eLearnSecurity Penetration Testing Professional ( eCPPT v2) Review
Greetings EveryOne,
I am so happy to share that I accomplished eCPPT v2 exam recently & earned the certification,.
In this blog, I am writing the challenges I faced during the exam. also, the preparation I did for the exam in spoiler-free manner.
eCPPT v2 is one of the prominent penetration testing examinations offered by eLearnSecurity. The beauty of this certification exam is “It is completely practical. Yes, you have to penetrate a realtime enterprise network by exploiting its weaknesses and submit your findings in a professional penetration test report.”
eCPPT v2 exam prevails other red team certifications as it embraces the real time penetration test approach. It definitely not a Capture The Flag and post-exploitation would really be helpful.
INE/eLearnSecurity also offers a paid course Penetration Testing Professional(PTP) that is required to prepare for this eCPPT v2 exam. The exam voucher cost is 400 USD. once you avail the voucher, it will be valid for 6 months (from the date of purchase).
eLearnSecurity provides 7 days ( to perform penetration test ) + 7 days ( for report preparation ) = Total 14 days. which ideally would be sufficient to accomplish the exam.
My eCPPT Journey & Experience
Actually, eCPPT v2 exam gave me mixed feelings. Yes, It was amazing. also, It was frustrating at some point during the exam. I wish give just 2 suggestions for those who are about to take this exam .
Don’t Overthink ! Just Keep It Simple !
During the preparation, I was not subscribed the PTP course. So, I was relying on other resources like TryHackMe, HackTheBox, & The Cyber Mentor’s free course on YouTube. Also, the experience I gained from eJPT exam helped me a lot,.
I could not pass the eCPPTv2 in the first attempt. I achieved it in Re-Take attempt only ( eLearnSecurity offers a Free Re-Take for eCPPT ).
During the First eCPPTv2 attempt, I consumed the whole 7 days for penetration test and 5 days for report preparation. I wasn’t fulfilled certain criteria. Hence, I couldn’t obtain the certification.
Once the examiner corrects your report, You will get their feedback. In which , they clearly mention the area you have to focus, in order to pass the exam.
Then you would be having an idea , what you are up against?
Metasploit Usage?
You are allowed to use any tool during the exam (unlike OSCP) including metasploit.
But, Throughout the exam, I was not used Metasploit much. I was quite comfortable with manual exploitation & also I succeeded in that.
People who took eCPPTv2 before, confirmed that Metasploit might not be helping you to obtain certain things. Hence, being familiar with manual exploitation would be a great advantage during eCPPTv2 exam.
Pivoting Helps a lot !!!
Another major difference between eCPPTv2 and other exams is, Pivoting.
Pivoting — is the concept of making lateral movement to the other systems in the target network through the compromised system .
I used tools Chisel & Proxychains for pivoting.
TryHackMe room Wreath helped me to learn pivoting comprehensively. It is recommended to learn multiple pivoting tools & techniques through the room Wreath so that, you may use the tool you are comfortable with.
Refer the below blogs too for Pivoting :
Exploit Developement & Buffer Overflow
Buffer Overflow & Exploit developement is very crucial to crack eCPPTv2. Fortunately, you have two options 1) PTP course (Paid) 2) The Cyber Mentor’s Buffer overflow series (Free).
I opted the TCM’s Buffer Overflow video as it is simple, easy, & also beginner friendly.
Prerequisite : Make sure you keep a Windows 7 or 10 VM ready.
Other resources to practice Buffer Overflow :
- https://tryhackme.com/room/brainstorm
- https://tryhackme.com/room/brainpan
- John Hammond’s Buffer Overflow Video : https://www.youtube.com/watch?v=yJF0YPd8lDw
Practice with TryHackMe & HackTheBox Machines
I recommend taking the basic CTF exercises of tryhackme (like VulnNet: Internal) & hackthebox. Which would really be helpful during the exam.
Don’t leave any stone unturned as it might be having valuable information behind.Remember, Enumeration and Post Exploitation are very important !
Report Writing
Report Writing is the final & vital phase of eCPPTv2 exam , or any penetration test you perform. Don’t forget the requirements mentioned in the Scope of Engagement.
Examiner will decide your result only by witnessing your report. So, Ensure you are adding all your findings & constructing it in professional penetration test report format.
I prepared penetration test report on google docs & I referred the The Cyber Mentor’s Model pentest report.
eLearnSecurity offeres a whole week to prepare the report alone. so, allocate some time during the penetration test itself (first 7 days ) for taking the screenshots. so, you may use those later while prepating report.
Attach the necerssary screenshots in the report rather than explaining it in sentence. Pictures speak louder than words !.
Documenting each and every exploitation step along with vulnerabilities in report would be an added advantage. It is recommended to mention the tools & commands used in each stage.
What you get in Re-Take ?
In Second attempt , You will get only 7 days for both penetration testing and report preparation. So, read through the examiner feedback and prepare the report accordingly.
Don’t Panic, Don’t Overthink, Just Keep It Simple! You will get through !
Subscribe My YouTube Channel Perumal Jegan to watch the eCPPTv2 review and many more cyber security contents !!!
Feel free to reach me in case of queries regarding this blog!
LinkedIn : https://www.linkedin.com/in/perumal-jeganatharavi-a890121b2/
Twitter : https://twitter.com/realperumalj
Website : https://perumaljegan.com/
YouTube Channel : https://www.youtube.com/c/PerumalJegan