Hello coding_fury,

Welcome to EthicalHacker.net. After checking out that page, it mainly seems like they're just trying to recommend/sell their course. Being a PTP alumni, I can confirm the course is legit.

You can definitely get the exam completed if you put in that many hours per week studying. You could even start practicing on the exam prior to officially starting your time to pen-test it (meaning you'll be given your exam target with eLS PTP credentials, and details on what needs to be done).

Kris

Hi aweSEC -

When I took v2 of the course, from the time I received the material to the time I finished it and took the certification examination, it was about 1 week. The v2 material contained a lab guide around 400 pages (there were some blank pages) and the video demonstrations were around 2 - 3 hours. I'll admit I'm guilty of not going through all of the exercises in the lab guide. Some of the material I skimmed. It starts out and introduces you to wifi and the material seemed bland but relevant to what you'd need to know.

The main material and exercises consist of analyzing pcap dumps and getting underneath the hood to see what's going on. You'll be analyzing with Wireshark. A lot of my time was spent going through the videos and practicing breaking into my own AP because that's what the exam was based around.

If I had to guess on the v3 material I would estimate a lab guide a little bit longer and the demonstration videos to be around 3 - 4 hours. You should be able to run through the course pretty quickly. 

Hi monkeydust !

Good to see you left the, 'guest' status and became a registered member! (:

Hi MrTuxracer,

Excellent to hear you enrolled. Your going to have a blast! If you run into a bind, don't forget about their forum for students. Plus were here to help on our end. There is a few of us here who have taken either the student or pro course with eLS so never hesitate!

Until I reach the level of masochist is the only time I'll be fully prepped to enroll in CTP. It's definitely on my list of, 'To do things in 2012'. I just need to go back through the PWB material and knock out the BoF extra miles and prep on Exploit-DB before officially going in.

Goodluck on your journey, may the force be with you! 

Hi AMP,

Welcome to the forums! This is a professional forum and worrying about anyone flaming you for asking for help doesn't happen here.

Your question asked is actually the most common question we get here and we have no problem helping out. Your post was just a tad vague in what your wanting, but I'm assuming your wanting to learn where to start to eventually land a job doing Ethical Hacking.

A good thread to start with the subject would be here. There are lots of solid links on the thread that will help you out (:

Happy new year!
Kris

Hi MrTuxracer,

The SMFE course I think is barely starting. I don't think there are any reviews on it currently. I did hear Vivek mention in his SMFE video that he planned on rolling out a Metasploit book early 2012. It's going to be great and accommodate the course well.

I went for the eCPPT after OSCP, but I agree on attempting it before the OSCP course. I plan on taking CTP eventually here but to be honest, the reviews on it, and how much it is hyped up I don't know if I'm ready for it. They make it out like you have to be an Exploitation guru and require you to pass their http://fc4.me/ challenge before even signing up. The course looks intimidating to me, filled with tons of pain, but with the cert your guaranteed respect by any serious InfoSec peers.

If you replicated a buffer overflow example, your well on your way for Pentesting with BackTrack. I was going to mention you could either do CEH or eCPPT in any order but didn't want to bash CEH too hard like I have been guilty for doing in the past. Its' very HR relevant, and taking it before the eCPPT may help you even more in the PTP Pro course. What I enjoyed about eLearnSecurity's course was not only the amount of time they give you to go through all of the material in the class, but the solid material on the Web App module which will get you prepared for the eCPPT exam.

Hi MrTuxracer,

Welcome to the forums. Great background! Your experience in programming will help you out big time. Looks like a solid track you've set up for yourself, but with you having the fundamentals under your belt, I would say its time to go out there and have at it. VMware is great for practice! Setup some vulnerable VMs, get some vulnerable software, and hack away.

Having taken the eCPPT Pro and OSCP courses, I can tell your going to learn a good amount. Plus with the practical exams versus written, after you earn the certifications, they'll look better to employers (although I haven't seen the eCPPT recognized yet by HR. OSCP/E is getting its recognition barely, and CEH they love to see - thoughthe exam is written). Be sure when you sign up for the eCPPT course, you obtain the 5% voucher offered for EH-NET members, which could be redeemed here.

There are several of us here who pay out of pocket for our training. Sounds like were all in the same boat in relating to getting the best training for buck. Although not initially mentioned, alternate positive resources at affordable prices are:

Hacking Dojo

Strategic Security - which I believe was previously LearnSecurityOnline

SecurityTube

I think you've picked a solid route to take and your in for a fun ride (especially by the time you get to taking Cracking the Perimeter). Were all here to help along the way. For future references if you want to go the route of practicing in your own lab, below are a few links that will help out:

Virtual Images of Windows XP, Vista, and 7 - Compatible with Virtual PC
http://www.microsoft.com/download/en/details.aspx?id=11575

VMware's Virtual Appliance Marketplace - Containing Windows 2003 & Various Linux Distros
http://www.vmware.com/appliances/

Vulnerable Web Applications for Learning
https://securitythoughts.wordpress.com/2010/03/22/vulnerable-web-applications-for-learning/

OldApps - Find older software to practice exploitation on
http://www.oldapps.com/

Vulnerable by Design - Links to tons of vulnerable VMs, Web Apps, War Games & More
http://g0tmi1k.blogspot.com/2011/03/vulnerable-by-design.html

You may want to look into these:
CEH Certified Ethical Hacker All-in-One Exam Guide

Official Certified Ethical Hacker Review Guide: For Version 7.1 - Publish Date: January 27, 2012

Hello uid0,

Welcome aboard ! The exam is pretty hardcore I thought but if you understand all the concepts enough and practice in the VPN labs, you should be able to get a passing score. It sounds like you have solid linux and networking experience, but PWB is a highly Offensive Attacking course. How are you pen testing skills? Have you used Metasploit, are you familiar with nmap, do you know how to perform Web App attacks, privilege escalation? Though the course will teach most of these, it's best to have experience doing/using these prior to walking in just to make sure your comfortable. What I listed off was of course a minor subset of the topics you'll cover.

I would even say just practicing as much as you can that is inside the PWB syllabus with VMs for a little bit would help you out. Lab time is so precious in the course. Being unfamiliar with some tools may take away from lab time when your having to research them. I would highly recommend going with the 90 days lab access just to make sure your fully prepped for the examination.

You don't need to be a good coder but even understanding the basics helps out. Dynamik's link is great to get you started with python, there's also this useful thread. Another great resource for you would be the OSCP Section here on the forum. This is great because there's 4 pages of information of folks who have taken the course, are getting ready for it, and have wanted similar suggestions like yourself. Here is my PWB v3 Review - I think it's a great read because I listed off some of my background prior to going in. Cd1zz's Review is also great.

Ultimately my main advice is although you fit the pre-reqs, I would get well familiar with the syllabus before officially signing up. Setup your own lab and practice in it! Learn some python. Purchase the 90 days just be make sure you'll be well prepped, and prepare for some pain (:

Merry Christmas Don! (: Good to be with you all for another year! 

This actually happened to a mother of a friend I know and their computer got messed up pretty bad. It's great to see you were visiting for the holidays - they may of possibly went through with it if there wasn't a techie around. Seems social engineering is far from going anywhere! Your story made me recall a phone call to my mom where the person just flat-out asked for her credit card for them to continue through with some order she purchased. This of course was awhile back and she ended up hanging up the phone, but it makes you wonder how many people actually fall for these types of calls. Happy holidays, thanks for the share.

Hey Jamie -

I didn't upgrade yet I was holding off until I received some review of the material and how it compares with v2. What were the prime differences? When I was going through the WiFu Demo, I noticed it wasn't Muts' voice - Did they split the course work up into 2 people demo'ing the course?

Hello Abmart - You actually posted a similar thread a few days ago and received responses from us here. If we can clarify anything for you or help out anymore, please let us know. I think the CEH would be a good place to start, however I would highly recommend eLearnSecurity's Penetration Tester Pro course. It will get you introduced to a lot of topics and to pass the certification examination, you'll actually have to prove that you can hack and write a report. You could walk out of the CEH course not knowing how to pop-boxes. I've also heard your course experience will vary depending on which CEH instructors you get, but if you decide to go with eLS, as an EH-NET member, your entitled to a 5% discount.

Hello exeglitch,

I would highly recommend the Alfa AWUS036H card. I have been using it for a couple years now and it's great. It is also one of the cards the Offensive Security WiFu recommends.

Hi Exeglitch,

Welcome to the site! I used to think the same thing when I was introduced to XSS. I would say it all depends on how much you can leverage it. XSS can be used to do a whole lot, such as redirecting a users browser to a malicious URL (to inject client-side attacks, steal cookies, etc) and a lot more.

A good tool that proves how wicked leveraging Javascript on a victims can be is The Browser Exploitation Framework from http://www.bindshell.net/tools/beef.html.

Below are a few helpful links that could help you understand it further:

Hacker Uses XSS & Google Streetview Data to Determine Physical Location

vbSEO - From XSS to Reverse PHP Shell

Browser Exploitation with BeEF

Web Hacking - XSS Part 1
Web Hacking - XSS Part 2