Zeyad Azima

Zeyad Azima

Brain Storming Stuff (Exploit Development, Reverse Engineering & More)

eCPTX: The Honest Review

7 minute read

Introduction

On June 17th, 2022, I successfully completed the eCPTX exam from eLearnsecurity and received my certification. At the time, I was working and had a lot of responsibilities, so I didn’t have a chance to study the course material beforehand. Instead, I relied on my previous experience and what gathered & used it during the exam. I will now provide an honest review of the eCPTX overall and in more details than the eCPPT, Cause there are a lot of things. Doesn’t make sense i saw in other ppls review.

Course Content

For the eCPTX course content i was dissapointed with a lot of stuff. The content as the following:

  • Penetration Testing: Preparing the Attack
  • Penetration Testing: Red Teaming Active Directory
  • Penetration Testing: Red Teaming Critical Domain Infrastructure
  • Penetration Testing: Evasion

Penetration Testing: Preparing the Attack

In this part it was all about email security and phishing. You will learn about Email security like SPF, DKIM, DMARC. In addition to phishing attacks and ways to use macros & will show you study cases of macros used by APTs. Finally, C2 and redirectors. You think it’s cool right ? No, Cause if someone have no idea about macros actually or VBAs will not be able to understand and a lot of things will fall while learning. Side by that the module shall teaches you. How to develope Macros to use in your engegment. But, all what i saw was study cases and methods without writing any Macros. So, we can say that this section is showing you knowledge or giving you some knowledge. In the video related to this section, It shows how to get used codes and use it again by modifying it it's Good point but it will be hard to work with the modern solutions. In summary, In my opinion it was gonna better to teach how to develop macros from scratch up to advanced level as this certificate under the Red Teaming part. But, it still have good topics like the redirectors, But also still not everything explained clear in this section. But, at all if you are fimiler with these topics and have pervious knowledge about it you gonna find that it’s all fine with you.

Penetration Testing: Red Teaming Active Directory

I can say the real fun starts here as this section doesn’t have a lot of unclear things. But, in my opinion the only thing that i didn’t like is that in the first part in this section which was Advanced Active Directory Reconnaissance & Enumeration. They didn’t cover what is active directory first or it’s basics. But, it’s in the second part/pdf. So it shall be in the first PDF. But, it discuss how to start enumerate and obtain information from non-joined machine which is something good & Also attacking joined Linux machine in the AD, which is not common for people to talk about. In the second PDF which is Red Teaming Active Directory it was cool actually and here started by explaining The Active Directory enviroment, Moving to the Attacks of tradntial Active Directory attacks like LLNMR Poisioning, Downgrading NTLM and more.Then talking about Powershell defense and bypasses, Abusing active directory features and components, Moving laterly, Browser Pivoting and many more.

Penetration Testing: Red Teaming Critical Domain Infrastructure

This section talking about used components and services in windows like MS Exchange, WSUS & MSSQL. it does not have that much of information but it’s fine to learn from it and you can find other blog series online talking in much more details would help you also you could find online abusing for something like SCCM.

Penetration Testing: Evasion

In this section explained about the AMSI archticture and some bypasses moving to other methods and components like Sensitive groups that solutions can use it for detection, also other solutions like EDRs and techniques to bypass and evading, After that developing a custom payload which i can say is a good one. Finally, The most section i liked in the course is the second section and i explained why. My final words is if the course relied on using and abusing built-in commands, functions and features for abusing as example, It would be absoulotly an amazing content as it will reduce the detection in the real-world engement.

The Exam

Now, Let’s talk about the exam. But, before this i wass mention something and it’s when i searched for reviews for the eCPTX, I found onething common between most of the people that go through the exam, Which is some of them fail cause they had to find 3 paths or 3 ways to access the targeted doamin, But, the funny part here if you go throught the RoE(Rules of engegment) You can clearly see in the document that it’s telling one of the rules to bypass is to identify 3 ways to access the targeted domain. And others saw it as a really hard exam. But at all, As i mentiond before i toke the exam and passed without studying the content (That doesn't mean i am 1337 "elite" I'm giving my opinion honestly and what i see from my point of view), You may find content so wow and amazing, Therefore, th exam will be extrem hard. But, no exam was normal and if you have deal with .net stuff and reverse some of it it would be easy for you. For me i was reversing the .dll files from unity games in the past to modify it. So, I can say exam was nomal not too easy and not too hard & It’s really was gonna be hard if we applied all what the content teach and i would be failing in it. For the exam environment you would face some issues, For exmaple, you could try to abuse an attack, But will not work and when you restart the exam lab, the try again. It will work. At the end Thanks for taking to read and if you want to add books to read i would recommand books like Anti-Virus Bypass techniques, The Hacker Playbook 3, Advanced Infrastructure Penetration Testing .

Resources

Red Team Infrastructure & Macros

  • Malicious Macros for Script Kiddies: https://www.trustedsec.com/blog/malicious-macros-for-script-kiddies/
  • Red-Team-Infrastructure-Wiki: https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki
  • Red Team Infrastructure: https://www.ired.team/offensive-security/red-team-infrastructure
  • How To: Build Inexpensive Red Team Infrastructure: https://secprentice.medium.com/how-to-build-inexpensive-red-team-infrastructure-dfb6af0fe15d
  • Modern Red Team Infrastructure: https://www.netspi.com/blog/technical/adversary-simulation/modern-red-team-infrastructure/
  • Introducing Red Ira - Red Team Infrastructure Automation Suite: https://blog.joeminicucci.com/2021/redira

Active Directory and lateral movement

  • Build an Active Directory Lab: https://lnkd.in/dZPRibiM https://lnkd.in/eJkemDbg https://lnkd.in/ezHnzsp7 https://lnkd.in/ezf6K4zq https://lnkd.in/e69QStmp https://lnkd.in/et4SAjNS https://lnkd.in/eVC_xvPq https://lnkd.in/eNBNUA8s https://lnkd.in/eiFW9WzU https://lnkd.in/eNUnu7w9 https://lnkd.in/ejXTb64P https://lnkd.in/e5Y7mB2t https://lnkd.in/eZVi5Vh6 https://lnkd.in/estQMaYe https://lnkd.in/ecmWPtBS
  • Attacking Active Directory: https://h4ms1k.github.io/Red_Team_Active_Directory/ https://lnkd.in/e6ZVK87z https://lnkd.in/eCfgYz-a https://lnkd.in/eF3Dezy5 https://lnkd.in/eb9SmWdF https://lnkd.in/ezdUiEcg https://lnkd.in/ei7vAjbW
  • Lateral Movement Windows and Active Directory https://lnkd.in/gbkTHugi
  • Understanding_Windows_Lateral_Movements (attl4s) https://lnkd.in/g–78ZuG
  • Windows Red Team Lateral Movement Techniques https://lnkd.in/guASjcin
  • Attacking Windows: Performing Lateral Movement with Impacket https://lnkd.in/g9zZFnc8
  • Lateral Movement Using DCOM Objects and C# https://lnkd.in/g27HFYw6
  • Windows Lateral Movement¶ https://lnkd.in/gNA8FUQg
  • Windows Lateral Movement with smb, psexec and alternatives https://lnkd.in/g-FYrZbf
  • Offensive Lateral Movement https://lnkd.in/geNF_iTY
  • Misc https://mrw0r57.github.io/ https://lnkd.in/g7RMVNEM

Attacking MSSQL, WSUS, Exchange and SCCM

  • MSSQL AD Abuse: https://book.hacktricks.xyz/windows-hardening/active-directory-methodology/abusing-ad-mssql
  • Abusing SQL Server Trusts in a Windows Domain: https://www.pentesteracademy.com/course?id=35
  • MSSQL for Pentester: Abusing Trustworthy: https://www.hackingarticles.in/mssql-for-pentester-abusing-trustworthy/
  • MSSQL Penetration Testing: https://github.com/Ignitetechnologies/MSSQL-Pentest-Cheatsheet
  • Exchange pnetest: https://github.com/kh4sh3i/exchange-penetration-testing
  • Red Teaming MS SQL Server: https://h4ms1k.github.io/Red_Team_MSSQL_Server
  • Red Team exchange: https://h4ms1k.github.io/Red_Team_exchange
  • WSUS: https://www.gosecure.net/?s=WSUS, https://www.youtube.com/results?search_query=Abusing+WSUS
  • Red Teaming WSUS: https://h4ms1k.github.io/Red_Team_WSUS

Evasion

  • AMSI Bypass Methods: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/ Introduction
  • AMSI Bypass and Evasion: https://cheatsheet.haax.fr/windows-systems/privilege-escalation/amsi_and_evasion/
  • Exploring PowerShell AMSI and Logging Evasion: https://www.mdsec.co.uk/2018/06/exploring-powershell-amsi-and-logging-evasion/