Great news! I just received an email from Armando Romeo from eLearnSecurity that I have PASSED the eCPPT exam :-)!!!
In December 2011 I decided to take the course “Certified Professional Penetration Tester” provided by eLearnSecurity which is – according to many posts on ethicalhacker.net – a very good preparation for the highly challenging OSCP from Offensive-Security, which I will take next :-).
The course itself consists of 3 different main-topics: WebApplication Security, Network Security and System Security with hundreds of slides and hours of videos. Sounds boring? No it isn’t. Armando Romeo, founder of eLearnSecurity and his team are providing a really great compilation of all important topics. Plus: You get lifetime access to the content which is updated regularly, a very good deal.
Especially if you’re new to the whole topic of penetration testing, the eCPPT is a “must-enrollment”, it teaches you the whole process from the beginning like HTTP options overview, basic attack vectors like Cross-Site Scripting and different types of SQL Injections. As I already know these basics, the WebApplication Security part was not very interesting for me. But the course gets tougher.
The Network Security topic covers things like Scanning, Vulnerability Assessment and the difference compared to Exploitation, Anonymity and an interesting, very informative part about Social Engineering.
Last but not least the most interesting part (well…just my opinion, since I do have experiences with the first two topics ;-)): System Security. Sub-topics like Cryptography, Password Cracking, Buffer Overflowing, Shellcoding, Malware analysis and …. rootkit coding. Well all those subtopics can – of course – be extended to hundreds of single pages going into every detail. But every single page from the eCPPT is worth the money. It covers everything you need to understand how buffer overflows work or why rootkits are sometimes hard to detect. Those topics have been one of two main reasons for me to buy the course and I do not regret to have spent the money (about 600€).
The other reason to take the course was that you’re being taught on how to write professional penetration testing reports. A great ressource if you want to join the InfoSec business and maybe want to work as e.g. a freelancer. The reporting is always a very important part of all topics, because it shows a potential customer the quality of your work.
Therefor the exam itself is based on the reporting. It’s not just a Capture-The-Flag (CTF) event where you have to steal some text-files from the administrator desktop to show that you have successfully hacked into the system. Within the exam you have to do a real-world penetration test on a provided web-application and you have to document any found vulnerability during this process and of course rate this vulnerability in the context of the company business-plans and to provide adequate solutions to fix the issues. So do not expect something like….”, wow I have found a SQL Injection vulnerability, let’s hack the system and provide some screenshots!” You won’t pass the exam this way! You always have to keep an eye on the scope of your penetration test and on legal issues.
Many people (like me too) don’t like courses where you only have to learn some theoretical things and then doing the exam by answering always the same questions. The CEH certification is a perfect example for that. The CEH does indeed have very qualitative content inside and may also be recognized by HR departments, but this is everything about it. That’s the problem about those courses, everyone can take them and if you learn all the content you can easily pass the exam without any hands-on experience.
That’s what makes the eCPPT and also the OSCP different from the CEH and nearly most other exams provided e.g. by Microsoft, VMware and so on. You have to pass a practical, real-world exam!