PTP / eCPPTv2 Review

14/08/2019

After gaining the eJPT certification, I could not wait to get stuck into another eLearnSecurity course to progress my journey into InfoSec! After PTS, the next step up is PTP, Penetration Testing Professional.

I was looking for a course/exam that would be ideal to complete before thinking about going for PWK/OSCP, and from browsing many forums and reviews, the PTP course fit the bill perfectly as it provided a solid foundation of topics that are covered in the PWK course/OSCP exam, like Buffer Overflows.

PTP is a hands on course that delves deeper into the world of penetration testing than what PTS did as it focuses on all aspects of penetration testing, from the processes and methodology to teaching the elements of conducting a penetration test whilst, what may actually be the most valuable part of the course, teaching you the valuable skill of being able to write a penetration test report.

Course Pricing Plan:

I bought the PTP Full plan which provided me with:

  • 60 hours of HERA lab time
  • Training videos - HTML5
  • The eCPPTv2 certification exam with one free retake

I contemplated purchasing the Elite plan, because from PTS to PTP, there were so many more labs to complete with topics ive not really covered before and the Elite plan comes with 120 hours of lab time and no expiry on the exam voucher. The Elite plan is also the only plan that gives you the training material in PDF format.

Course Content:

The course syllabus gives you an overview of what is going to be covered in the course - eLearnSecurity PTPv5 Syllabus.

The course content is split up in seven main modules, two of which are only accessible to those that purchased the elite plan, Ruby & Metasploit and PowerShell for Pentesters modules.

The Wi-Fi module is not part of the exam itself, but is really informative for those that want an introduction to Wi-Fi from an attacker perspective.

The other four modules are accessible to those on the full plan and I found these to be sufficient to pass the eCPPT exam.

The modules of the course are:

  • System Security
  • Network Security
  • PowerShell for Pentesters
  • Linux Exploitation
  • Web App Security
  • Wi-Fi Security
  • Ruby & Metasploit

As part of the course, eLearnSecurity provide you with documentation on how to handle information found on a penetration test, methods of mapping your penetration test findings in a logical, professional manner and for me, the most important aspect of the course, how to write a professional penetration test report. This is important because you are not only tested in the exam on what you find during the penetration test, but how you document and explain your findings within a report.

Just like the PTS course, the course content of PTP is brilliant. The slides are easy to understand, there are also videos that cover the practical elements of the theory from the slides, sometimes including extra concepts you can use to complete the tasks, It helps so much by not only seeing the theory of what a tool does/vulnerability is from the slides, but seeing it being used/exploited in the video clip helps to enforce the concept more clearly. You are also given details of external resources that can be used to further research topics.

HERA Labs:

If you've seen any of my comments on Twitter or LinkedIn regarding my eLearnSecurity experience, you'll know how much I rate the HERA Labs, they are simply AMAZING.

There are 23 labs in total although only 15 of which can be accessed on the full plan; they are more than enough though to pass the exam.

Each lab usually comes with a lab manual containing the lab scenario, network diagram and learning objectives plus various tasks to guide you through the lab to complete the learning objectives. If you are stuck or want to see if the lab can be completed another way, there is also a lab solution guide which details step by step how the lab was intended to be completed. The lab solutions are also useful when it comes to the exam as it may describe the use of a certain tool, why it's used or the correct syntax of a particular command etc.

The main reason why I love the HERA labs so much is because each lab is dedicated to you via an openvpn connection, meaning you are not sharing a lab or its resources with another student, this gave me peace of mind knowing that the contents of the lab VM is meant to be there/is there, unlike some HacktheBox machines with multiple users deleting/adding files etc to the VMs. Grr.

Also, your lab time only decreases when you are actually using the labs, so you don't have to worry about your lab time decreasing over time if you are not connected to any of the labs.

Overall, the HERA Labs give you hands on experience that will stand you in good stead when it comes to the eCPPT exam, as it also uses the HERA Lab system. If you are able to achieve the learning objectives of the labs without much help from the lab solutions, you shouldn't worry too much about the exam.

Study tips:

  • Make notes of commands used for the tools during the labs.
  • Practice pivoting techniques between networks, TRUST ME.
  • Try not to use the lab solutions unless you're really stuck.
  • Practice your reporting/handling information skills whilst in the lab environment by taking screenshots and mind mapping your findings, just like you would in the exam - I used greenshot for screenshots and mindmaster to map my findings.

The Exam:

Overall, the exam was both thrilling and stressful! The exam is a realistic penetration test environment; so much so, that I felt like it wasn't an exam, but a real penetration test for a real customer, a customer that had a few vulnerabilities in its network!

When you first start your exam, you are given a rules of engagement letter which details the exam scenario, IP scopes and the end but not sufficient goal to pass the exam. You are given 14 days overall to pass the exam, 7 days to perform the penetration test and another 7 days to upload your penetration test report.

As stated previously, the exam covers all of the course material apart from the Wi-Fi module, although im not sure how much of the PowerShell and Ruby/Metasploit modules content is required either as I only had the full plan.

I found that if you was able to complete the course labs, without much help from the solutions and can explain to yourself why you're doing a certain thing, using a certain tool, or command, then you'll have plenty of time in the 7 days to reach the end goal and find multiple vulnerabilities along the way to include in your penetration test report.

As this was my first experience of performing a penetration test and also my first time in writing a report, I was dreading it! But once I found a report template to use, re-read and understood the reporting guide documentation, made sure i had plenty of notes/screenshots and my mind map findings, it was just a case of putting it all together into my report in a professional manner and it went pretty smoothly!

Remember that the report is taken just as seriously as the penetration test itself when it comes to passing the exam, so don't take it lightly and think you can submit a report you wouldn't give to a real customer, you cant.

Credit to TheCyberMentor for uploading this report template which I modified with the requirements from the reporting guide to create my final report.

Exam Tips:

  • Create a cheat sheet with commands used during the labs and in the course material.
  • Persistence is key.
  • Enumerate, enumerate, ENUMERATE!
  • Don't be afraid to use RDP for pillaging, it's easier than trawling through a meterpreter session.
  • Review the course material/lab solutions if you are stuck.
  • Recommend having a Windows 7 x86 VM with Immunity Debugger and !mona add-on installed on it, I used this instead of the VM from the System Security Lab in the exam for the buffer overflow exploitation. 
  • Don't rush the report, you have 7 days to go over it and refine it.
  • I used greenshot for screenshots and mindmaster to map my findings. 
  • Find a report template you like before starting the exam, this will help you organise your notes and screenshots accordingly.

Last Remarks:

I thoroughly enjoyed the PTP course; it was more in depth than PTS and for that I think it is worth going for if you're looking for a course/certification that challenges your hands on penetration testing and reporting skills.

eLearnSecurity are doing amazing things within InfoSec and I couldn't be more grateful for their excellent courses giving me the opportunity to learn and progress my knowledge of a career I will one day, hopefully be employed in!

... Next up, OSCP!