So it finally happened. The moment we were all waiting for, the global rollout of EC-Councils ECSA/LPT workshop at the Techno Security Conference.

The class was filled with around 30 people from different parts of the US and the world. From what I could gather, titles ranged from security/network administrators/specialists, up to the 'C' people (and then of course there was me ).

On the first day of the workshop (2 days, which really only ended up being about a day and a half) Sanjay Bavisi, EC-Council President, gave out some information about the course and how the LPT is EC-Councils top certification. He also mentioned that by gaining the LPT and required certifications (CEH & ECSA) you could apply those as credits towards the EC-Council Masters of Security Science degree from EC-Council University. Now before you ask, here's the deal with the Univ. They are licensed in the state of New Mexico (licensing takes 2 years). They are on the way to becoming an accredited university, which will take another 3 years. They currently show 2 Masters (I think) programs on their website, but will also offer a 4 year Bachelors program as well.

After that, he let the course begin! The instructor for our 2-day workshop was Mr. Larry Detar from Clifton Gunderson Technology Solutions out of Arizona. Let me tell you this, this man was definitely the reason that this course was successful. His wealth of knowledge in regards to the entire penetration testing process was absolutely incredible. I really felt like I was sitting in there listening to an expert who knows exactly what he's doing. I can't say enough good things about Mr. Detar and I would highly recommend anyone with an opportunity to speak with him or take a class taught by him to do so.

After the first day of class we were able to get through about the first 8 modules or so. With 35 of them, I wasn't sure that we'd be able to get through the rest the next day (and at this point, I still hadn't read through all of the courseware). Day 2 started out with 'Log Analysis' which was a little boring, but quick. We flew through to module 12 or so and at that point skipped the majority of the remaining modules due to already talking about most of them in previous discussions and because of our time limits (we had several people with earlier flights). Module 35 is not in the courseware (I believe it was titled 'Ethics of an LPT'). In this module, they just have a few slides to review that as an LPT you are expected to be honest, always give your client a good test, and so forth.

After getting done with all of the modules, we had about an hour review session. We went through a bunch of questions and answers and the instructor also explained why the answers were what they were. And then... the test began

The test is (currently) 50 questions, with a 2 hour time limit (which is probably much more than enough) and requires a 70% to pass (35/50). Now, because this is still a new course combining the ECSA/LPT, keep in mind that the LPT did not have a test before. So what does this tell us? Well, if you look closely at the modules list on the EC-Council website, they only go into detail for the first 10 modules or so. If you have the courseware, you can see that the first 10 modules say 'ECSA' at the beginning, where the modules past that say 'LPT.' I picked up on this when I first got the courseware, but it was re-inforced when someone else in class had brought it up to the instructor and he had her stand up and tell the whole class what she found

So, the tip is that (currently, and I stress this because they will change it in the future; probably Jan. 2008) the test covers modules 1-10, significantly decreasing the amount of information to focus on for the exam. I've seen many people say that the exam is not too hard, and that it is easier than the CEH. Well, maybe. The only difference that I saw from the CEH was that there were only 50 questions. The types of questions asked were very similar. If you've taken the CEH recently, or have at least read the CEHv5 courseware, you shouldn't have too much of a problem with this exam.

As I mentioned above, you have plenty of time to do the test. I think I finished my 'initial' run through in about 30 minutes. In under an hour, I had time to go back through the entire test twice, and also go back through all of my marked answers 2 more times in addition. After getting through my first run, I checked my marked answers and had 16. I went back through and made my best guess on most of them, but there were 4 questions that I absolutely did not know and left marked. At this point I was a little nervous because if I were to get those 16 wrong, and even if I got all of the others correct I still would not have passed. So I went through the entire test again and any question that I did not know the answer to 100%, I marked. I ended up with about 15 questions or so again. At this point, I knew that I had at least the 35 correct because I knew those answers were right 100%. I was fairly certain that I had some of those 15 right. And at this point it was time to submit the test, still with about 1:10 time remaining. So.. click 'End Test' ... awesome, 44/50 for an 88%

Once you've passed the ECSA (and assuming you also passed the CEH) you are eligible to receive the LPT. To get your LPT certification, you must fill out the application from EC-Council, submit a letter stating your career intentions with the LPT, submit a letter of recommendation, submit your CEH/ECSA certificates and test scores, submit a recent resume and also a police background clearance letter. Ship all that off to EC-Council with a $500 USD payment and await your response.

All in all, it was a great course with an excellent instructor. I had a good time and learned a lot of information in that short period of time. I hope everyone that wants to pursue this certification track does so and enjoys it just as much. Hopefully I provided some good information for everyone here and if anyone has any other questions on something I may have left out/missed, feel free to reply and let me know

Hey venom, according to EC-Council website http://www.eccouncil.org/lpt.htm one of the requirements for the LPT cert is to complete a LPT practical assigment:


Did you have to do this?

No problem. Any other questions that come up, just let me know

Oh very nice of you.

These website might help for CEH v.5
http://www.milw0rm.com/video/?start=30
http://www.milw0rm.com/links/
http://www.spywareinfo.com/~merijn/programs.php

Did you already receive your ECSA certificate? I thought we had to wait until we had it in order to send in the app.

BillV. Sorry I missed this question. I did have the printed version of the ECSA from the test I sent in. I did finally get the ECSA offical about 2-3 weeks later.

I was at the class as well, Big respect to Larry; he is the man of his word. I had the Opportunity to be trained by him at S.C in June 2007.

The group Pic is on this site http://www.eccouncil.org/pressroom/PIC-ECSA-LPT.swf - (I was talking to Larry on pic.13/22). Archtctfr and Billv you did not reveal yourself at the class.

I must admit in your post, you best summarised the entire event at the first ECSA\LPT training in Sc 2007. i will be nice for attendee to linkup and share more ideas. what do you say guys???

Barry.I
ccnp, mcsa, ccsa,ceh

Hey Barry,

Actually, I spoke to you a couple times at the conference I was also sitting at the same table as you, on the other side of Isaac - not to mention I kinda stuck out as the youngest person there

I'm not sure who Archtctfr is (and may want to remain anonymous).

I think this is a pretty good community/site to "linkup" at as you've suggested. There are a lot of great people here at this site and everyone is always open/willing to share ideas and so forth. Just feel free to login and post some more

Bill