eCPPT stands for eLearnSecurity Certified Professional Penetration Tester. Now, I’m very much a blue teamer, but the purpose for me to pursue this certification was to learn attackers’ tactics and techniques. I wanted to be able to more quickly identify an attacker in an environment and also understand the attacker’s next step.
I didn’t pursue the OSCP because of the time restrictions for the exam. For the OSCP you get 24 hours for the lab and 24 hours for the report. One of the appeals of the eCPPT is you get 7 days for the lab and 7 days for the report. Since I’m not considering this certification as a career path, I thought the eCPPT is better for learning and testing. I wanted to be challenged but not stressed out over it. I will only give a brief overview of the course but I mostly want to focus on what I did to prepare for the exam and my thoughts about it afterward.
eLearnSecurity material consists of slides, videos, and lab work. The material covers everything from vulnerability assessments of networks/web applications to exploit development. It gives you a little bit of everything you need to get a basic idea of how a pentest would operate. One of the big differences between the OSCP and eCPPT exams (besides the time allowed) is that the eCPPT exam consists of a real network which is segmented, so you’ll have to understand how to pivot.
With all that being said, I’ll admit I barely went through the slides and only really focused on three or four labs. Most of the material is given in slides and isn’t conducive to learning something. Also, the labs were confusing, old, and sometimes just had problems working correctly. I gave up on them very early on. I faced these issues when I took the eCTHP previously, but that was the first version, and I was hoping that since this material went through several revisions, things would be better… I was wrong.
I did what I did previously for the eCTHP and used outside material to practice. One of the biggest assets I used for this exam was TryHackMe. I spent most of my time working through the offensive security path they have. They even have a section for buffer overflow where you have 10 labs to practice. I went from 2 hours for the first walk-through to 20 – 30 minutes by the end of the room. I felt like you get a great understanding of the steps needed for identifying and exploiting a buffer overflow.
At the time, I hadn’t done much pivoting, but luckily, TryHackeMe came out with a room called “Wreath” that was all about pivoting from one machine to another. I was very comfortable pivoting with chisel in this room. Going through the offensive path and working through “Wreath” made me feel confident taking the eLearnSecurity exam. I went back to the eLearnSecurity labs and suddenly realized how metasploit heavy the material was. It actually worried me because I had only two weeks for the exam and I went from feeling confident to suddenly feeling unsure.
I worked through a couple of the labs that specifically talk about pivoting with a meterpreter shell. I repeated these over and over again until I felt comfortable with using metasploit and meterpreter exclusively. I found out there’s a ton of modules for Metasploit to do whatever you need from pivoting to enumerating and exploiting. After spending my last two weeks working in Metasploit I felt somewhat confident again about the exam.
Taking the exam: I felt like the exam was pretty straightforward, and I can’t say there were any surprises. At no point did I feel like I was playing a capture the flag event. Now, it was mentioned to me that maybe I was over-prepared for this exam, and that’s why I got the results I did. I spent about 11 hours a week for 3 months working on something for the exam. I also spent time reading peoples’ reviews and have to say there are a TON of hints before you even take the exam. I even had my payload I was going to use for the buffer overflow before taking the exam. I had to modify it only slightly, but I didn’t have to fight with anything. I know some people get hung up on the buffer overflow part for days, but the hints are out there. I spent about two and a half days going through the network, took a day off, and then used the rest of the time to write my report. So, in my case, I spent more time on my report than the actual lab.
My overall thoughts about the exam and material are a mixed bag for sure. I still struggle with the material. The slides, for me, are probably the worst way to learn. I enjoyed the videos that came along, but they were few and far between. The labs for me were confusing, and as I said, I only used three or four of them to practice pivoting with Metasploit. I believe there’s way better material out there like TryHackMe. There’s some real gems in some of the slides, but I found them first through other means (like watching ippsec videos) and only stumbled on them later while skimming the slides.
The exam was ok; I felt like the first box you’re intended to compromise was set up in a very lazy manner. I understand the reasoning behind it, but felt very amateurish. The material didn’t touch on report writing either and I spent more time doing that than the exam. Once again I was forced to ask discord and review other people’s examples. I believe that in the future if I decide to take another eLearnSecurity exam, I’ll just pay for the exam and not buy the material. I’d rather fail the exam and pay for another exam than try to work through labs and slides. The whole exam did push me to accomplish what I was looking to do, and that’s to understand the attackers’ tactics and techniques better. I have no regrets about setting out this goal and accomplishing it.
Editor: Emily Domedion