Reviewing the eCPPT exam

The exam is a 7-day test where you are engaged by a fictional company to perform a penetration test on its external and internal network containing numerous hosts with varying degrees of internal-communication.

by Johann Van Niekerk

Reviewing the eCPPT exam

Share

My review of the eCPPT course and the exam

Hi everyone!

So it has been a little over two weeks of being a 'Certified Professional Penetration Tester' from the INE course and I decided to spend a little bit of downtime with family before collecting my thoughts and writing out this review in hopes that you may gain some insight and understanding of the course as well as even some motivation to get it done yourself if you are following the path into pentesting!


Course Syllabus

System Security
- Architecture Fundamentals (Stack Frames and Security Implementation)
- Assembler Debuggers and Tool Arsenal (ASM, NASM, Compilers, Immunity Debugger)
- Buffer Overflows
- Shellcoding (Encoding and Debugging)
- Cryptography and Password Cracking (Cryptographic attacks, PrettyGoodPrivacy and Pitfalls)
- Malware

Network Security
- Information Gathering
- Scanning & Evasion
- Service Enumeration
- Sniffing & MiTM Attacks (Sniffing, Poisoning, ICMP Direct)
- Exploitation (Nessus, Bruteforcing, Metasploit, Client Side Exploitation, Remote Exploitation, Relay Attacks,)
- Post Exploitation (Privilege Escalation, Persistence, Evasion and Bypassing Firewalls & AV, Β Pivoting)
- Anonymity
- Social Engineering

Powershell for Exploitation
- Obfuscation
- Recon and Info Gathering
- Empire & C2 setups
- UAC Bypass
- Leveraging WMI and Persistence
- Leveraging Powershell for Exploitation, Post Exploitation and Lateral Movement

Linux Exploitation
- Remote & Local enumeration
- Remote Exploitation (various methods such as web, smb, java)
- Post Exploitation & Lateral Movement
- Privilege Escalation

Web App Security
- Same Origin, HTTP/s, Cookies
- Tools such as Burp Suite, ZAP and advanced methods
- Fingerprinting & Enumeration
- Local/Remote File Inclusion
- XSS
- SQL Injections (various databases)
- Session Hijacking and Fixation
- CSRF
- XXE

Wi-Fi Security
- Wireless Standards & Networks
- Discovery
- Traffic Analysis
- WEP cracking
- WPA Capture Attacks
- Rogue Access Points

Metasploit & Ruby
- Control Structures
- Methods, Variables, Scope
- Classes, Modules, Exceptions
- Input/Output
- Packet Sniffing
- Exploitation with Ruby
- Write Custom Metasploit Modules


Before we dive into what might be a recommendation for the course; Initially let's tackle the background that may be required:

I will list the background that I came from but I don't believe this was necessary as the course is fairly self-sufficient albeit practice is required: Prior to eCPPT, I have been eJPT certified and I have roughly 4 or so minor certifications through TryHackMe indicating course completion: Jr Penetration Tester, Offensive Pentesting, Comptia Pentest+ and Web Fundamentals.

Prior to sitting the eCPPT, I went through those courses however I would say that the eCPPT course materials and labs itself was very much on par and sufficient for the exam. I do not believe the additional courses completed would be necessary for someone prior to starting eCPPT but I do believe that practice of topics is recommended and unfortunately there are external places that provide better practice and teaching materials on certain topics that I will discuss below.

My Thoughts

The exam is a 7-day test where you are engaged by a fictional company to perform a penetration test on its external and internal network containing numerous hosts with varying degrees of internal-communication. The engagement was a black box engagement whereby you only know what a real threat would know (In this case, you don't know the network layout, only the public facing IP address). Through reconnaissance and technical enumeration & exploitation, the fictional company wants to see what a simulated threat can uncover, the security risk involved for the company and the remediation steps in order to patch & improve their security.

The exam was great. I had a great time while sitting the exam and exploring various methods to break it apart. The benefit with the eCPPT exam structure is that there was sufficient time to have a really in-depth look into the network that was provided to you and then to actively look for various vulnerabilities, data leakage, and various exploits. The exam required you to uncover the network/s yourself through discovery and to simulate the potential of a real threat actor.

The exam is not a capture-the-flag goal whereby you complete the task by finding a text file through some exploit and then know you are finished with the objective. This was a little different as you needed to break the same network machines multiple times to provide a comprehensive report to a fictional client.

This report is required to communicate to at least two different levels of personnel;

Furthermore, the report required all vulnerabilities discovered but also to recommend remediation steps which requires you to understand the vulnerability and how to fix it.

The exam felt real and felt like an investigation that made it exciting. The time crunch was there but it was there to signal an end to the engagement and not there to slip you up.

What I liked about this setup was that the simulation and the exam itself was geared towards what a smaller enterprise would realistically be setup like. The exploits themselves were not a needle-in-the-haystack hunt but what you could expect for a company where security is second or third to functionality and ease-of-use. This type of exam reminded me of my own experiences within a corporation and colleagues who are actively wanting to make their jobs easier but the security mindset is in the background or completely absent.

The exam was fun and it had its scary moments but I learned a great deal from sitting this test. You will also find great benefit in this course as it really encouraged me to develop my methodology as well as my report writing; Not the most fun things in comparison however the report is the reason you are consulted so it needs to be carefully curated and useful to the client.

Recommendations

The below is a list of content that I utilise myself and I have found enormously useful for my own development. Not all of it is required for eCPPT alone however I would recommend these sources as part of your own development for beyond eCPPT.

As mentioned; there are some external resources that either explain or provide better practice for topics than the course does.

For that reason, the following would be recommendations for eCPPT specifically:

Note: While I did not do the eWAPT course prior to eCPPT myself; I am however currently going over this course while I am waiting for my OSCP to begin and from the course material so far I would recommend eWAPT to be completed prior to eCPPT if possible due to the content being great but also the guide to report writing being within this course. (Wish I had looked into this content before I did eCPPT myself as the report was difficult without prior experience at it)

I found the following content incredibly helpful for improving in my journey:

Exam Tips

A few tips to help with your journey. Nothing discussed within this review will give content away that hasn't been previously provided by eLearning themselves but these tips may prove useful to you when you decide to sit your exam.

Final Word

That's all folks! The exam was great and has setup a great outlook on what I am going to be doing next. From doing the course work and sitting the exam; my personal notes has expanded and improved immeasurably. With each topic we can know a little more than we did yesterday. Onward to the next big thing and hopefully this may have inspired you to tackle this certifications yourself as the course is fairly complete with its content so you will know what you need to practice and improve upon!