/ penetration testing

eLearnSecurity Professional Penetration Testing v4 Review

Intro

First of all, what am i going to talk about?

eLearnSecurity Professional Penetration Testing (PTP from now) is a course offered from eLearnSecurity, a company based in Dubai, Santa Clara and… Pisa.
Yeah Pisa always makes me smile, mainly because I am from Florence (the historical enemy of Pisa, you know, Tuscany stuff)
The aim of the course is to take you from a beginner level to a job-ready penetration tester (and that worked pretty well with me ;) ) and eventually obtain the eLearnSecurity Certified Professional Penetration Tester Certification (let’s just call it eCPPT ok!? )

Now you may think:

“Well, another BS course on penetration testing”
And yeah, that’s legit.
I mean, the world is full of security certifications that gives no-added value to a person other than a row in a resume, just memorizing things like an history exam in a tech field for a tech person is as useful as drinking a glass of water while your house is burning.

Luckly, that wasn’t the case.

How I started

Like many others, i started with Googling ‘penetration testing course online’.
I found eLearnSecuirity almost randomly, I looked at the price, and it was totally doable.
Few days later I was enrolled and ready to go.

The course material

The quality of the material is very good, curated slides and clear videos.
With over 4000 slides and 10 hours of videos, I had my hunger satisfied.

I think that the version 4 of the PTP course made a huge improvement in the course material compared to the version 3, the dispersive material was cut off and goes straight to the point.

What I really liked is the emphasis on the methodology.
In each section they ‘stress’ you to follow a rigid methodology and take detailed notes (and teach you how to do it), I honestly never found another course that does the same.
That make the real difference between an amateur and a professionist.
Plus, the extra section on “How to write a report” should be printed and kept close to your desk, a must have that will save you a lot of time.

The Labs

Along with the slides and videos, you have access to the HERA lab (if you bought it, obviously)
HERA is a set of hands-on labs on specific subjects of penetration testing, ranging from SQL Injections to Privilege Escalation.
The labs follow a step-by-step approach, where you are assigned different tasks in order to reach the final goal.
This may make you feel too easy in the beginning, but I found it necessary in order to build confidence and not feeling overwhelmed in a real engagement (personal experience)
I think that eLearnSecurity’s labs are unique, you can rarely find so many labs that cover every topic like they do.
Plus, the labs are totally dedicated, it means that you have access to your own instance of the lab, do not take it for granted.

The exam

The exam consists of a full penetration test against a fake corporation, you have 7 days to complete the test and 7 days to write a professional report.
The approach that I adopted was totally wrong, I jumped straight into exploitation without spending enough time on enumeration and scanning, the result was that I had to go back several times to check if I missed something.
The test took me about 5 full days, plus 5 for the report.
Was it easy?
Nope.
But I kinda enjoyed it, the quote that better synthesize my exam experience is from Simone Margaritelli (evilsocket):

Being a penetration tester is an alternance of the two feelings: “What am I doing” and “I am God”

A few days after uploading the report, I received the email:

1_KSHyDjLxTw6TzZ4kLrniSQ

What I didn’t like

There are some things I would like to see improve in the coming versions:

  • Practice on Linux environments, in the PTP there is a lot of focus on Windows.
  • Practice on social engineering attacks, more client side attacks and more phishing!
  • Maybe the use of Metasploit is too extensive?

msf

Final thoughts and comparisons

The course was totally worth, the only thing one can argue about is that eLearnSecurity is not still widely recognized as other courses/certifications offered from companies like Offensive Security, so to the eyes of HR it may have less value than CEH (anyway eLS is gaining exponential visibility right now).

Anyway, the point is to learn something new, not just put a row in the CV.
About that, you may be interested in a brief comparison with the famous OSCP

A complete discussion on the topic would take another post, so I’ll be short.
Don’t think that just because OSCP is harder (because it objectively is) is means that is better.
They have different purposes, eCPPT is the shortest path for getting an InfoSec job, it will teach you how to work and not just how to hack (the difference is huge)
On the other hand, OSCP has a totally different approach.
While in HERA lab you choose what to practice (in the SQL Injection lab, the probability of finding a SQL Injection is pretty high, do you agree?), in the OSCP labs every machine is a mystery and has a wider set of challenges.

Which one is better? They are just different approaches, for different kind of learners:
In HERA lab you can practice single topics quite easily, and for learning purpose is awesome.
In the OSCP labs you don’t know what you are facing and that maybe reflects better a real world scenario. Draw your own conclusions.