Open in app

Sign in

Write

Sign in

I’m writing this ‘review’ to assist aspiring candidates in their journey towards obtaining the eCPPTv2 /PTP certification. My aim is to share the resources, insights, and tools essential for preparation, offering advice and addressing common concerns. Unlike the eJPTv2 exam, where you have a only two days to tackle everything alongside multiple-choice questions, the eCPPTv2 certification presents a different challenge. This exam grants you a generous timeframe of 7 days to compromise the entire environment and an additional 7 days to compile a comprehensive professional report detailing all identified vulnerabilities, their criticality, and proposed resolutions (remediation plan).

While seven days may seem ample, completing the exam in less time is entirely feasible, but I think that the time is correct, because it allows you to be able to do it during working days and not take holidays at work. Personally, I managed to conquer it within four days, allowing myself one day of respite, and dedicated two days to crafting a detailed report spanning a total of 80 pages. Is it worth the effort? Undoubtedly. The eCPPTv2 certification rigorously evaluates your prowess in pivoting, buffer overflow exploits, and, most importantly, your comprehension of the pentesting process. Success hinges not on merely reaching the root but on uncovering every vulnerability within the environment. Hence, a robust methodology and thorough enumeration are indispensable. Unlike conventional CTF challenges, you won’t find user.txt or root.txt flags; instead, you’ll encounter files containing crucial information such as passwords, IPs, or network segments, facilitating your progression within the network. I recommend using a diagram/map of the entire environment since otherwise you can get very involved and it is better to work organized, for example Excalidraw.com or Draft.io.

Not having much experience in writing reports, it was not easy and I recommend practicing beforehand. I received the positive result after just 24 hours, unlike what you read online of 15/25 working days. 🥂🥳

Here are some tips and insights to aid your preparation:

  1. Thoroughly Review the Letter of Engagement: Pay close attention to the “Letter of Engagement” document as it provides insights into the exam’s structure and requirements. This document must be included in your final report, along with a graphical representation of the compromised areas marked in red. 📖
  2. It’s Not a CTF: Unlike traditional Capture The Flag (CTF) challenges, the eCPPTv2 exam is designed to be more approachable. 🎯
  3. Master Metasploit: Proficiency in utilizing Metasploit is paramount, as a good portion of the exam necessitates its usage. 💪
  4. Emphasize Post-Exploitation Techniques: Effective post-exploitation strategies are crucial for gathering information and pivoting to other machines. 🔛
  5. Mind Your Nmap Switches: Be cautious when using Nmap with non-aggressive settings. Setting it to -T1 can prevent accidental resets and loss of progress during scanning or pivoting. 😐
  6. Patience is Key: Don’t be discouraged if it takes the full 7 days to compromise the environment. Persistence pays off in the long run. 😌
  7. Act like you’re a journalist: Take as many screens as possible during the 7 days of access to the lab, or if possible start filling out the report at the same time, because if you forgot to track something, you will lose progress. 🎥

Creating a customized homemade lab, composed of three or more network interfaces is the best training for this exam, starting with network of 2/3 interfaces and machines without vulnerabilities (direct access with SSH for example, see here), increasing the network interfaces with more vulnerable machines (including one vulnerable to BoF, such as Brainpain).

Remember that you already have an OVA machine on your VMWare/VirtualBox running on Windows 10, with ImmunityDebugger and the Mona plugin installed, to be used to test and prepare the shellcode to exploit the BoF-vulnerable software running on one of the machines on the network.

The official INE course is very extensive, and the PowerShell, Wi-Fi Security and Ruby modules are certainly important, but not mandatory for passing the exam.

After reading a lot of unenthusiastic feedback on the official course, I decided to follow the online resources and to focus only on core topics, studying the theory and practising via the THM, HTB, BurpSuite and YT learning resources. I resume them in details listing it on my github.

Here below the path I used and which I would recommend to reach a level necessary to pass the exam. 👇

Background Information

Tools

Web Sec

Post Exploitation and Pivoting

Buffer Overflow

Report

It’s a good choice use one of these source: TCM’s template (I used it), Offensive Security’s pentest report, the ITProTv sample report, and INE’s reporting guide.

Other Resources

CheatSheet

Conclusion

Having enjoyed the eJPTv2 certification very much, taking advantage of the Black Friday discounts, I wanted to continue with it. Most probably there are more comprehensive certifications than this one, such as TCM’s PNPT and HTB’s CPTS, which I will eventually evaluate in the future.

I conclude by saying that the exam is a great test bench for those who are willing to put themselves to the test, the vulnerabilities present are low/medium difficulty, but everything including the exam is the perfect mix to understand how a complete PT should be performed in a real environment.
I’m sure that the upcoming v3 (with a course given by the great Hackersploit), will once again give importance to this certification that has lost some points over the years, so my invitation is to absolutely evaluate it.

Have a nice day

Ecppt
Ecpptv2
Cybersecurity
Penetration Testing
Pentesting

--

--

Dev-angelist

Written by Dev-angelist

1 Follower

Cyber Security Specialist || CEH Practical | eCPPTv2 | eJPTv2 | AZ-900 | NSE 1 2 3. http://dev-angelist.github.io/

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams