Introduction

On February 4th, 2022, I successfully passed the “eCPPT” exam from “eLearnsecurity” and obtained the certification. Prior to this, I had previous experience with penetration testing and was already working as a penetration tester. In this blog, I will be providing my simple honest opinion on the course and exam.

Course Content

The course content was overall good, in my opinion. It was filled with a lot of information and knowledge to learn. However, there were some cons that I did not like. Specifically, in some sections of the course, certain points were not explained clearly or completely, and were more like definitions or short sentences. Despite this, the overall content was good and anyone can learn new things, whether they have previous knowledge or not. The section that I particularly liked in the course was the “Network Security” section, as it was the longest and biggest section in terms of content. It covered a lot of different types of attacks and techniques that can be used for penetration testing on networks, both internally and externally. I also appreciated the inclusion of sections on “Wireless Security” and “Metasploit & Ruby,” as these topics are not covered as frequently and are important for a penetration tester to know, as you may encounter wireless networks during engagements or projects. However, the course does not cover any content on attacking active directory, but that is included in the eCPTX certificate course content.

If I were to make some recommendations for preparing for the exam, I would suggest reading the following books:

“Penetration Testing with Shellcode”
“The Hacker Playbook 2” (which contains active directory).

Additionally, I would recommend going through the “Tryhackme” learning paths such as the “Jr Penetration Tester” path and the “Offensive Security” path. You will notice that the “Offensive Security” path also covers active directory, as does “The Hacker Playbook 2.” The reason I recommend this is because active directory is widely used in the majority of environments around the world and it is necessary to know about it.

The Exam

Now, coming to the exam part which took me few hours to done it. The exam was pretty easy and will be easy even if you didn’t have any previous experience with penetration testing as the exam was not providing everything you learn in the content which i see that it’s another thing under the cons side by the unstable exam environment. It will be enough for you to study the content and solve the labs. And at the end i would recommend the course for sure. but it’s important to consider the recognition of the certificate in the market or in the country you are targeting, as it may not be recognized in some areas.

Resources:

Information Gathering: https://vk9-sec.com/red-team/information-gathering/, https://web.archive.org/web/20200309204648/http://www.0daysecurity.com/penetration-testing/enumeration.html

Exploitation: https://vk9-sec.com/red-team/exploitation/

Post-Exploitation: https://web.archive.org/web/20150317144317/https:/n0where.net/linux-post-exploitation, https://vk9-sec.com/category/red-team/post-exploitation/linux-post-exploitation/, https://vk9-sec.com/red-team/p ost-exploitatio n/

Pivoting: https://fuzzysecurity.com/tutorials/25.html, https://catharsis.net.au/blog/network-pivoting-and-tunneling-guide/, https://hackmag.com/security/windows-pivoting/, https://pentest.blog/explore-hidden-networks-with-double-pivoting/,

cheatsheet: https://drive.google.com/file/d/1wC7RMTrWjt74rO8u4X-zM89T_hZzF_A5/view

Notes: https://drive.google.com/file/d/1H0Iq0_oU6-oUOkpzDZclUjw1EbsZWWiW/view, https://zer0verflow.gitbook.io/ecpptv2-notes/

Post Views: 610