Learnings for future challengers of the eWPT!
The INE course is all you need, but…
- The course provides the knowledge base for you to get started.
- During the exam, copying commands directly from your notes durng the course will not always work out.
- Expect to do your own Googling of technologies you encounter during the assessment, using the course knowledge as your compass.
Don’t skip hands-on with labs.
- There were certain topics that I had a certain degree of prior knowledge on and I skipped the hands on lab for those thinking it would not be necessary.
- I realised that I did not have true mastery over it when similar topics came up during the assessment and spent unnecessary time struggling to do last minute knowledge gap filling during the tight timeline. Not recommended.
Time wasted on blind hope.
- If brute force techniques seem to be taking way too long, consider other attack vectors.
- If a question seem to make no sense for now, consider attempting later questions as they may potentially open doors that guide you to the answer for earlier questions.
Consider more organised way of note-taking!
- I mainly used MS Word for note-taking and with the huge amount of notes and screenshots, things quickly became messy and disorganised.
- Have heard great things about CherryTree or Obsidian and will probably pivot to those instead for future pentesting.
Consider more streamlined screenshotting tools!
- I used the basic snip tool and it worked perfectly, except that there were probably better tools out there that does it better.
- Based on the TCM Security PEH course, Greenshot and Flameshot seem to be better, feature rich alternatives.
Best of luck!
Want to get into Cybersecurity? Check out INE now!
