.

Another eCPPT v2 review

<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Mon Apr 30, 2012 2:31 pm

Another eCPPT v2 review

Introduction

A couple of years ago, Armando Romeo, from eLearnSecurity, allowed me the privilege to review their initial course offering.  Two years later, I was pleased to be asked to review the second generation of this course, and at no surprise to me, they've only improved upon what they'd offered in the earlier version.  I spent my spare time, over the past few weeks (while also studying for another well-known certfication,) diving through the courseware, comparing and contrasting v2 to v1, as well as looking at much of the new information that was provided.  My goal, not so much to compare against everything else on the market, but to really see what changed, in this new version.  Along the way, though, I was happy to see that it STILL outdoes many of the competitors on the market, both in terms of information exposure, as well as in ease of learning, clear presentation and informational accuracy.

What was immediately apparent to me was a much cleaner interface and presentation, than in the previous version.  While the organization of the materials was much the same, and it is still Flash-based presentation, the interface was easier to navigate, for me, and was even better 'put together,' from the presentation point of view. The links at the bottom of the pages, to references and videos, were a nice update, and made it easy to quickly reference outside information, also allowing me to watch video segments, etc, at times when the written material started to feel long, and I needed a mental diversion for a bit (not out of being bad material, but because I was going through at night, after some long work days, prior, so at times, after reading for a while, my mind started to wander.)

(Note - ironically, Andrew Johnson's review, http://www.ethicalhacker.net/content/view/420/1/, on ethicalhacker.net was posted today, as I was working to complete this, and many of his thoughts mirrored mine)

Sections

The individual Section titles from v2 are:

System Security

- Module 1: Introduction
- Module 2: Cryptography and Password Cracking
- Module 3: Buffer Overflow
- Module 4: Shellcoding
- Module 5: Malware
- Module 6: Rootkit coding

Network Security

- Module 1: Information Gathering
- Module 2: Scanning
- Module 3: Enumeration
- Module 4: Sniffing and MITM attacks
- Module 5: Exploitation
- Module 6: Post-exploitation
- Module 7: Anonymity
- Module 8: Social Engineering

Web Application Security

- Module 1: Introduction
- Module 2: Information Gathering
- Module 3: Vulnerability assessment
- Module 4: Cross site scripting
- Module 5: SQL Injection
- Module 6: Advanced Web Attacks


With regard to the individual sections, I'm strongly in agreement with Andrew's review, on ethicalhacker.net.  One of the the points I'd noted, when I originally reviewed v1, was that they did a good job of explaining topics like the stack, and buffer overflows.  In the new version, I feel they made that even better, both through change in visual presentation, as well as the occasional quiz (there were a few self-quizes throughout the course,) in order to make sure you grasped the concept they were teaching you. As Andrew noted, it feels even less like you're being thrown into something, if it's a topic you previously didn't understand, or had been introduced to.  

Added content was also a plus, such as the extra section, on Post Exploitation, that was added to the Network Security section.  eLearnSecurity did a great job of expanding upon the modules, and presenting the student with more information than in the previous release.  Even with the additional material, the modules continue to flow clearly, one to the next, through well-thought-out, organized processes, which align to the various penetration testing methodologies.  Aside of my aforementioned need to occasionally step off the written page, and into the videos and side reference links, I felt it much easier to keep my head into the topics being presented, as this was eased by their organization of the course and materials.

Labs

The most notable additions to the course, however, are their labs.  The course allots the student (it did me, anyway) 30 hours 30 minutes of time to spend in the Hera Labs, which are new to v2 (note this is NOT the extra, paid Coliseum labs, which are ALSO of great benefit to students, whether in study for the course, or just looking for general practice.)  The Hera Lab exercises were aligned to specific sections of the course, and give you hands-on practice within the skillsets.  Each lab has a PDF with instructions, as well as solutions for the tasks the student has been assigned to do.

The Hera Labs are:

Lab 1 - System Security - "Assembler", "Dev-C++", "Exploit Development" and "Fuzzing"
Lab 2 - Information Gathering - "Detect Live Hosts", "NMAP Scans", "DNS Enumeration" and "Zone Transfer and NSLookup"
Lab 3 - Scanning - "Port Scanning", "OS Fingerprinting", "Service Detection" and "Idle Scan"
Lab 4 - VA & Exploitation - "Vulnerability Assesment" and "MultiPlatform Remote Exploitation"
Lab 5 - Post Exploitation - "Privilege Escalation", "Maintaining Access", "Data Harvesting" and "Pivoting"
Lab 6 - Blind Penetration Test

Due largely to the fact that I've previewed this during another certification, I didn't spend time in the labs, right now, so I'm very thankful that the time will remain in my account, as I look forward to going through them, upon completion of my other certification.  However, I did read through the lab exercises, over my lunch breaks, the past few days, and can assure the reader that they are both relevant to pentesting, and good / solid exercises to go through, especially for those new to pentesting, who really need the groundwork laid, and have never done many of the steps.  Lab 1 deals more with the underlying system hacking concepts, such as exploits and the stack.  Labs 2-3 deal more with the gathering of information and 'mapping out' the target(s).  Lab 4 covers finding vulnerabilities, while Lab 5 deals with what to do after the initial exploit has succeeded.  Finally, Lab 6 goes into other areas, such as web applications and web app enumeration / exploitation.  So they give you a small dose of everything from the course, in their hands-on labs.

Closing

All in all, the course is a hands-down improvement over it's previous iteration.  Still (and even moreso) the "CEH killer", as Jason Haddix (another ethicalhacker.net columnist) called it, in his v1 review, this course is considerably more informative and hands-on than the CEH, for those who don't just want to gain information, but to build their skills and get a more realistic approach on the fundamentals.  Students get more 'bang for their buck', and due to the continued access to their course materials, will always be able to come back for review, without having to retake a bootcamp, or buy another CBT.  

In the view of this pentester, the course is definitely a solid offering, and well worth the look and investment.
Last edited by hayabusa on Mon Apr 30, 2012 2:41 pm, edited 1 time in total.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Mon Apr 30, 2012 4:02 pm

Re: Another eCPPT v2 review

I hope our unconscious telepathy is this strong when I take my OSCP. Unfortunately, I probably won't be of much assistance with that upcoming OSCE on your end ;)
The day you stop learning is the day you start becoming obsolete.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Mon Apr 30, 2012 4:56 pm

Re: Another eCPPT v2 review

ajohnson wrote:I hope our unconscious telepathy is this strong when I take my OSCP. Unfortunately, I probably won't be of much assistance with that upcoming OSCE on your end ;)


Heh...  It's going to be a long weekend, this weekend, for me...

;)
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Tue May 01, 2012 3:24 pm

Re: Another eCPPT v2 review

Good luck Hayabusa, and if you fail.. TryHarder  ;D I'm sure you'll do fine, if you don't, you'll hopefully know exactly what you need to get better at the next time  :) But, I'll cross my fingers and pray to the OSCE gods that you will pass  ;)
I'm an InterN0T'er
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Tue May 01, 2012 4:58 pm

Re: Another eCPPT v2 review

Yeah, it's been rough the past few weeks, but I'm gonna give the first attempt a go, and if I don't pass, I'll schedule a retake.

Last few weeks turned into our house selling (after having been on the market previously and stagnant activity, this time, it went in 3 weeks,) and us having to move within the next 30 days...  Add it to some other things, and it's been a whirlwind.

But like I said, pass or fail, going to go forward on first shot, and if I miss, I should at least have a good idea on my weak spots, for a second go-round.

I'll let ya'll know how I do.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Wed May 02, 2012 1:37 pm

Re: Another eCPPT v2 review

Actually, because of my move situation, etc, and some stress this week over finding the house around work schedule, etc, I just rescheduled for 1 month out.  So you can wish me luck for the weekend of June 1...  ;D

Wasn't gonna, but didn't want to waste the opportunity, and really need to focus on family and the move.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Thu May 03, 2012 6:32 pm

Re: Another eCPPT v2 review

Sounds good, and if you're done with the courseware and have perhaps read up on a few topics related to the course, then you should be good to go.

It's good that you rescheduled, as you shouldn't be stressed before you attempt the exam, as you need all your focus and energy  :) Let me and perhaps the others know how it goes.

If you should fail, don't worry, it's rarely people succeed on the first try. (I needed a second try as well.)
I'm an InterN0T'er
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Fri May 18, 2012 10:34 am

Re: Another eCPPT v2 review

Update...  I may have to bump the test back one or two weeks, yet again (UGH - <grumble>)  Closing on my new home got delayed by a week, and we'll be staying with some friends, who have very unreliable dialup internet access, at best, on the weekend my exam had been rescheduled to.  This is NOT my spring / summer for luck.

I'll keep everyone posted if I do bump it, again, as well as how I do, once I finally get 'er done.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Fri May 18, 2012 5:53 pm

Re: Another eCPPT v2 review

hayabusa wrote:we'll be staying with some friends, who have very unreliable dialup internet access, at best


That would only add to the authenticity of the experience since it would be just like you were in Russia. You should go for it!
The day you stop learning is the day you start becoming obsolete.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Fri May 18, 2012 10:33 pm

Re: Another eCPPT v2 review

@ajohnson - hah!  Hadn't thought about it like that!  :P
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Sun Jun 17, 2012 1:48 pm

Re: Another eCPPT v2 review

hayabusa wrote:I'll keep everyone posted if I do bump it, again, as well as how I do, once I finally get 'er done.


OT: Any updates? :)
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Mon Jun 18, 2012 8:37 am

Re: Another eCPPT v2 review

Yeah, I'd bumped it one more time.  Exam is the 29th of this month.  Now that I'm moved into our new house, and semi-settled in, it's a bit easier to focus on things.

I'll let you know in a couple of weeks how I fare on the exam.

Thanks for checking in, aweSEC!
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH

Return to General Certification

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software