Week 1

Hi Everyone!

Before I begin, I have to admit I am overwhelmed by the amount of messages I have received. There was a lot of support and a lot of advice too, which I really appreciate. I never expected to get such a response at all and still find it hard to believe! you guys are so supportive and for that THANK YOU ALL. I am absolutely loving the positive vibe in this community!! Also a special mention for eLearnSecurity for shouting out my blog on their social media, thank you.

It starts with a BANG

Total study time over the week: 15 hours

So lets get in to it. The training does not hold back and from the 1st module you get hit with a lot of information, maybe more then I expected. I think I read the first module at least 5 times. It felt like I was given just one small piece of a huge jigsaw puzzle and I was reading too much in to it. I took a step back looked at the bigger picture and decided to move on. I wanted to see where it would lead to. It lead to BUFFER OVERFLOW! oh the dreaded buffer overflow.. I have read about it, I know its a big deal.

The concept of BOF was mind boggling,  some fellow students also mentioned that they left out BOF and want to come back to it later. I however decided to look for resources outside the training material. I found the cyber mentor’s series on BOF (youtube) and I thought that explained it very nicely. When I then came back to eLS’ material it made more sense.

So a piece of advice for everyone, if you find it difficult or a certain way of explanation is not making sense then seek for other resources. You may find another explanation or a visual concept easier to understand. The whole community is out there to help each other, make use of it!

Shellcoding, crypto, password cracking & malware

Out of the remaining section I enjoyed shellcoding the most. I know there are tools out there such as Metasploit which make life so much easier and yes eLS material does touch up on them for now. But the satisfaction of writing your own shellcode and knowing the ins and outs of how its done is very rewarding. Crypto, password cracking & malware was more of a revision for me as it was covered in CEH. I feel like the first section was materials that you can hold on to and refer back to over the remaining course.

Thoughts..

The course is tough.. its a lot of detail, its a lot to take in straight away. There is no messing about, its straight to the point. I feel like I missed out something.. maybe I missed out on doing eJPT first.

eJPT cert first?

Like I mentioned before, I had a lot of people giving me advice and support when I started. A lot of people also mentioned I should have done the eJPT cert before attempting eCPPT. I wanted to give it a go first before deciding if I should take a step back. Over the week I was reading a blog on LinkedIn by Helmi RAIS called ‘keys to success in starting/planning your career in Cybersecurity.’ Its got this awesome certificate progression chart attached. Whilst I thought CEH and eJPT would be equivalent, the chart shows CEH as entry and eJPT as novice.

This morning I received a lovely email of eLS with a nice offer on the eJPT cert. I talked to a good friend of mine, Jean Barkhuizen. (this guy is a legend! he is my go to guy for advice) He talked some sense into me, study for eJPT may be a good shout.

I need practical experience right? Why not do more labs with PTS first? So I have enrolled on.. I rather make smooth transitions in difficulty levels while I work my way up the ladder. The main goal was and always will be to be a good pentester with as much knowledge as I can gain. I don’t want to leave anything out. Besides, what’s the hurry?

I will carry on with my weekly posts. For a while they will be more about eJPT but it is still part of the journey towards eCPPT!

p.s I have managed to get through 5 labs already on PTS.. I LOVE IT! more about that next week!

 

Please follow and like!

12 thoughts on “Week 1”

  1. Love this Rehan! Though I work for eLS and am a bit biased, I am starting my journey with eJPT and love reading about yours. Keep up all the hard work 🙂

  2. Glad the Cyber Mentor info helped out. It assisted me as well. Keep up the great work. Look forward to reading about your success.

  3. Great piece!!

    I am an eJPT currently studying for eCPPT. eJPT will sure give you the required foundation which will make more sense going through other modules in eCPPT like network/web security..

    I’ll suggest you create WhatsApp/Telegram group where you can share and learn on the go as you progress in this journey of pentesting…

    1. Thanks David, that sounds like an awesome idea! Il mention it in my next post, if we get enough people then we can start a Whatsapp study group. ??

  4. Hi rehan,
    I have read all your blogs and really inspiring me to get start in to IT-Security, I am an Software test automation engineer for past 6 years and my manager said ‘as you are a Test engineer’ could you do Pen Testing for the application we deal with? I was blank and started my learning online and get in started, literally i failed, failed, failed better ultimately with no good reports but i was manage to report some issues regarding admin account take over and so on…….. what i felt that moment i want to take IT security as a future as it is booming!!! i wanted to achieve more by doing some certifications and learning in security field, your blogs showing lot of positivity and i have initiated my learning towards IT security and i am on……In sha allah i will fail better and succeed. Thanks for the

    1. Hi Yakath,

      I’m really pleased that you find my blogs inspiring. You can do anything you put your mind to! I rather fail then not try and I can see you are the same. Keep going, you will achieve greatness!

      Good luck friend 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *