Hi everyone
I would like to share information and my impressions regarding eLearnSecurity junior Penetration Tester (ver. 3) course and exam. Just a note: This post also participate in review contest. More info under this link: https://community.elearnsecurity.com/topic/4362-the-elearnsecurity-review-contest/?spMailingID=30073417&spUserID=NTgyNDgwNzMxNTQwS0&spJobID=1100772283&spReportId=MTEwMDc3MjI4MwS2
After I acquired CompTia Security+ I wanted to get some "hands on" practice course and certification as I was tired of tests like CompTia is serving where you have to pick A,B,C etc... and you can prepare just from reading books. Searching through forums and google decided to give it a try for this one, as my ultimate goal is to prepare to get OSCP certification where you also have live practice exam. However for OSCP my current knowledge level is to low but I knew I could give a try for junior Penetration Tester and I wasn't wrong.
Some info about course. This course teaches you on a fundamental level tools that penetration testers use and various attacks that you can perform using them. You will learn about gathering information, scanning, vulnerability assessment, web attacks, system and network attacks. Few fun tools you will learn are: metasploit with meterpreter, nmap, Nessus, Wireshark, Hydra, John the ripper and many other... Best is that you can practice that by yourself in the lab.
During course you learn from three methods:
1. Slides - where you reading about various topics. They are well prepared, easy to read and topics are very nicely explained.
2. Videos - Where lecturer showing and explains what you just read from slides, by using tools and techniques covered in topic.
3. Live exercises – This is the best part. What you learned from Slides and Videos you now have to do it by yourself. You connecting through VPN to Hera Lab where you have access to vulnerable machines where you can use penetration tester tools to pass the exercise.Good stuff you will have lifetime access to the slides and videos. Access to Hera lab is limited by hours you decided to buy. But you can always extend.It is worth mention that if you lack some basic knowledge about networks and programming there are preliminary short introduction courses with exercises about computer networks and programming (C, and Python).Regarding exam Exam is only hands on, no tests with multiple answers. You have 3 full days to hack computers in connected network and get required information while keeping notes. After that you need to answer questions like what was the content of file secret.txt or how many XSS/SQL Injection vulnerabilities had that web page. I was little stressed before I started but in overall it took me 8 hours only to get all required information to pass exam. Important fact is that you will not get tasks that were not covered in the course material. So if you followed course carefully with all exercises with understanding then there is no chance you will get stuck.To sum up PROS and Cons:PROS:
-
Good course material with superb explanation of the topics. Very easy to read and understand.
-
Good quality videos showing you step by step.
-
Hera lab - access to live network with vulnerable hosts. I really enjoyed this part of learning.
-
Possibility to get printed version of certificate.
Cons:
-
Some material was not updated to the current state, like about scripts in nmap, you had to google by yourself.
-
Flash in slides, while there is button for html5 it wasn't working for me.
-
Sadly this certification is not so well known as other security certs.
I was very surprised how good value you get for the price. I learned in very short time a lot of tools, that before I was just reading about, but most importantly I could use them on other computers without worrying that you can do harm to anyone. If you are like me newbie in IT Security I highly recommend you to buy this course and get real hands on exam. Now I am considering getting more advances courses and certs from eLearnSecurity before I will reach my goal.
Thanks for reading.
