about to begin eCPPT exam

Due to the holiday season, I've got two weeks off from work. Perfect for sitting a two week exam! I definitely feel prepared for the technical side of things, but I'm nervous about my reporting skills. I've been incredibly lucky in that our CISO has been giving me assignments to test various "things" to help me prepare for the exam, so I have been practicing improving my reporting skills any chance I get. I've also been reading all of the various white papers and sample reports i can get my hands on. Overall, I feel confident about the exam, but seeing how this is the most advanced cert I have yet to attempt, saying I'm nervous would be an understatement. If anyone has any input or advice, I'm happy to hear it; If anyone has any questions regarding the course or any external study material, I'm happy to answer what I can!

Find more posts tagged with

Comments

JoJoCal19

Good luck! If you would, I would love an in depth review as I'm about to pull the trigger on PTPv3.

zxshockaxz

JoJoCal19 wrote: »

Good luck! If you would, I would love an in depth review as I'm about to pull the trigger on PTPv3.

You know, I'm not really known to do reviews, but I've been really thinking about doing one for this course. Maybe I will! I know I sure would have appreciated on when I was debating taking the course.

JoJoCal19

zxshockaxz wrote: »

You know, I'm not really known to do reviews, but I've been really thinking about doing one for this course. Maybe I will! I know I sure would have appreciated on when I was debating taking the course.

For sure. Even a little plus/minus or if you recommend it or not would be appreciated.

xXxKrisxXx

Here are some sample reports you can try to structure your outline around:
http://www.offensive-security.com/penetration-testing-sample-report.pdf
http://www.niiconsulting.com/services/security-assessment/NII_Sample_PT_Report.pdf

Here's a link to a GIAC Paper about composing a pentest report:
http://www.sans.org/reading-room/whitepapers/bestprac/writing-penetration-testing-report-33343

They love seeing charts based off of your findings. Be sure to include a few. eLearnSecurity usually doesn't pass people on their first chance around on exams. Even if you nailed the exam objective, they can be hard to impress reporting wise. Be sure to accurately score any vulnerabilities you find. The report is literally 50% of your grade. If you any vulnerabilities that have corresponding cve/cwe's provide links. Let's say you found some Cross-Site Scripting, you will want to link them to the OWASP,CWE, and WASC pages.

realPSI

My lab time runs out in April. I bought the course last year during the premier. I thought reporting was part of the course, is that not true? I will be doing this course along with practical network defense.

Good luck and a review would be great.

chopsticks

All the best to OP.

zxshockaxz

xXxKrisxXx wrote: »

Here are some sample reports you can try to structure your outline around:
http://www.offensive-security.com/penetration-testing-sample-report.pdf
http://www.niiconsulting.com/services/security-assessment/NII_Sample_PT_Report.pdf

Here's a link to a GIAC Paper about composing a pentest report:
http://www.sans.org/reading-room/whitepapers/bestprac/writing-penetration-testing-report-33343

They love seeing charts based off of your findings. Be sure to include a few. eLearnSecurity usually doesn't pass people on their first chance around on exams. Even if you nailed the exam objective, they can be hard to impress reporting wise. Be sure to accurately score any vulnerabilities you find. The report is literally 50% of your grade. If you any vulnerabilities that have corresponding cve/cwe's provide links. Let's say you found some Cross-Site Scripting, you will want to link them to the OWASP,CWE, and WASC pages.

I've read all three of those twice actually

Thank you for the input, I really appreciate it. I'm very aware of the charts. In most of my reports right now, I've been putting two charts: one for number of vulns by category, and number of vulns by severity. Do you think I should include something else?
I'm actually working on a basic structural outline right now, so I can begin writing my report as I go. I really Like Offensive Security's report sample. It seemed very clean and similar to my writing style. Do you think the guys at eLS would disapprove?

realPSI, Reporting/communicating is, imo, the most important part to any pentest. You could dominate the world's most secure network, but if you are unable to properly communicate how and why, as well as how to fix it, you really haven't provided any benefit to the company. That being said, I really wish eLS would add more focus on writing the report during the training side of things.

Thanks for the luck, all!

edit: realPSI, I misinterpreted your question. Yes, reporting is indeed part of the course, but they do not emphasize it like they do the technical side. I personally prefer as many examples as I can find. They do provide a guide over writing your report, and it really is great. I've learned a lot from it, but I personally think that a sample report or even a lab that is only over reporting would be very beneficial and fitting for the course (seeing as how they are very good about guiding you through everything else). This isn't a complaint by any means. I can find what I need on Google if something is unclear to me.

xXxKrisxXx

zxshockaxz wrote: »

I've read all three of those twice actually Thank you for the input, I really appreciate it. I'm very aware of the charts. In most of my reports right now, I've been putting two charts: one for number of vulns by category, and number of vulns by severity. Do you think I should include something else?
I'm actually working on a basic structural outline right now, so I can begin writing my report as I go. I really Like Offensive Security's report sample. It seemed very clean and similar to my writing style. Do you think the guys at eLS would disapprove?

I like everything Offensive Security puts out. I don't think they'll mind if you followed their report structure. I broke mine into 4 basic main sections. The 2 charts should work fine. Be sure to include an image of the network layout in the report (which your given for eCPPT Gold). Take a lot of screen shots to include in the report. Make sure you're snapping shots of the windows and edit out all of the unnecessary stuff (they don't want to see your desktop icons, etc). To help the screenshots look more visible, don't be afraid to make the font bigger in your terminals. Also, save your tool output.

zxshockaxz

xXxKrisxXx wrote: »

Be sure to include an image of the network layout in the report (which your given for eCPPT Gold).

Are you saying that they provide you with the network diagram at the start of the Gold exam? If not, do you have any tips for the diagram? It's a skill i've been brushing up on as well, but still greatly appreciate anybody's input.

Thanks for the advice. It is greatly welcomed lol. I'm starting the exam in the morning. I've spent all day making sure my tools are up to date, and I've already created the base structure for my report. I suppose it looks like a generic pentesting report template that I can fill out as I make my way through the test, and then I can finish customizing it to the engagement when the reporting phase comes.

zxshockaxz

Quick Update:

We have been doing some mail system changes in the work place. Went to register for Maltego before I started the exam and never received the email. Did a little troubleshooting and realized I wasn't able to receive emails at all. In my original post I mentioned that I have two weeks off from work; So does everyone else. They aren't my systems so I can't fix them.
I went to try and update my eLS account to a different email and received an error of "Server error. Please try again later." I hopped on live chat with customer support, and they told me to email tech support who is unavailable today. Yay.

Needless to say, I'm very irritated right now. Mostly at the situation. Customer support was very friendly, and I'm sure we can all understand what it is like dealing with pissy customers that we are unable to help. I told the guy thanks and left chat. This totally screws with a lot of my very carefully planned break. Will update again when I figure something out.

xXxKrisxXx

Regarding the exam, you have everything you need in the Members Section of the website where the course content is. See below:
http://i57.tinypic.com/2j1reyt.jpg

After you click the begin certification process, you'll be given the Rules of Engagement and you will be able to start. Click on the Instructions Tab and there's an Exam Guide for more instructions.

zxshockaxz

Thanks for all the info Kris!

I got my issue resolved, which is why I haven't been on here much lol. Got the exam started and hit the ground running. I was really proud of how well things were going by the end of the first day. Now I'm stuck at the most minimal access possible to the objective box, and I'm having a hell of a time with an exploit I'm working to get into one last box. I've spent 2.5 days working on this exploit. Assembly is definitely not my strongest area. I finally caved and went to the forums trying to scrape any help/advice I could get without being given the answer. I've gone through the modules 4 more times and replicated the examples. >.<

As of right now, I have 2.5 days remaining of the testing phase.

zxshockaxz

Just another update:

I just submitted my report. Super nervous and excited now. The exam was a lot of fun and incredibly stressful lol. Now to sit back and relax (as much as I can) for a while. I'll update again with the results, and maybe a detailed review.

Until then...
TL;DR Review:
The course and exam are both a blast. You'll definitely learn a lot all the way up to the point of turning in the report. Great course, worth the money, hope it becomes a more recognized cert.

veritas_libertas

Good luck. I'm interested in seeing your full write-up on the course.

impelse

how many targets do you get?