Before I begin, I have to admit I am overwhelmed by the amount of messages I have received. There was a lot of support and a lot of advice too, which I really appreciate. I never expected to get such a response at all and still find it hard to believe! you guys are so supportive and for that THANK YOU ALL. I am absolutely loving the positive vibe in this community!! Also a special mention for eLearnSecurity for shouting out my blog on their social media, thank you.
It starts with a BANG
Total study time over the week: 15 hours
So lets get in to it. The training does not hold back and from the 1st module you get hit with a lot of information, maybe more then I expected. I think I read the first module at least 5 times. It felt like I was given just one small piece of a huge jigsaw puzzle and I was reading too much in to it. I took a step back looked at the bigger picture and decided to move on. I wanted to see where it would lead to. It lead to BUFFER OVERFLOW! oh the dreaded buffer overflow.. I have read about it, I know its a big deal.
The concept of BOF was mind boggling, some fellow students also mentioned that they left out BOF and want to come back to it later. I however decided to look for resources outside the training material. I found the cyber mentor’s series on BOF (youtube) and I thought that explained it very nicely. When I then came back to eLS’ material it made more sense.
So a piece of advice for everyone, if you find it difficult or a certain way of explanation is not making sense then seek for other resources. You may find another explanation or a visual concept easier to understand. The whole community is out there to help each other, make use of it!
Shellcoding, crypto, password cracking & malware
Out of the remaining section I enjoyed shellcoding the most. I know there are tools out there such as Metasploit which make life so much easier and yes eLS material does touch up on them for now. But the satisfaction of writing your own shellcode and knowing the ins and outs of how its done is very rewarding. Crypto, password cracking & malware was more of a revision for me as it was covered in CEH. I feel like the first section was materials that you can hold on to and refer back to over the remaining course.
The course is tough.. its a lot of detail, its a lot to take in straight away. There is no messing about, its straight to the point. I feel like I missed out something.. maybe I missed out on doing eJPT first.
eJPT cert first?
Like I mentioned before, I had a lot of people giving me advice and support when I started. A lot of people also mentioned I should have done the eJPT cert before attempting eCPPT. I wanted to give it a go first before deciding if I should take a step back. Over the week I was reading a blog on LinkedIn by Helmi RAIS called ‘keys to success in starting/planning your career in Cybersecurity.’ Its got this awesome certificate progression chart attached. Whilst I thought CEH and eJPT would be equivalent, the chart shows CEH as entry and eJPT as novice.
This morning I received a lovely email of eLS with a nice offer on the eJPT cert. I talked to a good friend of mine, Jean Barkhuizen. (this guy is a legend! he is my go to guy for advice) He talked some sense into me, study for eJPT may be a good shout.
I need practical experience right? Why not do more labs with PTS first? So I have enrolled on.. I rather make smooth transitions in difficulty levels while I work my way up the ladder. The main goal was and always will be to be a good pentester with as much knowledge as I can gain. I don’t want to leave anything out. Besides, what’s the hurry?
I will carry on with my weekly posts. For a while they will be more about eJPT but it is still part of the journey towards eCPPT!
p.s I have managed to get through 5 labs already on PTS.. I LOVE IT! more about that next week!