Shrinking budgets and geographical diversity are pushing educational trends out of the classroom and into online learning opportunities. But, hands-on training and skills evaluation is a trickier problem to solve in that paradigm. Information Security training is no exception. Yet, many students seeking training in Information Security face barriers of entry involving their prior knowledge, and how to get it. Many offerings assume a level of proficiency above what a beginner may have, especially one who has not already worked in Information Security. To add to the beginner’s frustration, most training organizations don’t offer the background learning necessary to get to that level. Enter the eLearnSecurity (eLS) Penetration Testing Student course.
The eLearnSecurity Penetration Testing Student v2 course addresses the need for online, hands-on education for the beginner. The flexible and self-paced, browser-accessible online course teaches basic foundational concepts for students who wish to enter the field of penetration testing while allowing hands-on application through the Hera Student Lab and, optionally, the Coliseum Web Application Testing Framework. The course provides an ordered and appropriately broad basic introduction into foundational concepts for the beginner. While this course alone will not produce a qualified penetration tester, it provides a guided hands-on opportunity to become familiar with some of the basic concepts. It is effective for those who are exploring the possibility of penetration testing as a career path, or for those who simply want to know more about what penetration testers are capable of doing.
Overview of eLearnSecurity Penetration Testing Student v2
Few assumptions are made about the knowledge that students are required to have before engaging in this class, but a basic grasp of the Linux command line and an understanding of binary will be helpful. Understanding how to run a script, change a directory, and do some basic troubleshooting will be very useful to students. Although if the student lacks even these basic skills, there is plenty of support available. Additionally, exposure to the concept of programming is not required but will make the introduction to Python and C++ more familiar. The curriculum is split into foundational concepts and penetration testing concepts which may be explored or skipped at the discretion of the student.
The section on foundational concepts covers the introduction of terms like vulnerability assessment and penetration testing including a walk-through of penetration test phases. It also covers the crucial difference between vulnerability assessment and penetration testing, a simple concept for those in the industry that most newcomers lack. This section continues with coverage of network and web application basics. It also includes adequate C++ and Python primers with exercises that include the creation of several practical scripts.
The Penetration Testing section goes into more detail about each of the phases of a penetration test. Along the way, it introduces in-depth tool specifics including Metasploit, sqlninja, dirbuster, and netcat. It also covers topics such as backdoors, open source information gathering, password cracking, null session exploitation, SQL injection, XSS, and other exploitation topics — all good foundational information for penetration testers. The course includes plenty of great references for independent and supplemental learning. The full course syllabus is available online.
The course is sold with lifetime access rights to the material with free minor updates and a fee for major updates. Lab access is offered with flexible purchasing options including on-demand usage. Lab time may be used by the minute or through a flat unlimited plan, where labs are available for 30, 60, or 90 days. This course focuses on the content available in the Hera Lab, eLearning's live penetration testing environment. Accessed through a VPN, Hera offers a hands-on environment to support the course material. The registration for the course also offers the option to add on access to Coliseum, eLS’s more advanced web application security training framework. Other than these time restraints, students are free to pursue the content at their own pace and even their own choice of order, as some modules provide a clickable navigation panel with access to the different concepts. Of additional interest, eLS offers a payment plan where the course can be purchased with a monthly fee instead of a lump sum. This flexibility raises its appeal to self-funded students.
Students access eLS’s student website to access documentation and code samples for the class, the courseware itself, account management, and lab management. All of these functions are very intuitive and easy to navigate. It’s advisable for students to completely run through the courseware before digging into the Hera lab, as access in the lab may be time limited depending on the subscription choice.
The web interface enables students to stop, start, and reset the Hera lab. Getting into Hera may be a little confusing for absolute beginners. There is a guide that describes how to connect to the lab using both Windows and Linux, so the choice is available to the student. Then, walk-through videos describe how to download and install Nessus, for example. But, some of the labs require Linux tools, and the videos appear to use BackTrack for tools demos. Students will want to be prepared to confront the possibility that they may need to create and run a Linux virtual machine if they choose a Windows platform.
Figure 1 – eLearnSecurity Penetration Testing Student v2 Screenshots
The courseware itself launches from the same web interface and runs in the browser, providing a clean and professionally done graphical interface. The guided introduction to the course material is supplemented by periodic hands-on labs and quizzes as well as demo videos. Additionally, a discussion area is available for students to collaborate or get help with issues from course support staff. Navigation within the course itself is very simple. A navigation control panel at the bottom allows you to move forward and backwards through the lesson, one slide at a time. The same navigation bar keeps track of the currently viewed slide. Audio sometimes supplements the text, and the graphics used to support the material are very well done and appropriate to the information at hand.
Once inside Hera, the experience is exactly as it should be for a penetration tester connected onto a client network. The Hera labs provide a good place to do the hands-on exercises provided in the course, but it is not advertised as a free-form environment where a burgeoning penetration tester might experiment very freely with newly learned skills. Lab exercises are specifically targeted towards the use of the tools according to the examples provided in the lesson. There are other hosts accessible within the lab, but there is no guidance within the courseware that suggests further exploitation should be considered beyond the scope of the exercises.
The course covers web application penetration testing concepts in depth. One demo video in particular stands out as a crystal clear and exemplary explanation of the mechanics of Cross Site Scripting. But don’t fret that it will quickly get overwhelming, as network concepts are hardly unmentioned. In addition to a thorough exploration of Burp Suite, the course covers Wireshark in interactive detail, both with labs and exquisitely detailed walk-throughs within the slides. There are lessons defining how buffer overflow attacks work, what role malware plays in the exploitation process, and various server and client exploitation methodologies. Social Engineering and Physical Pentesting even receive their nod during the Information Gathering lessons. There are two videos that cover Metasploit, but no exploitation labs using it, and its capabilities are only explored at the very surface. eLS’s Professional Course covers these more advanced topics, but students who are expecting a detailed walk-through of network penetration testing will not find it in this class.
Figure 2 – eLearnSecurity Penetration Testing Student v2 Introduction to Python
The course’s strength is in the foundational information it provides. Beginners with no grasp of what a network port or an IP address are will get the introduction they need to properly contextualize these lessons. For example, a very detailed examination of how networks work begins with the simple and non-assuming explanation of what a network is. The lesson progresses naturally, building upon each layer of information to explain Firewalls, IDS and IPS, and Web Application concepts. And, perhaps most importantly, their role in defending against - or failing to defend against - attacks. For beginners who have no exposure to security concepts or who have yet to explore them in an offensive frame of mind, these foundational lessons are truly essential.
Far from death by PowerPoint, the course not only allows students to choose their own order and take their own time to process the material, but the slides are interspersed with demo videos, lab exercises, and self-test quizzes. Students are free to explore Burp before Metasploit, or vice versa, to explore foundational concepts, or only the penetration testing concepts. Students may leave and come back to the content at their leisure due to the lifetime access granted by the license.
Quizzes enable students to test their own progress and decide how best to use the resources for ongoing study provided at the end of each lesson. The quizzes follow a multiple choice format for the most part. But, occasionally, a drag-and-drop question is thrown into the mix. These aren’t always obvious, and have confused some students, so keep an eye out for it. For the most part, they do a good job of reflecting the course content without being verbatim repetitions of the lessons. However, the logical leaps some of the questions make require a bit of thinking and practical application of the subject. The option to review incorrect answers will help solidify the learning in the cases where this trips up an unsuspecting student.
Areas for Improvement
Overall, the course is very well done and establishes a good, broad base of knowledge about penetration testing. Again, the course alone is not enough to produce a qualified penetration tester, but, as an introduction to concepts and tools, the class succeeds. Only a handful of items stood out as possible issues for students, and most of these were relatively minor. In general, the course navigation is sometimes inconvenient, and the grammar and audio is occasionally awkward. There are also notable inaccuracies in some of the technical details about networking. None of these should interfere with a penetration test, and the course authors have been very receptive to fixing any issues found.
The navigation, as mentioned, is very basic. But, progression from slide to slide is not always sequential. When students choose from lesson menus, slide counts jump, sometimes by the hundreds. Getting back to the menus may require navigating slide by slide back to the menu. Also, while the course is supposed to bookmark student progress between sessions, this does not always work as expected. As a browser-based platform, the student computer settings have an impact on the experience. Workarounds for these issues have been provided by the course administrators on the student discussion boards.
The grammar on the slides and the audio are occasionally awkward enough to impact the student experience. In the best cases, misuse of common jargon like “arp” or “syn” in favor of “A-R-P” or “S-Y-N”, for example, might make a beginner seem strange to peers in InfoSec. In the worst cases, the meaning of learning points may be lost behind confusing wording with unclear intentions. However, as these oddities are not always present, and the bulk of the content is clear, this is not something that should discourage a student from the course.
While the web application information and the tools usage are spot on and very useful, some of the other complex concepts on network penetration testing have been oversimplified for the purpose of introducing them to beginners. These minor errors would not actually affect someone while conducting a real penetration test, so it is acceptable for its intended audience. As mentioned, the course authors have been receptive to improving their course and fixing any errors that are reported. So in conclusion, minor issues in the courseware are heavily outweighed by the clear content, clean presentation and excellent support, making it easy to recommend eLearnSecurity Penetration Testing Student v2 to beginners in InfoSec or experienced IT professionals looking to get into the exciting field of ethical hacking.
Heather Pilkington has almost fifteen years of experience in Information Security, including Incident Response, Change Management, and Vulnerability Management. Certified both as an OSCP and as a CISSP, she has also previously held GCIH and GSEC certifications. Outside her primary professional work, Heather acts as the BeEF project blogmistress and operates as a freelance technical editor.