[Article]-Review: eLearnSecurity’s Penetration Testing Pro (PTP)

This topic contains 48 replies, has 21 voices, and was last updated by  Don Donzal 1 week ago.

  • Author
    Posts
  • #4985
     Don Donzal 
    Keymaster

    Welcome to the Official First Article of our newest columnist, Jason Haddix. Glad to add you to the family. Thanks and I look forward to a bright future.

    Permanent: [Article]-Review: eLearnSecurity’s Penetration Testing Pro (PTP)

    eLearnSecurity’s Penetration Testing Pro – What CEH Should Have Been

    Recently the web has been abuzz with pentest training options. The CEH received new life as it was added to  DoD Directive 8570 as well as revamped its courseware in version 6.0, Offensive Security rolled out their version 3.0 of “Pentesting With BackTrack,” and it seems like new training options are coming out almost every day in the field. That being said, I have been lucky enough to receive an advanced copy of the flagship course by eLearnSecurity, Penetration Testing Pro (PTP).

    PTP is a three section presentation and video course authored by Armando Romeo (admin of hackerscenter.com), Brett D. Arion, Nitin Kumar, and Vipin Kumar. It has an optional certification component called the Certified Professional Penetration Tester or eCPPT for short. The target audience for the course is security engineers or penetration testers in the 0-3 year experience range. The course divides penetration testing into three categories: System Security, Network Security, and Web Application Security. Let’s take a look at each.

    As with any other article or column, please send us your feedback by replying to this thread. Also feel free to suggest any other reviews you’d like Jason to do.

    Don

    • This topic was modified 1 week ago by  Don Donzal.
  • #31469
     Xen 
    Participant

    Excellent! I’m currently going through their demo SQL Injection module and have been greatly impressed by it. Also, how does it compare to PWB and SANS Sec 504 ( I guess Jason has done both of them)? Did you take the certification exam?

    Additionally, I’ve the 20% discount code for eLearnsecurity’s Penetration Testing Pro. I won’t be using and it’s valid until 30th April. I am willing to give it to some EH member. Contact me if you want. With the coupon the training cost is just $388.

  • #31470
     What90 
    Participant

    Great review Jason, it really helps understand who this is focused towards and what they can get out of it!

    I’d love to hear about the web application stand alone course, once it’s ready for the general public of course;-)

  • #31471
     BillV 
    Participant

    Great review, Jason 🙂 I personally haven’t had time to get much beyond the Systems Security section yet but it’s nice to know what is coming up.

    As mentioned in the article, Armando and his team is quick to update material and make any corrections as needed. I know there were a couple things I brought to his attention and he replied nearly immediately saying they’d be fixed. I definitely agree with the points made by Jason in his article and the eLearnSecurity group has created an excellent course.

    BillV

  • #31472
     Armando 
    Participant

    Thank you all.

    When you have a budget of approximately 0$ for marketing and promotion,
    the only way to be successful is to build something great.
    It seems we managed to do it.

    Your words will be our proof for the skeptics.
    So please, spread the word and be an eLS evangelist.

    Thank you very much

  • #31473
     Ketchup 
    Participant

    Jason, that’s a great review!  All of my questions were answered and then some.  Fantastic work.

    It seems like eLS is a great bargain and offers some great training.  It will definitely go on my list. 

  • #31474
     hayabusa 
    Participant

    Hey Jason. 

    Great review!  I’m pumped to look at this one now, too!  Question for you.  Dunno if you’ve done PWB yet, from Offensive…  If you HAVE, how does this compare to what muts and company have there?

    Obviously, PWB is pretty intensive (I’m preparing to start taking v3, in a couple of weeks), and I know from reading, the eLearnSecurity stuff is all online (no downloadable courseware, etc – assumably to keep it from being distributed, etc)  But wondering, as a comparison, how the two stack up. 

    Like I said, this looks promising, so I’ll likely go for this, when I am done with PWB.  Just looking for a feel on it, so I can guage my time AFTER PWB, for what and how I want to be doing.

    Thanks.

    Tim

  • #31475
     ethicalhack3r 
    Participant

    Congrats Jason. Great article!  🙂

  • #31476
     Armando 
    Participant

    @hayabusa You can sign up for a demo of our course, that is an (almost) full module on SQL Injection including 20 minutes of video training.
    Just enter your email on our home page and you will get a user and pass within 1 hour.

    Wanted to say that the introductory price ($485)
    will expire tomorrow April 30th at 12pm GMT. Regular price will be 449€ ($599)

    We really gifted this course that is worth at least three times the current price, but yeah! We will respect our first goal to make great training affordable! Even after the great reviews we are getting

  • #31477
     pizza1337 
    Participant

    good article, i am interested in “Web Application Security” part, because i am weak when it comes to web app, i only know little about xss.
    also interested in “Anonymity” part.
    also need to learn how to write shellcode, and exploits. i am script kiddie(but i understand the basics 🙂 )

    *thinks about summer job* 🙂

  • #31478
     hayabusa 
    Participant

    @armando wrote:

    @hayabusa You can sign up for a demo of our course, that is an (almost) full module on SQL Injection including 20 minutes of video training.
    Just enter your email on our home page and you will get a user and pass within 1 hour.

    Wanted to say that the introductory price ($485)
    will expire tomorrow April 30th at 12pm GMT. Regular price will be 449€ ($599)

    We really gifted this course that is worth at least three times the current price, but yeah! We will respect our first goal to make great training affordable! Even after the great reviews we are getting

    Thanks Armando.  Will register for the demo.  Appreciate the fact that your company is working to keep it real / affordable for everyone.  I won’t be able to register for the class at this time (budgetary issues), and won’t, until I’m done with PWB, so I’ll miss out on this discount, but I appreciate the concern and mention of expiration date.  ;D

  • #31479
     Armando 
    Participant

    Not because I wrote it  ;D. But I believe you won’t find any better coverage of web app testing in other courses.

    Check out our demo, it’s on web app testing or ask Jason  ;D

  • #31480
     morpheus063 
    Participant

    Congrats to Jason for the wonderful review and Hats off to Armando and his team – the course looks really promising 🙂 All the best to eLS team

  • #31481
     impelse 
    Participant

    Great review

  • #31482
     What90 
    Participant

    Hello Armando,

    Having taken the OSCP and GPEN, it’s a strain to convince the powers that be to let me on another similar pentest course, but they seems happy to let me take a run at targeted training.

    Do you have any time lines on the Web Application Security stand alone course being made available?

    From Jason comments and review, I’d guess this would be well worth taking to strengthen those web app skills 😉

  • #31483
     Armando 
    Participant

    Hello Chris,

    Having taken the OSCP and GPEN, it’s a strain to convince the powers that be to let me on another similar pentest course, but they seems happy to let me take a run at targeted training.

    Don’t believe we are similar to OSCP, honestly. Not saying we are better or worse. It’s just another (completely) different way of teaching things.

    Do you have any time lines on the Web Application Security stand alone course being made available?

    At now I’m not able to give you time lines. The Beginner version of our PTP course will be a never seen course and it is taking its time.
    However I believe the web app testing part of our current PTP course is quite a good amount of information!

    Check our demo to see your self, it is on Web app testing
    Btw Introductory price expires in 12 hours – Regular price will be 449€ ($599)

  • #31484
     What90 
    Participant

    Hello Armando,

    I really enjoyed reviewing the course demo on SQL injection, it is nicely put together, very clear and flows well. I think I learnt a couple of words in Italian too!

    I can believe your course is different to both SANS and Offensive Security’s offering, my trouble is pitching those differences to management so they can understand and sign off the training.

    My process is to do a brief summary of a course I’d like to take and note the key points of what I expect to learn and be able to use in my job after the training. Sadly, my boss is pretty astute and would notice the similarities of the course structures to the other two.

    The Web application security course is a much easier sell as it is a specialization and therefore more focused on providing particular skills. Plus it fits in with current buzz about web 2.0 the CIO likes to mention in meetings 🙂

    I’d love to take this course at some point, as I’m a firm believer in great training makes me excited about learning and understanding different approaches while still developing my knowledge and skills. Perhaps I’ll pitch it to someone else when my boss is next on leave for a month 😉

    I wish you and the team great success with the course as quality training such as this creates better security professionals and that’s no bad thing for the industry.

  • #31485
     Armando 
    Participant

    You make interesting points.
    I should create that document for you, to illustrate how we differ from other similar courses.

    For what concerns web application testing course I will make sure to have it out asap but just cannot guarantee any date  🙂

    I really appreciate your interest in our course, if you’ve entered your email on our site you will be notified of all the future releases (and eventually get discount copons as well).

  • #31486
     UNIX 
    Participant

    Thanks for your efforts Jason, nice review.

  • #31487
     impelse 
    Participant

    This is very interesting, You release a new training (call it basic or standard) and during the reviews and different conversations a new product had born for you, The Web Application Testing. You got a mine gold here, you did not need to pay marketing to discover it.

    Great.

    I have your training in my list. Takes some time when you pay with your own money.

  • #31488
     Armando 
    Participant

    @impelse  ;D
    Shhtt  :-X…Ec-council may be reading  8)

  • #31489
     Anquilas 
    Participant

    Thanks Jason, for once again writing an extremely useful review!

    And hat’s off @ eLS, getting that kind of praise right after going live, that’s gotta mean something!

    I do have a similar question as Hayabusa.
    I’m currently saving up for my first cert (although it will be a while), and obviously I am now confronted with the choice between OffSec’s PWB and this one.
    Jason: you did both of them I think. Any thoughts?

  • #31490
     SJF1978 
    Participant

    Hi Armando,

    I’m looking to purchase this course before the 31st deadline & beat the price increase. I just wanted to get the 5% also but no discount coupon has come through??? I’ve completed the CEH & OSCP courses so will look forward to this one also.

    thanks in advance

  • #31491
     Xen 
    Participant

    @sjf1978
    You just have to click the eLearnsecurity banner at EHNet and provide your email at their website to get your 5% discount coupon.

    eLearnsecurity has also come up with a subscription plan where you pay some monthly fee ($249+$200+$200) and you’ll get one domain each month.
    http://www.elearnsecurity.com/course/penetration_testing/subscription.php

  • #31492
     SJF1978 
    Participant

    I did and I got the mail saying the discount code will be in the next mail. But could’nt see one?

  • #31493
     Xen 
    Participant

    Try contacting Armando using their contact page http://www.elearnsecurity.com/contactus.php or contact him via twitter @elearnsecurity.

  • #31494
     Armando 
    Participant

    Hello
    Thanks to EquiX3n for the announcement of the subscription plan
    http://www.elearnsecurity.com/course/penetration_testing/subscription.php.

    This confirms all our efforts to make great training affordable even if you pay out of your pocket. Hope you appreciate it  ;D

    Also I would like to update you on our latest improvements to the course as per Jason’s suggestions:

    • Social Engineering and SET
    • Pass the hash
    • A number of smaller improvements

    The above are included in our upcoming release (1.1).
    Of course, All our students will get this update for free.

    I’m also getting a bunch of (very respectable) forum members who have studied the course produce small comparisons with other similar courses.
    These will appear on our site soon as well.

    Thanks a lot to anyone in this forum for the lovely support and interest given  to our project

  • #31495
     Xen 
    Participant

    @armando Just checked your website. The link to EHNet in the main page is broken. Hope you correct it ASAP.

  • #31496
     Armando 
    Participant

    Oops. 😮 Thank you!

  • #31497
     SJF1978 
    Participant

    Got my code & paid my silver…  8) Looking forward to the course… I’ll let everyone know how it goes

  • #31498
     secureseve 
    Participant

    Really looking forward to this!

  • #31499
     secureseve 
    Participant

    Started my courses tonight! It’s fun and amazing so far!

  • #31500
     Anquilas 
    Participant

    Cool 🙂 Keep us informed!

  • #31501
     T_Bone 
    Participant

    @armando

    When will the version 1.1 of the PTP course be released?

  • #31502
     Anonymous 
    Participant

    I’m definitely thinking seriously of taking this course. Almost there.

    By the way the picture-logo is awesome!

  • #31503
     Armando 
    Participant

    I know I’m not arrogant if I say it doesn’t matter when we publish version 1.1 since all our current students will get it for FREE. 😉

    (But we are close to it  :))

  • #31504
     Armando 
    Participant

    Happy to announce that now we have a Students forum where all our students will be able to peer with our instructors, ask questions, meet other students and enjoy new small video guides that we will (hopefully) run every week (free for our students).

    This is another step towards a 360° learning experience that I want to build with eLearnSecurity.

    It’s hard to keep all this work affordable but the great attention we got on this and other forums makes me think we are on a good track.

    Thank you all for your kind support.

  • #31505
     recon 
    Participant

    Hi All:

    I’m considering taking this class before the price increases again.

    For those who are currently or have taken this class, could you let me know what were your thoughts about taking this online class and certification?

    What were the differences between this class and the Pentesting with Backtrack offerred by Offensive Security?

    Also, I’ve already read the course syllabus and reviews on here but wanted to get a feel of what ppl though of both courses.

    Thanks,
    recon

  • #31506
     hayabusa 
    Participant

    Hey recon.

    While I’m in process with eLearn’s course, I’ve definitely been enjoying it.  Personally, I agree with JHaddix’s remarks, of it being a ‘CEH killer’, but it definitely varies, from what was covered in PWB.  It seems, to me at least, that eLearn went through more time on the web application attack side, whereas, PWB made gave you some higher-level overview, but then made you self-study that a bit more.  And if you’re a newbie to the realm of security, eLearn’s buffer overflow info is an excellent resource, and IMHO, will be easier for someone to learn, if they’re starting that topic from scratch.

    Overall, PWB was very rounded, and really made you work for your knowledge, and challenged you more, with their multiple-machine, multi-faceted labs.  So of the two, I preferred it, as it gave me much more hands-on experience and time on multiple fronts. 

    So it depends on who you are, how you learn, and what your end goals are.  If you’re emphasizing web app security, eLearn went out of their way to put some good training together.  If you’re looking for a much more rounded approach, with more lab and hands-on time, at least from what I’ve seen so far, PWB wins that comparison.

    But both courses are well worth the time and money that are involved with them.  And both are a step (or more  😉 ) above and beyond the CEH.

    My 2 cents, anyway,,,

  • #31507
     impelse 
    Participant

    I am taking the eLearnsecurity right now (I did not take the offensive security jet), I feel the eLearnsecurity gives you a good base to begin to build your pentest career, I am fixing this training with the CEH (I am bad momorizing) so I see eLearnsecurity like the practice of the CEH.

  • #31508
     KrisTeason 
    Participant

    D’oh – this kind’ve sucks. I had about 5 paragraphs typed out stating the comparisons between the two when I hit the post button I was timed out and lost everything I wrote. Having taken both (and currently still in eLearnSecurity’s PTP course), I’ll bullet out their main differences:

    -Offensive-Security’s Penetration Testing with Backtrack 3 course offers a vpn lab for you to test your newly acquired skills on expanding across 4 subnets.

    -In the eLearnSecurity course, you download slide attachments and pretty much replicate what’s on the slides to get the hands-on approach.

    -Offensive-Security has an IRC Channel for students where ops are around almost 24/7 to provide basic help. Don’t expect to be spoon fed answers, expect “Try harder” as their main responses regarding questions that your capable of doing yourself.

    -eLearnSecurity doesn’t offer an IRC Channel but has a ‘Chat with Tech’ support feature which isn’t available 24/7.

    -Both have an e-mail support line and both of these support areas you get responses pretty quick.

    -Offensive-Security has a support account on MSN that you can add and talk to 1 on 1 just in case you need a quick response on something.

    -Offensive-Security’s videos are more than twice as long eLearnSecurity’s video footage in the course.

    Regarding the above, eLearnSecurity’s videos tend to be on more point-n-click tools versus in the offsec course your learning more command-line kung fu techniques

    -eLearnSecurity’s Web Application Attack section is the strongest section.

    -Offensive-Security’s Web Application Attack section isn’t as detailed as eLearnSecurity’s (For example, eLearnSecurity’s course covers introductory stuff like basics of HTTP, cookies and sessions, in the OffSec course it’s mainly talking about exploitation of attack vectors XSS, RFI/LFI, SQL Injection, etc).

    -eLearnSecurity’s video demonstrations are pretty basic compared to offensive-securitys. In the eLearnSecurity course I’ve noticed a lot of point and click fundamental tool usage type stuff versus in the offsec class your focusing on your command-line kung fu.
    Overall I think the 2 courses are in a different league of their own but similar because you do a report and a practical pentest to obtain the certification. I’d say choose the course based on your experience level – are you new to the field and don’t know much regarding penetration testing? Go with eLearnSecurity’s course. Are you someone who’s comfortable with BackTrack as a pentesting platform, know the basics and ready to take it a step further with a more hands on approach? Take Pentesting with BackTrack.

  • #31509
     impelse 
    Participant

    @xXxKrisxXx wrote:

    I’d say choose the course based on your experience level – are you new to the field and don’t know much regarding penetration testing? Go with eLearnSecurity’s course. Are you someone who’s comfortable with BackTrack as a pentesting platform, know the basics and ready to take it a step further with a more hands on approach? Take Pentesting with BackTrack.

    This is the real possition between these two training.

  • #31510
     dynamik 
    Participant

    @xXxKrisxXx wrote:

    -Offensive-Security’s Penetration Testing with Backtrack 3 course offers a vpn lab for you to test your newly acquired skills on expanding across 4 subnets.

    This has been updated to BT4, and from what I hear, the labs are much larger this time around.

  • #31511
     recon 
    Participant

    Hi hayabusa, impelse, xXxKrisxXx, dynamik and All:

    First, I’d like to thank you for the fast replies! 🙂 These were all great and in depth comparisons among the OCSP and eLearnSecurity classes. Since I do not have as much experience with Backtrack and would like a good overview again of the web application testing (others said is was strong in this), I’m going to pursue the eLearnSecurity class first since you have access to this class permanently. I think I would learn new things and this would also be great review for me. After that, maybe prepare and study for the CEH or do the Wifu from Offensive Computing. After all of this, I would really have to familiarize myself and be strong with Backtrack before I do the PWB from Offensive Security.

    Has anyone here done the Wifu class by Offensive Security?

    Thx,
    Recon

    @recon wrote:

    Hi All:

    I’m considering taking this class before the price increases again.

    For those who are currently or have taken this class, could you let me know what were your thoughts about taking this online class and certification?

    What were the differences between this class and the Pentesting with Backtrack offerred by Offensive Security?

    Also, I’ve already read the course syllabus and reviews on here but wanted to get a feel of what ppl though of both courses.

    Thanks,
    recon

  • #31512
     UNIX 
    Participant

    pizza1337 took Wifu and did a short write-up on it.

  • #31513
     recon 
    Participant

    Thx awesec.

    @awesec wrote:

    pizza1337 took Wifu and did a short write-up on it.

  • #31514
     hungrymind 
    Participant

    Hi everyone,

    I am thinking of taking an online course in order to learn the fundamentals of penetration testing (and hopefully then some).

    I have been considering Wayne Burke’s offerings (not sure now due to the high price tag, but they look good), Offsec (very interested), and eLearnSecurity (also very interested due to the good reviews and the even better price point).

    So this is more of a follow-up post to see who has started the eLearnSecurity course and their satisfaction level with it thus far, what to expect, the exam itself, etc.

    Thanks guys.

    hungrymind

  • #31515
     Xen 
    Participant

    Hello, hungrymind!

    I am  eLearnsecuirty’s PTP course student. xXxKrisxXx and I did a small post comparing PWB and PTP. You can find it here
    http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,5938.msg31605/#msg31605

    Let me know if you’ve more questions, I’ll be happy to help =)

  • #168827
     Don Donzal 
    Keymaster

    Hard to believe this review of PTP v1 was over 8 years ago. With the recent release of PTP v5, I’m curious what our old-timers think of the massive improvements made to this course over the years. Would also be nice to hear from from newer students and their perspectives on this detailed course with hands-on labs and practical exam.

    https://www.elearnsecurity.com/course/penetration_testing/

    Don

You must be logged in to reply to this topic.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Copyright ©2018 Caendra, Inc.

Sign in with Caendra

Forgot password?Sign up

Forgot your details?