Add to collection(s) Add to saved
  1. No category
Uploaded by agus.nursidik

ReadMedium - Read Translated Articles for Free!

advertisement 
2/29/24, 11:24 AM
ReadMedium - Read Translated Articles for Free!
Search
Translate to English
Shaun Whorton
eCPPT: eLearnSecurity Certified
Professional Penetration Tester —
Review
I completed my eCPPTv2 exam, originally, on 4th January, and received a reply on
25th January, stating that I had failed. This was unexpected, as I thought I’d
compromised the entire environment, and reported on it to a good standard. I was
wrong. I since passed, but below you will find why I failed, why I agree with the
decision, and how I eventually passed:
Background
eCPPT is offered by eLearnSecurity, which is part of the INE umbrella of
companies. INE recently bought up Pentester Academy too, so it looks like they’re
positioning themselves to be a big player in the offensive and defensive certification
space. For my review on the Pentester Academy CRTP (Certified Red Team
Professional) exam, please click here.
Pricing is a little strange for this one, and I can’t be 100% sure how much the course
materials and exam will cost you. It used to be around $2000 or so for the materials
https://readmedium.com/en/https:/medium-com.translate.goog/@shaunwhorton/ecppt-elearnsecurity-certified-professional-pe…
1/10
2/29/24, 11:24 AM
ReadMedium - Read Translated Articles for Free!
and one exam attempt, however the new subscription models make
this a little
Translate to
unclear. I straight out just went for the exam-only option, priced at $400. I passed
the more advanced eCPTX back in May 2021, so felt confident about going into
this, more intermediate-level certification, without much/any preparation.
Exam
You can start the exam whenever you feel like it at the click of a couple of buttons,
which is fantastically convenient. When you hit ‘Start Exam’, you are instantly
given the scope for the test, the rules of engagement, and the reporting
requirements. The lab environment is spun up, and you’re presented with your VPN
configuration file to get connected. After a simple edit of the /etc/hosts file, you’re
good to go. You have one week to compromise the targets in scope, as well as
another week to complete a report and upload it for grading.
https://readmedium.com/en/https:/medium-com.translate.goog/@shaunwhorton/ecppt-elearnsecurity-certified-professional-pe…
2/10
2/29/24, 11:24 AM
ReadMedium - Read Translated Articles for Free!
Translate to
The scope is very clear and straightforward. The test is almost split into two parts;
external and internal. The initial external infrastructure is a lot of fun. Once you’re
inside the network, it’s up to you to compromise the visible infrastructure in scope,
escalate privileges and report on any vulnerability you find.
Overall, the exam environment was very stable and I experienced no issues with
connectivity or similar.
Content
Obviously, I can’t share any specific details of the exam content due to the NDA in
place, but I’ll do my best to sum up the content and give my thoughts on such.
If you’re new to penetration testing, you’ll probably struggle with this exam. There
is one task in particular that had me scratching my head for a while. I had a clear,
obvious attack path in mind, but putting the pieces of the puzzle together took a
little bit of thought and experimentation. This particular hardship is somewhat
similar to an area featured in the OSCP exam (or at least, back in 2018 when I
passed), but with a twist. In the end, I got this working and fist-pumps ensued.
https://readmedium.com/en/https:/medium-com.translate.goog/@shaunwhorton/ecppt-elearnsecurity-certified-professional-pe…
3/10
2/29/24, 11:24 AM
ReadMedium - Read Translated Articles for Free!
During the external penetration test, you’ll encounter multiple Translate
vulnerabilities.
In the
to
end, I found three different ways to get a shell on the underlying system, two of
which I’ve seen on actual engagements. I’ve seen the third elsewhere on other
educational providers, such as Hack the Box.
The other vulnerabilities I found were fairly typical of a real engagement. There’s
one present that I experienced in 2021 in a production environment. You’ll have to
pivot to other domains and subnets, and exploit the vulnerabilities present.
If I’m being really critical, I think there’s one vulnerability, right at the end of the
exam, that is a little bit unrealistic. It is, however, very fun to play with and exposes
some AppSec considerations.
Reporting
https://readmedium.com/en/https:/medium-com.translate.goog/@shaunwhorton/ecppt-elearnsecurity-certified-professional-pe…
4/10
2/29/24, 11:24 AM
ReadMedium - Read Translated Articles for Free!
Translate to
My report was 37 pages long, with screenshots, executive summary, technical
commentary, contents page etc. eLearnSecurity are fairly clear on the reporting
requirements, and they form part of the decision process in terms of you passing or
failing. I made sure I explained every vulnerability I found clearly, with screenshots
and remediation steps.
Advice
At the time of writing, I’m still to receive feedback on my exam, so take this with a
pinch of salt!
Take your time. Don’t underestimate the requirements of the exam, it’s not a
CTF, nor is it an OSCP-like exam environment. You have seven days to
https://readmedium.com/en/https:/medium-com.translate.goog/@shaunwhorton/ecppt-elearnsecurity-certified-professional-pe…
5/10
2/29/24, 11:24 AM
ReadMedium - Read Translated Articles for Free!
compromise, plus another seven to report.
Translate to
Enumerate your targets carefully, leave no stone unturned, even as the root user
(or equivalent). Again, take your time here and Google it if you’re not sure.
Report every vulnerability you encounter. Like a real-life engagement, you’ll
want to inform your client of their technical debt and security posture. Even if it
doesn’t lead to a root shell, or even code execution, you’ll want to include it in
your report.
Following on from the above, report as you go. There’s ‘space’ in the
environment and enumeration/exploitation phase to do this effectively. Take
informative screenshots.
Don’t underestimate the post-exploitation phase. That’s all I’ll say in this regard.
Ensure you know how to set up a SOCKS proxy, and you know how/why to use
this.
Alongside your Kali VM, ensure you have a Windows VM to hand, with
Immunity Debugger (or similar) installed and ready to go.
Summary
I really enjoyed this exam; I only wish there was more Active Directory content, as
this was pretty none existent. I’m still waiting for my results (see above), but I had a
lot of fun, especially poking around the external infrastructure. I think the reporting
elements of this certification, alongside the actual exam content, are very real-world
https://readmedium.com/en/https:/medium-com.translate.goog/@shaunwhorton/ecppt-elearnsecurity-certified-professional-pe…
6/10
2/29/24, 11:24 AM
ReadMedium - Read Translated Articles for Free!
applicable. There’s no CTF-style rabbit holes, no ‘gotchas’, just
a very honest
Translate to
environment whereby, if your workflow is sound, you’ll be fine.
I spent around 14 hours in total, enumerating, compromising and reporting my
findings, including formatting of said report and QA. I recommend this certification
as a ‘baseline’ penetration test certification, to those who are wanting to perhaps
prove their skills to an employer — or to themselves. I think it is infinitely more
real-world than other gatekeeper certifications, certainly more realistic in terms of
reporting requirements and timescales.
Update: 14th February 2022
I received feedback that I had failed my original exam attempt on 25th January. I
was very surprised, because I couldn’t think of what I missed in the exam, having
compromised the target in scope and performed actions on target.
Turns out, it was my report.
This was a surprise at first glance. I’ve been a penetration tester since 2008, so
having this sort of feedback was unexpected. I dug a little deeper into my report,
aligning it with the examiners feedback.
I have to say I agreed. The particular section the examiner pointed out was indeed,
lacking detail. Would I go into that much detail in a penetration test report for a
client? I’m not sure. However, that being said, it was an exam requirement, which I
didn’t meet.
https://readmedium.com/en/https:/medium-com.translate.goog/@shaunwhorton/ecppt-elearnsecurity-certified-professional-pe…
7/10
2/29/24, 11:24 AM
ReadMedium - Read Translated Articles for Free!
I spun up another test environment on 3rd February in order toTranslate
take thetonecessary
screenshots, notes, and ultimately create my narrative for the report. This took
around two hours or so, so not a big deal in terms of time spent. I also made sure the
other areas of my report were to standard, fixing a few typos here and there.
Nervously waiting, I submitted my report that day and received my feedback today
(14th February 2022) — I passed!
🥳
So, my updated tips for passing, based on my initial fail:
There’s a particular section of the exam which requires very detailed step-bystep instructions. I won’t state the actual part due to confidentiality, but when
you get there, you’ll know. Do not skip on the details! Screenshot everything,
explain tools used, and include a proof of concept if need be.
https://readmedium.com/en/https:/medium-com.translate.goog/@shaunwhorton/ecppt-elearnsecurity-certified-professional-pe…
8/10
2/29/24, 11:24 AM
ReadMedium - Read Translated Articles for Free!
Ensure you show every step of the process. Not sure what else
I can say here
Translate to
without breaking NDA
I hope you found my review helpful, and best of luck if you are undertaking the
exam!
Penetration Testing
Hacking
Education
Cybersecurity
Certification
Recommended from ReadMedium
M.N.
A Cybersecurity Journey: Passing the PJPT/PNPT
Background and Preparation
10 min read
Anon Tuttu Venus
PNPT Exam Review
Hello Guys, Anon Tuttu Venus here, today I will share my PNPT(Practical Network
Penetration Tester) experience. Its been a year since I…
6 min read
Damaidec
How I passed my CRTP Exam
In this blog I will be giving tips on how to pass CRTP, what to expect on the laboratory and
the exam, and pros/cons
https://readmedium.com/en/https:/medium-com.translate.goog/@shaunwhorton/ecppt-elearnsecurity-certified-professional-pe…
9/10
2/29/24, 11:24 AM
ReadMedium - Read Translated Articles for Free!
9 min read
Translate to
CyberPri3st
Hack the Box Red Team Operator Pro Labs Review — Zephyr
A couple of months ago I undertook the Zephyr Pro Lab offered by Hack the Box. The truth is
that the platform had not released a new Pro…
5 min read
Abdul Issa
Conquering the eJPTv2 Exam: My Journey
Tips for passing INE’s Junior Penetration Tester (eJPTv2) Certification Exam
11 min read
r1ckyr3c0n
Practical Junior Penetration Tester (PJPT) Review
Introduction
7 min read
https://readmedium.com/en/https:/medium-com.translate.goog/@shaunwhorton/ecppt-elearnsecurity-certified-professional-…
10/10
Related documents
The benefits of exercise and The dangers of lack of exercise
The benefits of exercise and The dangers of lack of exercise
605 tree obstacle course
605 tree obstacle course
Activity 2
Activity 2
Untitled document
Untitled document
Cylo
Cylo
isitvivid
isitvivid
HL
HL
Download
advertisement