On the 23rd of August 2018, I have passed the eCPPT Gold v1.0 Certification. eCPPT stands for eLearnSecurity Certified Professional Penetration Tester and the ECPPT Gold was the designation for ECPPTv1. At the moment of this article, note that you can not obtain this certification anymore and that the newest version of this certification is ECPPTv2. Anyway, both of them certify that you are an eLearnSecurity Certified Professional Penetration Tester and you have achieved the certification by performing a tough enough practical penetration testing on a simulated corporation.
Everything you’ll need to know to pass the exam is taught on the course, however, in my opinion, it won’t harm you to take note of the following key points:
- You should have a minimal experience in penetration testing. Some skill is needed to be sure you will fit in the 7 day test period.
- You should be enthusiasm for learning something new
- You should be patience
- Hacker mindset
- Familiarity with both Windows and Linux
- Ability to read and write code (especially in Python and C/C++)
- You should not rely on tools. Nessus, Nexpose, Burp Suite Scanner etc. - they won’t work, they will make you lose more time. Even simple things like Metasploit or Nmap will fail on you in the middle of the certification exam.
The Training Package
In short, the course for the eCCPT Certification includes the following topics:
- Penetration testing processes and methodologies
- Vulnerability Assessment of Networks
- Vulnerability Assessment of Web Applications
- Advanced Exploitation with Metasploit
- Performing Attacks in Pivoting
- Web application Manual exploitation
- Information Gathering and Reconnaissance
- Scanning and Profiling the target
- Privilege escalation and Persistence
- Exploit Development
- Advanced Reporting skills and Remediation
Everything is fitted in 4 main categories with 26 modules and 22 labs. There is one extra category if you take the most expensive package and you want to learn some Ruby, but I will say that this is not the key aspect for your certification. Note that even if you do not take the most expensive package, you still have access to the Ruby-related labs.
This so-called training will get you ready and able to both identify and exploit vulnerabilities at the available levels but will also learn you how to report what you should report and how.
After all, the life of a Security Consultant / Penetration Tester / Security Specialist is always defined by the quality of his worked presented by a report.
You have exactly 7 days of testing and another 7 days for writing the report which should be uploaded until the end of the time frames. At the beginning of this certification exam, you will be presented with a so-called later of engagement that should state all the minimal requirements to pass (it also states that the minimum requirements are not enough to pass).
My later of engagement told me the following things:
- Discover all hosts in all LANs
- Report any vulnerability on all hosts
- Obtain root access level on one specific server on one specific segregated network (yes, there are more than one)
- Do not overestimate the web vulnerabilities
- That I am allowed to use any technics and tools I want. Very nice joke! Nope. Do it as manually as you can!
- This is not a CTF (Capture the Flag - Competition) and some things might not be vulnerable at all. Learned it by the hard way. I can confirm that.
- You can fail the certification on the quality of the report
Funny but I broked all the vulnerable machines, found all vulnerabilities in 4-5 days and wanted to break the last of them. After 48 hours (3.5 hours of sleep), of smart ideas and newly discovered methods and ways I did not obtain access to all hosts and after consulting the forum I discovered that there was not a single way of doing it. After that, I wrote my report and uploaded it to the platform. After a while I received this:
My Exam Tips
- Take note of everything, make printscreens, write the draft report in the first 6 days of the testing time frame and take one day of putting all together.
- Do not really on commercial or non-commercial tools. They all have their problems and eLearnSecurity knows exactly how to play with them!
- Take a break, eat, sleep, wash, relax, hack and repeat!
- Is an open book exam. It might help you.
- “Try harder!”
- Save all pieces of information and all files
- Find workarounds on any issue or problem, think out of the box.
Dear reader, good luck with your endeavors!