I passed the eLearnSecurity Certified Professional Penetration Tester exam!

On my journey towards becoming a cyber security professional, I successfully reached a new milestone. I am happy to announce that after several months of studying I took the eCPPT exam and passed.

I would recommend the eLearnSecurity PTP course and respectively the eCPPT exam to anyone serious about getting into cyber security and penetration testing.

In a short amount of time I learned and practiced with web app vulnerabilities, buffer overflows, WiFi security, network security and much more.

eLearnSecurity managed to put together solid training material that goes hand in hand with some really fun to hack labs.

The exam itself is a real world engagement where you have a limited time to perform your tests and write a full report. I had fun while taking it but I’ll admit it was stressful.

Thanks again eLS for the opportunity and certification.

I passed the eLearnSecurity Junior Penetration Tester exam!

I already wrote a review on the Penetration Testing Student course that you can read here. Following the course completion, I allocated about 10 days to redo some of the labs and go one more time trough my notes and eLS materials.

Last Saturday morning I woke up, had coffee and breakfast, then cleaned a bit the apartment. I connected my MacBook to my LG TV as I felt the need for a second monitor and launched the exam. I received the exam details and started to work my way into the network.

After 2 hours I took a coffee break and had some fresh air just to clear my mind. The brain consumes a lot of oxygen and energy so make sure to have a window open and some food, snacks and chocolate. I continued working on the exam and after another 2-3 hours I was hungry so my wife prepared me the meal and I took maybe 20 minutes break in total.

I was so concentrated in the last part of the exam that I didn’t realise it was night already. I checked all my work and felt confident enough to submit the exam. I got my results with a passing score of 90%. You can’t imagine how happy I was when I saw the results.

If you went trough all the eLS materials, watched the videos, completed the labs twice and took detailed notes of this, than you are ready to pass the exam. In the end I would like to thank my wife for all her patience and confidence. “I couldn’t have done it without you.”

I’m already registered for the Penetration Testing Professional course and plan to take the eCPPT exam next year.

It was awesome and I would do it again.

 

Penetration Testing Student PTSv3 Course from eLearnSecurity review

Having reached a certain level in my information security career where the next logical step is to get into Penetration Testing, I decided that it’s time to get a relevant certification.

After careful research trough the plethora of online courses and certifications such as Security+ from Comptia, SSCP from ISC2 or CEH from EC-Council, I chose Penetration Testing Student v3 from eLearnSecurity and I will explain below my reasons.

First of all I was looking for a certification and course that can offer me the hands on experience in penetration testing, while improving my existing knowledge of networking, scripting and fundamentals of security. PTS v3 covers all of these, as it offers practice labs, course material and a valuable certification (eJPT eLearnSecurity Junior Penetration Tester).

I knew almost nothing about eLearnSecurity as they are a rather smaller player when compared to ISC2, ISACA or Offensive Security; however, I was really impressed by the quality of the material, videos and labs. I dare to compare eLearnSecurity to the other organizations as you would consider David and Goliath and we all know who won in the end. Nimbler than the rest, this eLearnSecurity goes the extra mile for it’s students.

Brief overview of the course and what it offers:

  • The course material comes in 3 formats, Flash, PDF and HTML5. I mostly used the online HTML5 version as it has a nice feature to resume the course where you previously left it. The slides are detailed and fun to learn, also containing links to study further a certain topic in books, websites or videos. My only complaints about the slides are that in a few cases the information is repetitive but we all know the saying “repetition is the mother of learning”.
    Secondly you can’t copy/paste the scripts so I would advise the instructors to set up a GitHub repository. I never skipped any of the slides as they offered me a refresh on already known topics however there are no instructions on how to write an executive summary or pentest report (a template would be nice). No one knows everything, but everyone knows something.
  • The videos are really fun to watch and are a great addition to the slides. One big advantage is that you can also download them. I uploaded both the PDF’s and the videos to my smart phone so I was learning while commuting to work. It’s a nice experience when you realize that people near you in the subway look strange and treat you as a hacker. Achievement unlocked.
  • The labs are really creative and offer great instructions and walk-through if you get stuck. After each chapter you get a lab where you can practice what you learn. This was another selling point for me as PTSv3 teaches you both theory and practice. Since I purchased the Elite Plan, I got 60 hours of HERA lab access, more than enough if you want to pass twice trough them before going for the exam. The process is really simple, you start a lab, download the OpenVPN tunnel files, connect to it then start your exercise. Most labs boot in under 30 seconds and if you get stuck or mess it you can always click the red flashy RESET button to restart the scenario. Network wise the labs offer a speedy connection and I encountered no problems. Just make sure to set up your OpenVPN credentials from the console before starting the lab. Again, I would like to highlight that the labs offer well build web applications or systems that you can encounter in real life. They are not easy to solve, however definitely not impossible. I will not spoil it for you, however the 12 challenges are the best part of the entire course.

If the above didn’t convince you to register for PTSv3 then please read on my 6 reasons for opting with eLearnSecurity:

  1. Pricing. At $299 it’s hard to find another course with labs & certification that beats PTSv3. Make sure to follow /r/netsecstudents on Reddit as the course instructors regularly post discounts or barebone access to the course.
  2. No expiry. You get an eJPT certification that doesn’t expire. It’s silly that we live in a world where every 2-3 years we have to renew our professional certifications or get a certain amount of points.
  3. Free retakes. Depending on the plan you can get either 1 or several free retakes if you fail the exam. This was another selling point for me as no matter the confidence level, we all fail exams sometimes.
  4. Real life test. Instead of sitting for hours in an exam room to pick multiple choice answers you get to do an actual penetration test in a corporate network.
  5. Lifetime access. You can login at any moment and download again the course material or watch any of the videos to refresh your knowledge.
  6. Paper certificate. Life is too short so why not have a nice printed certificate to put on your desk or wall and be proud of.

It took me 3 months to study all the materials and solve all the lab challenges. I’m planning to take the eJPT exam this October and will write a follow-up.

TL;DR: PTSv3 course and eJPT certification from eLearnSecurity are your best options if you are looking to get into penetration testing.

How-to display the Orthodox Easter date from CLI

As many people, I do most of my work in the CLI and some of the commands I use often are cal or ncal. Both commands will display a simple calendar, highlighting the current day.

root@box:~# cal
    August 2017
Su Mo Tu We Th Fr Sa
       1  2  3  4  5
 6  7  8  9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31

root@box:~# ncal
    August 2017
Mo     7 14 21 28
Tu  1  8 15 22 29
We  2  9 16 23 30
Th  3 10 17 24 31
Fr  4 11 18 25
Sa  5 12 19 26
Su  6 13 20 27

One interesting command argument I found for ncal is -o that will display the Orthodox Easter day for the current year.

root@box:~# ncal -o
April 16 2017

You can even find it out for past years.

root@box:~# ncal -o 1970
April 26 1970

I recommend to check the complete manual page for cal to see the full description.

root@box:~# man cal