Specific discussions on preparing for and taking the eCPPT exam.
alucian wrote:I just got the results today from the exam, so from now on I am an eCPPT!
I really liked the course. It is very well structured, and a very important advantage is that you can access it any time.
Now I am doing some checks for work and I use the course as a guide for the most important steps. I recommend following the course multiple times, because there is so much information so you can't digest it in a single shot.
I just wait for the new course they will produce (supposed to be an advanced one).
I found this course to take you from the novice to an intermediate level for the web application part, and this is what I wanted. The other two modules are at an intermediate level.
I found this course to take you from the novice to an intermediate level for the web application part
H1t M0nk3y wrote:
To who would you recommend this course? Novice?
pentestnoob wrote:I just have to add my $.02 after reading these posts. I purchased this course from eLearnsecurity and, being a beginner pentester, I find that it is MUCH more challenging to actually do this stuff than first thought. In my duties and speaking to many of the folks in the business, we spend the bulk of our time searching for vulnerabilities. This course "does" teach that, but it also attempts to focus on exploiting the vulnerabilities. In a typical engagement, I have not been asked to attempt to exploit a production system.
That being said, I have found that I was better off mentoring with a senior pentester than what I got from the slideshow that is this course. I never could get any of the exploits to work and honestly did not feel that I got much help, nor did I feel that it was worth $600 bucks for slides. Use your best judgment - it's especially tough with not too much on the market of this type of on-line training.
MaXe wrote:Realistic penetration testing, includes exploitation of the target but usually on a cloned network or not mission critical equipment / production equipment. (It wouldn't be good, if the server crashes while people are working.)
sil wrote:Long ago it was a common popular belief that: "well if I clone their W2K, NT4 machine, run this exploit in my lab... It should run on their machine... Autopwnage!" This would be inconsistent with reality. You could never know what say Windows Updates a server has on it, what's in their IIS/ASP/C# pages to mimic a machine to exactness. What you'd be doing is selling them a pentest of YOUR server under the theory that: "if it affects mine, it can affect yours"
Users browsing this forum: No registered users and 2 guests