Tag Archives: eCCPT

Review Contest: eLearnSecurity

Update post! I participated in the eLearnSecurity review contest! I referenced my post here, and I won a grand prize! I get to pick any security course offering elite plan, free of charge! I’m still deciding, however, I will most likely take the eCCPT as my next certification. I’m hoping that this will increase my skill set and make me a better cyber security professional. Once I get started with the course, I’ll be posting updates as well as a comprehensive review once I pass.

My life has taken quite a dramatic change in the past couple of months. Originally, I was planning on creating content and tutorials on a regular basis, however since that posting, I started a new job with a new company. I’m going to try and be a bit more realistic with my content, ensuring that I don’t write content for the sake of content itself.

Instead of trying to pump out blog articles and tutorials, I’m going to just take a step back while I get my eCCPT. During this time, I might write more on technical things I enjoy rather than only posting penetration testing content. We’ll see how the blog progresses over time. Stay tuned! Any tutorials or updates I make will have a corresponding blog page to accompany it.

 

Path to Pentesting: OSCP Preparations

Having taken the eJPT, I’ve been deciding which route to go down. Do I go for the eCPPT (Certified Professional Penetration Tester) by eLearnSecurity or the OSCP (Offensive Security Certified Professional) by Offensive Security?

For my situation, I decided to tackle the OSCP. Given that I bought lab time back in 2015 (while taking 18 credit hours in college), the 90 day lab time will only cost 600 USD vs the 1200 USD the eCPPT Elite plan costs. From a career perspective, the OSCP is also much more well known by HR departments, and since I can really only pick one (for now), I’ll go for the more marketable certification. OSCP here I come…..only…..

I’ve been incredibly intimidated by the reviews I’ve read of the OSCP. The course seems grueling, especially with the recent changes to the scoring. I’ve decided to give myself some homework to pass before I sign up and plunge into the content. If you have any suggestions to add to the list, feel free to let me know!

  • Complete and document all exercises on pentesterlab.com. I’ll use these notes to compile a small book for different techniques will examples of the exploits and indicators to compromise. I’ll combine these notes with my notes from the eJPT. Hopefully, this will give me a good head start in documentation and will add a couple tricks into my toolkit before starting the OSCP exercises and subsequent labs.
  • Complete and document three more vulnhub capture the flags.
  • Configure a fully updated version of Kali with the MATE desktop. This will decrease the overhead of running Gnome on my laptop (Solus) and virtualizing another Linux distribution running Gnome.
  • Find/modify/write any helpful reconnaissance scripts. I want to be able to VPN into their lab environment the moment I get the credentials and start scans to run overnight.

I’d like to get this list done in a month or two. Between work and an impending vacation, I think it’s doable. Really, the documentation will take the most amount of time. Then I’ll try my hand on the OSCP labs and exercises!

A main factor I’ve noticed in all the reviews is the sheer amount of time most people spent on the OSCP labs, easily 200+ hours over the course of 3 months. I’ve decided to give myself a realistic goal, one that I can easily hit and surpass without burning out. At the very least, I want to put in 20-25 hours per week, which will equal out to 240+ hours. Will this be enough to pass the exam? Maybe, maybe not. I would like to think that this will be enough time for me to comfortably go through and document the labs and at least 75% of the lab boxes. I do plan on tracking my time as I go through the labs and exam itself, so I guess we’ll see!

In the meantime, I won’t be posting much more about the OSCP or certifications until I pass the OSCP and give a review similar in structure to my eJPT review. I’ll be uploading write ups for my checklist above, so I expect quite a bit more content in the next two months followed by three months of silence while I go through the OSCP.

As always, feel free to let me know if you have any suggestions or comments!