eCPPT Gold Certification

[xXxKrisxXx]

Armando announced today on LinkedIn that tomorrow will be the launch of their eCPPT Gold Certification. eLearnSecurity Subscribers can expect an e-mail in their Inbox tomorrow. More information still to come and will be posted here by myself, Armando, or another EH.NET member.

[m0wgli]

Definitely a positive development for the cert: eCPPT Gold Certification 

[H1t M0nk3y]

Once valid credentials have been provided for the certification platform, the candidate will be able to perform the tests from the comfort of their home or office. An Internet connection and VPN software is necessary to carry out the exam

I have seen this set up somewhere else...

eLearnSecurity's eCPPT Gold is the only certification for Penetration testers that evaluates your abilities at attacking your target and providing thorough professional documentation and recommendation.

Come on! Offensive Security has been doing it for years now...

I think this is a very good thing that eCPPT is migrating to this exam set up. However, they really are copying OS idea, so they shouldn't act as if they are the only one doing it...

[xXxKrisxXx]

"All ECPPT Silver professionals and ALL students with a valid Silver voucher (non expired, not failed in their last attempt) will be given a FREE Gold voucher. (commercial value of the voucher : $400)" Armando mentioned on LinkedIn.

[Armando]

Once valid credentials have been provided for the certification platform, the candidate will be able to perform the tests from the comfort of their home or office. An Internet connection and VPN software is necessary to carry out the exam

I have seen this set up somewhere else...

Yep. Ferrari's have 4 wheels. I've seen that somewhere else...

eLearnSecurity's eCPPT Gold is the only certification for Penetration testers that evaluates your abilities at attacking your target and providing thorough professional documentation and recommendation.

Come on! Offensive Security has been doing it for years now...

I think this is a very good thing that eCPPT is migrating to this exam set up. However, they really are copying OS idea, so they shouldn't act as if they are the only one doing it...

We are the only one doing a real *pentest* as exam. If you don't get the difference between pentest and hacking, try smarter (harder was trademarked).

[Armando]

Hello all
Thanks to all for the interest in our new Gold certification.  

It has been a long hard work to come up with a challenging scenario covering all main aspects of a modern pentest: web app + network + exploit development.

We believe you will love the challenge and the certification.

We have already notified our ECPPT Silver certified professionals who got a free voucher.

Tomorrow we will also give a FREE voucher to all the students of Professional v2 course with an active Silver voucher.

Starting from today we will also accept anyone wanting to attempt the certification exam without enrolling in our Professional training course.

This is our first step towards a complex certification development (and re-design) that will lead us to obtaining ISO 17024 in the near future.

Glad to answer any question you may have here.  

[YuckTheFankees]

"We are the only one doing a real *pentest* as exam. If you don't get the difference between pentest and hacking, try smarter (harder was trademarked)."

I'm confused by this comment? How is the OSCP exam not a real "pentest" exam?

[H1t M0nk3y]

@Armando: I have obviously offended you and I appologize for this. I re-read my post and it was indeed quite insulting. So I am sorry about this.

I think you are doing a great job on your end and I am seriously considering practicing in your lab. As you know, both Offensive Security and eLearnSecurity are receiving good comments on this site. I just felt you were not the only one doing this...

We are the only one doing a real *pentest* as exam. If you don't get the difference between pentest and hacking, try smarter (harder was trademarked).

So, could you elaborate more on the differences between the two?

Thanks and again, sorry about that, my post was really insulting for you...

[Armando]

@H1t Absolutely not offended. I reacted in a sarcastic way but let me elaborate more on this because I think it's an interesting point that goes beyond our product or our certification.

In order to explain my point I'd use a question:
"What is your client expecting from you when he pays for your pentesting services?"

That you simply get root?
OR maybe...that you find ALL of the vulns, exploit them, give an impact, hand out a professional report?

This is my difference between Hacking and Pentesting.
Pentesting is much much more difficult because it involves getting root and much more.

Don't get me wrong. Last time in a webinar I was the one saying hacking is beautiful and can tell you there were some people in the audience sneezing or getting irritated. *I love hacking*

BUT with our certification we are attempting to bring our students from *just* Hacking to Professional penetration tester.

So :
1) You have to find all vulns
2) You have to build your own exploit *to get root*
3) You have to report it professionally

In our ECPPT exam you do ALL of the above 3 steps :
1) Against a real world scenario of a corporate network (with routed workstations, servers, firewalls...)
2) in VPN

So as you can see getting root is part of the game but not just that.

Having that said, Hera is the place where we will conduct the exam and it's an environment where you get entirely routed complex networks ONLY for you spawned in seconds. It's real unique stuff.

Now I think I clarified my point and, at some extent, you will probably agree with me.

I apologize if I sounded too sarcastic.
I'm a nice guy usually 

P.S. This in no way intends to be a comparison between what others do and what we do. It's simply what we do. Kudos to any company bringing quality on the table.

[Armando]

"We are the only one doing a real *pentest* as exam. If you don't get the difference between pentest and hacking, try smarter (harder was trademarked)."

I'm confused by this comment? How is the OSCP exam not a real "pentest" exam?

We've got a nice chat with Yuck, and you can find my clarification above.

[H1t M0nk3y]

Thanks for the clarifications Armando! It looks interesting!!

So no hard feelings! 

[esojzuir]

Armando:

Hope this message finds you well! I was checking the gold cert and it says that the engagement will include web apps to be tested (I imagine both manually and with other tools or Nessus) - My question is Do you recommend getting back to Coliseum and Hack.me to practice or Hera will provide the full experience of what I should encounter during the test?

Thanks in advance,

Jose

[JohnE]

Hi Armando

With the exam, what is the timeframe, how long do you have to do it?

I know with OSCP you have 24 hours to do the penetration, then another 24 hours to submit the report.

Good to see another test that really tests skill, not just memory.

JohnE

[lorddicranius]

With the exam, what is the timeframe, how long do you have to do it?

7 days to pentest, 7 days to prep your report.
Source: http://www.elearnsecurity.com/certification/ecppt-gold/process.php

[Armando]

Armando:

My question is Do you recommend getting back to Coliseum and Hack.me to practice or Hera will provide the full experience of what I should encounter during the test?

Unless you are a good pentester already, I advise you to practice both in Coliseum (Web App) and Hera (Network/System).
Manual testing skills for both Web App and exploit dev are necessary.

You can also practice on Hack.me for free if you already possess the fundamental web app testing skills.

Hope this helps