eLearn Security - PenTesting Student PTS v3

UnixGuy · June 2015

After some research, I decided that I want to do this course:
https://www.elearnsecurity.com/course/penetration_testing_student/

My plan is to build a proper technical pentesting and forensic background and use it to move to pentesting & incident handling positions. I figured this course would be a perfect start.

I will enroll in this course this weekend, it's only 400$ and it includes labs.

Anyone interested in doing this course with me? Study group?

alias454 · June 2015

I came about this course through an email from tech exams for a free barebones account. I bit on the upsell and opted to upgrade to the elite edition for $199.00. I wanted the extra lab time not knowing what I was getting into. 60 hours of lab time was way more than was necessary (having a physical certificate of completion would have been a bonus except it was bent in the mail). I was able to complete all the labs in about 10-12 hours. With the metasploit lab taking the longest.

I think the elearn labs are a good primer for something more difficult like OSCP. I would go PTs STUDENT -> pts PRO then -> OSCP
Some other good sites to gain some XP on are - here is a short list of hacking war game sites (not all links work from the sites YMMV)
http://vulnhub.com/resources/
OverTheWire: Wargames
https://www.hacking-lab.com/
War Games. Current and past hacking simulators and challanges

Regards,

UnixGuy · June 2015

Perfect! Thanks for your recommendation, that's my plan is to go to OSCP eventually but I thought eLearn would be a good start for me. I'm thinking of doing eLearn exams as well after completing the courses; I know they're not recognised but I want them to serve like milestones for me.

Did you end up taking the eLearn exams? Did you do the OSCP?

alias454 · June 2015

I did the eLearnSecurity Junior Penetration Tester (eJPT) course and grabbed the cert. I have not done the pro Course but plan to once I have completed my CCNA, VCP, and Sec+.

Regards,

UnixGuy · June 2015

Solid plan! I'll start with eJPT and take it from there. Looking to start this weekend

wd40 · June 2015

I "re-started" the course yesterday, I am planning to finish this within 1 Month.

You should check the eLearnSecurity community, it is not really Active but you will get solutions to any issues that you face with the course.

Mike-Mike · June 2015

great info

UnixGuy sent me this link, and at first I was hesitant, but now I keep thinking about it. I am going to let UnixGuy guinea pig it out, then I'll probably jump on board

UnixGuy · June 2015

@Mike-Mike: Read some excellent reviews here:

http://www.techexams.net/forums/security-certifications/98588-elearn-security-vs-offensive-security.html
penetration test - Comparing online security courses: eLearnSecurity vs. Offensive-Security - Information Security Stack Exchange

Mike-Mike · June 2015

UnixGuy wrote: »

@Mike-Mike: Read some excellent reviews here:

http://www.techexams.net/forums/security-certifications/98588-elearn-security-vs-offensive-security.html
penetration test - Comparing online security courses: eLearnSecurity vs. Offensive-Security - Information Security Stack Exchange

you aren't helping me on not spending $400....

UnixGuy · June 2015

Do it, you know you want to!

That 10K+ pay raise in the new job opportunity as a pentester seems like a sweet deal to me

Mike-Mike · June 2015

UnixGuy wrote: »

Do it, you know you want to!

That 10K+ pay raise in the new job opportunity as a pentester seems like a sweet deal to me

but what about the 10k pay cut I'm taking for the Security Analyst role so I can eventually get the pentest role?

UnixGuy · June 2015

Why are you taking a pay cut? I moved to sec analyst position on the same salary I was on as a systems engineer. From the job postings that I see, the more skills you have the better pay you should be able to command, specially for those doing security consultant type work. You've got experience in networking/systems so I see no reason why u should take a pay cut

JoJoCal19 · June 2015

Good luck on PTSv3. I got the barebones for free as part of the webinar they did on the launch. I have the PTPv3 also sitting there waiting for me to do. I was originally going to start in the Spring but ended up facilitating at SANS so I'm working on my GSEC now. I'd like to go through these two courses this fall and then do the OSCP after the New Year. We'll see how it goes as with my new position I may have to do CCSA first. Post a journal in the Sec forum section and let us know how you're doing.

MrAgent · June 2015

UnixGuy wrote: »

After some research, I decided that I want to do this course:
https://www.elearnsecurity.com/course/penetration_testing_student/

My plan is to build a proper technical pentesting and forensic background and use it to move to pentesting & incident handling positions. I figured this course would be a perfect start.

I will enroll in this course this weekend, it's only 400$ and it includes labs.

Anyone interested in doing this course with me? Study group?

Do the OSCP! You know you want to!
I may look into this course after I finish either the CASP or CISSP.
I have an irc server for a study group.

bradl3yC · June 2015

alias454 wrote: »

I came about this course through an email from tech exams for a free barebones account. I bit on the upsell and opted to upgrade to the elite edition for $199.00. I wanted the extra lab time not knowing what I was getting into. 60 hours of lab time was way more than was necessary (having a physical certificate of completion would have been a bonus except it was bent in the mail). I was able to complete all the labs in about 10-12 hours. With the metasploit lab taking the longest.

I think the elearn labs are a good primer for something more difficult like OSCP. I would go PTs STUDENT -> pts PRO then -> OSCP
Some other good sites to gain some XP on are - here is a short list of hacking war game sites (not all links work from the sites YMMV)
http://vulnhub.com/resources/
OverTheWire: Wargames
https://www.hacking-lab.com/
War Games. Current and past hacking simulators and challanges

Regards,

Alias,

Can you elaborate on your experience prior to this? Would this be something you'd recommend to someone interested in learning pen testing with no prior experience?

Rumblr33 · June 2015

Yes. This is a great course for those interested in Pen testing and vulnerability assessments. I am currently going through the course (at a slow pace).
It is great precursor to eCPPT or even the OSCP. The material is very readable and user friendly. I would recommend it.

Cyberscum · June 2015

JoJoCal19 wrote: »

Good luck on PTSv3. I got the barebones for free as part of the webinar they did on the launch. I have the PTPv3 also sitting there waiting for me to do. I was originally going to start in the Spring but ended up facilitating at SANS so I'm working on my GSEC now. I'd like to go through these two courses this fall and then do the OSCP after the New Year. We'll see how it goes as with my new position I may have to do CCSA first. Post a journal in the Sec forum section and let us know how you're doing.

How did you get an invite for the barebones package?

I would like to see it before I bought the stuff.

EngRob · June 2015

JoJoCal19 wrote: »

I have the PTPv3 also sitting there waiting for me to do.

I have the PTPv3 sitting for me also. Hit me up if you decide to go for it in the fall as i'll be hopefully getting close to wrapping up WGU by then. (also have barebones PTSv3)

wd40 · June 2015

Cyberscum wrote: »

How did you get an invite for the barebones package?

I would like to see it before I bought the stuff.

People that attended the Launch event got the invite.

Regarding PTP .. I was really tempted to sign up when I got an e-mail with a 20% discount offer "Sign up now and worry about completing training later, you know like the Gym, sign up for a year and go for 2 weeks then quit

", but decided not to go for it, maybe next year.

bradl3yC · June 2015

Rumblr33 wrote: »

Yes. This is a great course for those interested in Pen testing and vulnerability assessments. I am currently going through the course (at a slow pace).
It is great precursor to eCPPT or even the OSCP. The material is very readable and user friendly. I would recommend it.

What would you suggest be the baseline knowledge before attempting this course?

Rumblr33 · June 2015

bradl3yC wrote: »

What would you suggest be the baseline knowledge before attempting this course?

https://www.elearnsecurity.com/course/penetration_testing_student/

Pre-requisites
•Basics of computing and computer science
•Basics of Computer Security topics although not mandatory

This is straight from the elearnsecurity website. Personally, I would say the ability to apply the information that you are learning.

veritas_libertas · June 2015

@UnixGuy: I'm currently preparing for the eJPT. PM me if you want to talk about the course, etc.

JoJoCal19 · June 2015

EngRob wrote: »

I have the PTPv3 sitting for me also. Hit me up if you decide to go for it in the fall as i'll be hopefully getting close to wrapping up WGU by then. (also have barebones PTSv3)

Will do! I'm not super hopeful I'll be able to dive in too much as I'm facilitating SEC503 in August (GCIA), but I'll probably just start PTSv3 and do some here and there.

UnixGuy · June 2015

I want to do the OSCP but I'm not in the right head space for it, and figured eJPT would be a good start. I need some kind of spoon feeding initially, at least to get me started.

For those doing the eJPT, how about we create a study group and share notes/labs? Any suggestions on how to proceed? I'm going to buy this course this weekend!

alias454 · June 2015

bradl3yC wrote: »

Alias,

Can you elaborate on your experience prior to this? Would this be something you'd recommend to someone interested in learning pen testing with no prior experience?

You should have a good understanding of computers and computer networks for one. As far as prior pentesting experience goes, it is not a requirement for the course but would be a bonus for sure. nmap, wireshark, metasploit, and nessus are useful to have a basic knowledge of, along with some other tools from the list on SecTools.Org Top Network Security Tools. The labs in the eJPT are desinged in a way to lead you through it and they have the solutions available should you get stuck.

I had exposure to a few tools doing my degree (think refresher). Prior to that, I used wireshark, nmap, john etc. along with a few other network based tools etc. I think the eJPT is a perfect course to start down the path of being a professional pentester (a guided tour if you will). IMHO, the eLeaarn course was put together in an engaging way that made it interesting and fun. I would recommend it to get your feet wet. For me, it helped put everything into perspective in a way I was not able to do before as it is structured in a task oriented way.

Regards,

veritas_libertas · June 2015

UnixGuy wrote: »

I want to do the OSCP but I'm not in the right head space for it, and figured eJPT would be a good start. I need some kind of spoon feeding initially, at least to get me started.

For those doing the eJPT, how about we create a study group and share notes/labs? Any suggestions on how to proceed? I'm going to buy this course this weekend!

I'm in on this. I'm currently going through the guides and videos a second time writing my notes. Not sure how we should go about a study group. A chatroom comes to mind.

Edit: But you're in Australia. Hmmmm....

EngRob · June 2015

JoJoCal19 wrote: »

Will do! I'm not super hopeful I'll be able to dive in too much as I'm facilitating SEC503 in August (GCIA), but I'll probably just start PTSv3 and do some here and there.

Let me know either way, would be good to tackle with someone to vent with! Enjoy GCIA! I would love to attend that class.

UnixGuy · June 2015

@Veritas: You have GPEN & GCIH isn't the eJPT easier?

yes how can we share notes? I'm not much of a gmail/skype user but maybe we can email or something. Or just post and track our progress?

Mike-Mike · June 2015

UnixGuy wrote: »

Why are you taking a pay cut? I moved to sec analyst position on the same salary I was on as a systems engineer. From the job postings that I see, the more skills you have the better pay you should be able to command, specially for those doing security consultant type work. You've got experience in networking/systems so I see no reason why u should take a pay cut

It's not exactly a 10k pay cut. My base pay from my current job to my new job is a 17k bump. However my current job also has a bonus, overtime, on call pay, shift differential, etc, whereas the new job will be salary.

Also I have about zero actually security experience, so I took what I could get in this role just to get some experience

UnixGuy · June 2015

Mike-Mike that's exactly what I did. I had zero security experience, I took this job to get some exposure but thankfully there was no pay cut. In fact I get paid slightly more now, and in a much better organisation.

My plan is to work on my skills now and move as soon as I can.

Mike-Mike · June 2015

well, now that I'll be an official Security Analyst, I think I will consider this course again

eLearn Security - PenTesting Student PTS v3

Comments