Beginning of 2022 I had two goals in terms of getting certifications. Get the eWPT and the eCPPT. I can happily say I have earned the eWPT and the eCPPT this year. Mission accomplished.
I’m writing this post because I want to provide helpful feedback for the eCPPT. I will cut away the fluff and get to the important stuff to help answer common questions. I will not be doing a day by day break down.
The lab is seven days of testing/hacking and seven days of report writing. It took me four days with the exam lab to get everything knocked out and two days of report writing. I had the results back in a couple days after submitting the report.
To prepare for the exam, I did all of the INE Penetration Testing Professional labs under the Penetration Testing: Network Security and Penetration Testing: Linux Exploitation.
The System Security for Buffer Overflows has good content. It gets a bad rap in my opinion. It’s useful, but the best way to prep for the Buffer Overflow from INE is the Exploitation with Ruby under the Metasploit & Ruby section. That’s the best way to get hands on practice from INE for BOF.
The Web App Security is a personal section I did not do much of, mainly because I did the eWPT. I would recommend taking the time to go through it and do the labs as well to learn about SQL Injection, Cross Site Scripting, and the other good to know web exploits.
Now I made that section because I believe the material from INE was good. If you don’t have that material because it is expensive, I recommend the following resources.
- The Cuber Mentor – Buffer Overflows Made Easy (2022 Edition)
- TryHackMe – Internal Room
- TryHackMe – Wreath Room
- TryHackMe – Linux PrivEsc Arena
- TryHackMe – Windows PrivEsc Arena
- TryHackMe – Brainpan Room
- TryHackMe – Junior Penetration Tester Path Introduction to Web Hacking
- Metasploit – Pivoting Guide
- Metasploit – ProxyTunnels
The last bit of advice I can give are to make sure you are comfortable with pivoting, proxychains, and port forwarding. You will live in proxychains for this exam.
I will also say the exam stability for me was a nightmare and I hope it works well for you. I took a few days off from work and the lab would not start for ten hours on Saturday. I tried to start at 8AM and kept getting errors about starting up the lab. The issue eventually fixed itself around 6PM. Elearn needs to work on more stable exam labs as I have heard similar issues with other people taking this and other exams.
You most likely will not know if you are ready until you start the exam. My rule is to go with the flow and figure out as you go. Don’t stress too much. Take breaks, rest, sleep on problems, and just try stuff. Learn as you go.
If you found this helpful, please send me a tweet and tell me what you thought! Feedback is always appreciated!