As I continue my journey within the offensive security world, I recently passed the eCPPTv2 (eLearnSecurity Certified Professional Penetration Tester) certification (September 2018) and wanted to provide feedback on my experience achieving this certification.
I originally purchased the PTPv5 (Penetration Testing Professional) coursework the week after eLearnSecurity launched version 5. eLearnSecurity provided the ability for a free upgrade from their PTPv5 FULL to PTPv5 ELITE as well as a coupon for an additional thirty percent off of the total price. So, I paid a little over $909 US instead of the advertised $1599 US.
In comparing PTPv5 FULL and ELITE packages, the ELITE package provided 60 additional HERA lab hours, downloadable training material in PDF format, a certification voucher without an expiration, and two additional sections; Powershell and Ruby for Pentesters. It should be noted that the additional Powershell and Ruby sections were not required to pass the exam. However, techniques used in these sections assisted me with passing the exam.
Shortly after passing eJPT, I jumped straight into the PTPv5 coursework. I spent the next three months (nights and weekends) working through the training material. For each topic, I utilized the training material as my first pass. I then followed up with the training video(s) to further understand the training material and to clarify confusion that I may have had in reviewing the training material. Lastly, I completed the topic by utilizing the HERA Lab (if available).
As to the HERA Labs, the lab guides provided the goal(s), recommended tools, and the step-by-step instructions for assistance. The only minor issue that I had with the labs was they appeared not to be in order based on the material covered.
As previously noted, it took me three months to work through the training material before I thought I was ready to take the exam. Out of the 120 hours of HERA Lab time, I had roughly 48 hours remaining prior to the taking the exam.
The exam was comprised of two sections; practical and final report. The practical portion of the lab had several systems and the required time to complete this portion of the exam was up to seven days. The exam format contained different combinations of the PTPv5 HERA labs as well as providing a downloadable Letter of Engagement. It should be noted that a maximum of four resets of the exam environment were available within a 24-hour period.
As to the final report, up to an additional seven days were allotted to complete and submit the report. The Reporting Guide provided detailed explanations of each section as well as some examples. However, the Letter of Engagement provided the required details for the final report.
It is my estimate that the PTPv5 material covered about ninety percent of the required tasks within the exam. The last ten percent of the tasks needed some additional research in order to complete the objective.
Taking this exam can be a little intimidating if one does not have much experience with penetration testing (like myself). Keep in mind, like the real world, not every system will be exploitable. The following items may help during the exam attempt:
· Review PTPv5 lab guides to assist with techniques
· Do not spend too much time attacking one system
· Do not overthink; look for the obvious
· Take a break and go for a walk
· Document and capture images of key events
· After each successful exploit, create/document that section within the final report
· Use a stable attacking platform
· Have a Windows 7 system with Immunity Debugger installed
Although the above items seem pretty basic, the stable attacking platform was a critical lesson learned for me. Unfortunately, my first twelve plus hours of the exam were spent fighting with Kali. I had foolishly updated the system a week prior to the exam and thought that all was well. When using a specific tool, it apparently became corrupted during the upgrade and I could never make the tool function appropriately even after reinstalling the tool. This caused me to have to rebuild my attacking system on another hardware platform while taking the exam.
Unfortunately, the failure of my attacking system had a domino effect and I simply ran out of time and failed my first exam attempt. Even though I knew I failed, I still created the final report with my successful exploits and submitted it for review.
Within a few days, I received the official failure notice as well as exam comments from the proctor. In addition, I was given a 14-day window to sit my second exam attempt. I believe when I purchased the ELITE package, the exam voucher came with two attempts.
Knowing that I only had a maximum of fourteen days, I spent that time recreating the scenario that I was not able to complete as well as building a new attacking system (Ubuntu w/PTF) and a backup attacking system (Kali) on a second hardware platform. In addition, I used my notes to create cut and paste scripts to speed up processes for my second attempt.
Around day ten of fourteen, I started my second attempt just like the first attempt. This time, I was only given seven days to complete the lab and to submit the final report. After a few days, I was able to complete the exam and submit the final report once again. This time, I received the email stating “your shiny certificate is waiting for you in the Members area”.
Overall, I really enjoyed this experience and gained a lot of knowledge from the PTPv5 coursework as well as the eCPPTv2 exam. For me, the coursework and exam felt like building blocks on a foundation that I have been creating for some time now.