Hey techies!! The journey from knowing nothing in penetration testing to taking down eCPPT has been an amazing encounter. A hands-on certification that includes phases from enumeration to exploiting vulnerabilities and gaining root access. Throughout this journey, you will surely experience mixed emotions which will eventually nurture your skills and help level up.
Many people have been asking me to share my opinions and the preparation process to achieve eCPPT certification. Here are my two cents on the exam. In this blog, I will be sharing my strategies and some unique methods which helped me push through hurdles and attain the certification.
elearnSecurity is well known for its structured courses and helps beginners easily understand the concepts. The premium subscription to INE includes the PDFs and video materials that guide the candidates in a better way. The course consists of different modules such as System and Network Security, Powershell for pentesters, Linux exploitation, Web application, and Wifi security, and Metasploit and Ruby exploitation. All these modules consist of various lab scenarios about the topics.
I have purchased the Premium subscription from INE and successfully achieved the certification.
Before preparing for eCPPT I had completed the Offensive Security path and Web Fundamentals from Tryhackme and have few months of web application security experience which was a huge plus. I’d highly recommend going through the offensive security path before diving into eCPPT. The course instructor Fabrizio Siciliano had organized the material in a well-structured manner.
To my enthusiasm, I immediately started learning the material starting with system security. Honestly, it was too much information, so I eventually skipped that section and focused on other modules. For the next 2 months, I had been continuously working on PDFs and labs from different modules while simultaneously taking notes in notion. I Enjoyed the pivoting lab’s scenarios and using various Metasploit modules. Sometimes I had to do the labs multiple times to grasp the content and understand the flow. The course has everything you need to achieve the certification.
I Started my exam around 7 pm and began enumerating the environment. I took screenshots of all the interesting things found while enumerating. After few hours I was able to successfully gain root access to the first machine in multiple ways. Back to sleep around 3 am.
Started at 11 am and kept enumerating. I had successfully identified the vulnerability but kept failing continuously in exploiting it. Took a break and got back, again a dead end.
With a fresh mind kept debugging my methodology and found my mistake. At that point, I was livid with myself and disappointed at how silly I was. I had successfully rooted three machines by the end of the day.
Was a lazy bum. Dint work on the exam as the deadline was far away.
Spent an entire day completing a machine which was a bit tricky and required thinking out of the box( loved this part of the exam). Successfully rooted the fourth machine by evening.
I knew 90% of the exam was done, just one more machine to hack into. After loads of enumeration, I had finally rooted the last machine and hacked them all.
Carefully checked all the screenshots and drafted the report in the next two days. After two weeks, I received this fancy cert
Exam tips -
- Pivoting, Pivoting, Pivoting everywhere!! A good understanding of this concept is a must.
- Think out of the box. Debugging your methodology is a huge plus
- The exam doesn’t take 7 days. Prepare well in advance and get good rest.
- Much of the learning was during the exam. It’s okay to refer back to the materials.
- As this is a real-life pen testing exam, report all the vulnerabilities identified and take tons of screenshots when required.
- Enumeration is the key.
I enjoyed giving this cert. As this was my first hands-on pentest exam, I was a bit nervous and anxious. But eventually got back up. Overall it was an amazing experience right from learning the material to cracking down on the certification. I’d highly recommend this cert for beginners trying to get into Information security.
I’m looking forward to getting into the elearnSecurity Web Application Penetration Tester Extreme (eWPTX) exam and I hope this will be a challenging one and loads of learning. A huge shoutout to my mentors Joe Helle and Heath Adams for always encouraging and pushing me through this journey. Feeling Grateful.
If you guys enjoyed the blog a clap would mean so much to me. It keeps me motivated to post more content on Twitter and in blogs.
Hope this write-up was helpful. Collaboration and networking are something that I always enjoy. Let’s connect
Happy hacking !!!
If you have reached this far, thank you for reading this article. Kindly feel free to point out any mistakes and do let me know where I can improve in writing and explaining in detail. Appreciate it!!. All the best. God bless.