and you get about four hours to complete it. Someone here said it was "CEH+", but I found it a good bit more difficult than CEH. The tools were covered much more in depth, and there were a lot more in-the-weeds questions that the CEH. However, I passed both on the first attempt. Apparently, a lot of people with little real pentesting experience say the ECSA hands-on portion is extremely difficult. I found it pretty easy, but I was already eye-balls deep into the OSCP labs, which are very challenging. One thing I have to say about the hands-on exercises in ECSA: they are straight-forward, without the "trolling" that a lot of people complain about with the OSCP. OSCP can feel more like a puzzle game than a pentest.

    Anyway, if you decide to take it, good luck with it.
  • PJ_SneakersPJ_Sneakers CompTIA, EC-Council, ISACA, Microsoft USAMember Posts: 884 ■■■■■■□□□□
    Thanks for the write up. I'm doing the ECSA training soon. At what point did you purchase the exam voucher? Also, do you remember how much the voucher cost? I could not find it on the site.
  • muhammadbahgatmuhammadbahgat Registered Users Posts: 3 ■□□□□□□□□□
    i have a question in challenge # 10 can you support me ? to know the exploit used ?
Sign In or Register to comment.