Heyo, I know I might be a bit late on this, since I’ve taken eCPPT on 2021’s December 1st, but I’ll make this review nonetheless.
What is eCPPT?
eCPPT stands for eLearnSecurity Certified Professional Penetration Tester, it is a completely hands on exam in which you are required to exploit several vulnerable systems inside a network and write a professional-grade report with your findings.
The exam lasts 14 days (2 full weeks), in the first 7 days you are required to try and compromise any possible system in the network, the last 7 days are for report writing.
The exam requires pivoting, advanced metasploit usage and more, here’s a list of what eLearnSecurity’s recommended prerequisites are:
- Understanding a letter of engagement and the basics related to a penetration testing engagement
- Deep understanding of networking concepts
- Manual exploitation of Windows and Linux targets
- Performing vulnerability assessment of networks
- Using Metasploit for complex and multi-step exploitation of different systems and OS’s
- Web application Manual exploitation
- Ability in performing post-exploitation techniques
- Exploit development skills on x86 environment
- Outstanding reporting skills
eLearnSecurity states the following
By obtaining the eCPPT, your skills in the following areas will be assessed and certified:
- Penetration testing processes and methodologies, against Windows and Linux targets
- Vulnerability Assessment of Networks
- Vulnerability Assessment of Web Applications
- Advanced Exploitation with Metasploit
- Performing Attacks in Pivoting
- Web application Manual exploitation
- Information Gathering and Reconnaissance
- Scanning and Profiling the target
- Privilege escalation and Persistence
- Exploit Development
- Advanced Reporting skills and Remediation
I can 100% guarantee that everything eLearnSecurity states is true and you will be assessed in those areas.
I can’t really tell somebody how to best prepare for this exam. I’ve got some “experience” in pentesting from a ton of tryhackme, hackthebox and other ctfs and the exam didn’t feel extremely hard (at least for me)
On the practical side I’ve done:
- INE’s PTP aka Penetration Testing Professional course (including labs)
- TCM’s PEH course
- 250 TryHackMe rooms
- 60 HackTheBox machines (including live and retired ones)
- 20-25 Offensive Security’s Proving Grounds machines
- Participated in a ton of CTFs competitions
I’ve also watched a ton of ippsec’s videos, read walkthroughs of different machines and took good notes.
There’s nothing much to talk here. My exam was.. short I’d say. I’ve compromised every single host in about 26 hours (including the report as well)
The exam covers what you’ve learned during the course material. Having done all the labs while supposedly you took good notes along the way, the exam shouldn’t difficult at all. Of course it may throw you off in some circumstances but that’s up to you and how you can think in critical moments.
Pro Tip: Use already compromised hosts in your advantage :)
I really enjoyed the course material and the exam. If you want a solid foundation of penetration testing first, go for eJPT, since the exam cannot even be compared to eCPPT’s exam environment, for that matter, eJPT is more approachable. If you want to learn how real pentests are done and advance in your pentesting skills, take INE’s PTP course and attempt the exam, as it will benefit you the most in your career as a pentester.
I’ve got my eCPPT results back extremely fast. I know it may take longer for some people but it was super quick for me :)
- Nov 30 2021 01:31:34 - Exam Started
- Dec 1 2021 05:39:00 - Report submitted
- Dec 1 2021 20:45:45 Report Assessed
I know people make these reviews maybe a bit longer and go in much more detail, but I just wanted to give my input and whether you liked it or not, thanks for reading.