eCPPTv2 Review

Hi everyone! Apologies for taking so long to write the review. As I am sure most of you are aware that I passed my eCPPTv2 exam. I received my certificate on the 24th May and I completed the exam aprox 10 days before.

A lot has been going on since! It all started off when I caught the dreaded covid-19 virus during the exam. It took me about 3 weeks or so to fully recover from that (it really was awful). We are expecting a baby in the next few weeks and I had been neglecting preparing the baby room because I was busy studying for the exam. So yeah last few weeks have really been just painting and making IKEA stuff! In between the baby prep, I have also had a few job interviews (junior pentesting roles) which took priority as I really feel its time for me to get a cyber related job. I have not heard back from all the interviews yet, but I am hoping someone takes a chance on me! (fingers crossed)

Review

Anyway, with all that out the way lets get into why you are all really here for – The eCPPTv2 review. I am a big fan of eLearnSecurity and when I started off I pointed out that I want to learn the right way, for me its not just about CTF or get root. The idea has always been to be able to find vulnerabilities and perform a full pentest in a real environment. If you have read my early blogs you are probably aware I brought the elite version and I spent around 80 hours in the practise lab environment before I took the exam. This might be an overkill for some but I always wanted to take the exam when I felt comfortable and that’s different for everyone.

I really enjoyed prepping for the exam, eLearnSecurity’s labs and resources are awesome. Another bonus is that you dont have to look too much outside their resources for any extra help (all the extra resources I will share below).

I have read a few other reviews for eCPPTv2 before I took the exam and I will be following the same style. My day to day summary will be fairly vague as I don’t want to give anything away.

Day 1

I got up nice and early, feeling good! The exam about 10 on Monday 4th May. I read the rules of engagement and got myself all prepared to start the exam. As soon as the exam started my morale dropped and nerves got the best of me. I felt a bit all over the place straight away and thousands of thoughts started going through my mind. After about 3 or 4 hours I started finding my feet and calmed myself down. My whole schedule went out the window! I had promised myself breaks etc but because I was struggling and not making much progress I didn’t feel like taking a break. Frustration started to get the best of me! Eventually I got my breakthrough and I felt much better. I found the initial foothold hard and spent most of day 1 on that.

Day 2

Second day was also tricky for me, I realised I get worked up easily. I thought I had decent patience but this exam taught me that solutions don’t come straight away and I need a lot more patience in this field. Frustration again got the best of me, I started stressing and didn’t take breaks again. Day 2 started early and finished extremely late, the whole day was very blurry and progress was slow. I did manage to make progress, I got escalated privilege and I was able to further enumerate the machine and the network. (I really did some soul searching on Tuesday night and I had a prep talk to myself about discipline!)

Day 3

Day 3 is where it really started turning around for me, I was calmer in my approach. I was taking regular breaks and the weather was decent so I was going for walks around the area too (I found this awesome little forest near my house which made it even better!). Another thing that helped was making a mind map, I added the machines I found from enumerating the network on day 2 to it. So I made a plan and started to try and exploit the machines. I made really good progress on this day and confidence started coming back to me. It really is a game of morale, the more confident you are the better you do. I started working on BoF exploit in the evening.

Day 4

This day was mainly about BoF, it was tricky! I don’t want to give too much away and obviously everyone works differently but I am glad I spent time on ruby. There wasn’t much more to day 4 to be honest. The most difficult part I found for BoF was which payload to use and it was really just trial and error until I got it right. I stuck to taking regular breaks, going for walks and I also decided to start sleeping more!

Day 5

I realised one thing on the morning of Day 5. I work much better in the mornings than the evenings! Day 5 started great, I got BoF sorted and I could finally move on. I found something interesting whilst enumerating the machine. I kind of got a flashback of one of the labs from the study material and it helped! By the end of the day I was in a very comfortable place as I was able to map out the whole network and knew where the DMZ was. (physically I was more tired than ever but that was because the covid-19 symptoms started kicking in!)

Day 6

The struggle on day 6 was unreal, I was starting to get really ill. I thought it was because of the exam was taking its toll on me and the lack of sleep was weakening my immune system. Some how I powered through though as I knew I was really close to the end. By the end of the day I completed the practical side of the exam!

Day 7

I woke up much later than I had been throughout the week. Feeling sluggish I went over everything. I started writing the pentest report too and whilst doing so I was taking additional screenshots where I felt I needed them.

The Report

The pentest report itself wasn’t too difficult although I completed it on the Thursday the 14th May. I used the template provided by the cyber mentor but I did make some changes to it wherever required. Before the exam started I was quite concerned about the report but once the exam was completed I was confident and I think that will be the case with most people. Once you know the vulnerabilities, you will know what to write and how to present it. The report including screenshots was approximately 40 pages long.

Conclusion

When I think about the exam now it feels rather bittersweet, I really enjoyed the exam but the memories attached to it also remind me of covid-19!

All I can really say about the exam is that eLearnSecurity do a great job prepping you for the exam. I would like to add that the PTP course material will not prepare you for everything and I wouldn’t expect them either. The exam would be very boring if it did. The idea is to use resources provided in the PTP course but also use your initiative. In a real life pentest you will be expected to come across the unexpected and figure a way out. 7 days for the exam is ideal, you have enough time even if it feels at times during the exam that its not.

Overall it’s a great exam, I have learned a lot from the PTP and the exam itself. Not just pentesting knowledge but also about myself. I realised its about how to handle the information in your brain and how to use it in pressure situation. The exam was a turning point for me, I feel much more confident in my pentesting abilities.

Tips

  • Discipline – no matter how tough it gets or how frustrating it gets, learn to walk away from the computer to take a break and come back calmer and with a fresh mindset. (don’t make the mistake I made for the first 2 days, I made way more progress after day 2)
  • Keep hydrated and don’t forget to eat. You will need energy levels to be high for the brain to function properly
  • Understand PIVOTING – I cant stress this point enough. Pivoting is huge! I had to use additional resource to understand pivoting properly and its unfortunate that you cant really practise it in the labs that well.
  • Practise your Buffer overflow technique, keep hammering it away until you know exactly what you are doing when it comes to BoF.
  • Understand payloads – you need to know when to use bind or reverse etc. Play about with msfvenom, it will help you.
  • Work to your strengths – Everyone has different strengths. Some may prefer RDP to enumerate whilst other may feel comfortable working in the command line. The point is there is more than one way to get to your goal. Use the tools and techniques you are comfortable with.
  • Don’t overthink it – It really is sometimes much simpler than you make it out in your head and when you do finally get the answer you were looking for, you will feel stupid! 😛
  • Create backdoors – make it simple for yourself to get in and out of the machines.
  • Cheatsheet – I talked about this in one of my prep blogs but yeah my cheatsheet definitely came in handy.
  • Screenshots – I know in the spur of the moment you can forget about screenshots but they are really important for the report.
  • This is not a CTF exercise – the idea is to find as many vulnerabilities as you can, just like you would in real life pentest.
  • Web App Vulnerabilties – PTP doesn’t go in a lot of details when it comes to Web App so I suggest brushing up on different type of web app vulnerabilities.
  • The one you probably have heard the most – Enumerate, Enumerate and Enumerate!

Extra resources

Pivoting – https://pentest.blog/explore-hidden-networks-with-double-pivoting/

Pivoting – https://nullsweep.com/pivot-cheatsheet-for-pentesters/

BoF – https://github.com/justinsteven/dostackbufferoverflowgood

BoF – https://www.youtube.com/watch?v=qSnPayW6F7U

BoF – https://tryhackme.com/room/brainpan

Socks Proxy – https://www.offensive-security.com/metasploit-unleashed/proxytunnels/

What is next?

So this is the end of the eCPPT journey! It has been really good and I have really enjoyed blogging too!

I haven’t really decided what cert I want to do next. The next few months will be dedicated to family time and therefore I don’t want to dedicate myself to any certificate. A question to all of you guys – what cert do you think I should go for next?

Also I don’t want to stop blogging, so what kind of blogs would you guys be interested in? I am really enjoying spending time on TryHackMe (if you haven’t checked the website out yet, then please do so!). Would you guys be interested in walkthroughs for the TryHackMe rooms? I cant promise how consistent I will be but I will try my best!

That’s all for now, I hope you guys enjoyed the journey and the review. Thank you all for reading my blog too I really appreciate everyone who has followed me from the start.

Its time for a new challenge! 😊

Please follow and like!

10 thoughts on “eCPPTv2 Review”

  1. Hi Rehan, Congrats on passing the exam! I’d like to ask you some info regarding the BoF. I was able to run the calculator exploiting the BoF vulnerability in all the exercises contained in the first module. However , I can’t have a reverse/bind shell. I followed even the video you suggested, but nothing. Can you give me some hints regarding the payload to used? I think it will be crucial for the exam… thank you

    1. Hi Luca,
      Think about the payload and what you can achieve with it. I really can’t answer that question as I don’t want to give anything away. Sorry..

  2. Great Blog! Glad I found this! I’ve been studying the PTP course materials and doing the labs since about March 1, 2020 (35 hours + per week). My target date for the eCPPT exam is August 1, 2010 (so, in about a month). I’m decent with BOF, since I’ve supplemented the eLearn material with Cyber Mentor and the Gatekeeper box on Tryhackme. I’m also OK at pivoting (although I need to get a lot better). Anyway, I’ve done all the labs at least once at this point, as well as watched all the videos as read all 6,500 slides. My problem is that I can’t really do much of ANYTHING without referring to notes, solutions, or Google. I feel that I can probably pass the exam a month from now, but it’s going to be painful. Do you have any thoughts about this? Thanks and Cheers!

    1. Hi Daniel,

      Thank you, I’m glad you found my review useful.

      I know exactly what you mean and I was in a similar position. Yes I think aprox 1 month should be sufficient however everyone works different. I would advice to take your time maybe go over the labs again and make a cheatsheet. I’d also say that you got 7 days to do the exam, it’s completely fine to go over your notes, study material or even google during the exam. You may even come across stuff in the exam that you haven’t focused a lot on in the labs so it’s normal to be doing additional research whilst in exam.

      Regarding bof I would say look at the additional resources I have put up and do the tryhackme room brainpan.

      You seem to be on the right track, I’m sure you will ace the exam!

      Good luck!

  3. I have tried every type of payload for the BOF.
    I can’t get bind or reverse shell. What am I doing wrong?

    I have a local windows 7 machine and may python script works well using a meterpreter bind tcp. But on the exam BOF I can’t get a shell.
    HELP!!!

    1. I’m sorry buddy, I can’t give the answer. All I can say is maybe take a break and try again. Don’t over complicate it. You got this!

  4. Thanks a lot for all your articles, what an inspiration. I wasn’t sure if I should go for the ejpt or ecppt but you helped to make me decide. Great to have all your tips for my next steps too. Thanks a lot!

Leave a Reply

Your email address will not be published. Required fields are marked *