eLearnSecurity Certified Penetration Tester eXtreme
Hello Folks, some times ago i decided to take eLearnSecurity Certified Penetration Tester eXtreme (eCPTX) exam. Knowing I am going against something really difficult.
Advanced Penetration Testing — Course
The eCPTX exam is based on the Advanced Penetration Testing course under the INE flag. The course itself is a monster, and includes:
- Social Engineering and Macro Development
- Red Teaming Active Directory
- Attacking MSSQL, Exchange, and WSUS
- Evasion Techniques
- Labs on exploiting much of the above
Many of the lessons are hundreds of slides long, which at times can feel overwhelming. Things like using Mimikatz, and the plethora of ticket attacks that are not stealthy and considered basic to AD exploitation are all covered in what is supposed to be an advanced course. In reality many of these things are basic active directory exploitation and penetration testing skills that should have been taught in the Professional Penetration Tester course and are expected of your entry-level penetration tester.
I particularly liked the Evasion module as this is what I would personally expect in a more advanced red teaming course. Some of the content in the lessons seems to be reused from other sources, however there are only so many ways to cover some of these things. In that mindset, it was nice to have it all under one roof.
By obtaining the eCPTX, your skills in the following areas will be assessed and certified:
- Advanced penetration testing processes and methodologies
- Advanced Exploitation using Metasploit and Empire
- Network/traffic manipulation
- Advanced Lateral Movement (WMI, PS Remoting, DCOM, etc.)
- Advanced Active Directory Information Gathering, Enumeration and Reconnaissance
- Custom Attack Vector Development
- Deep knowledge of Active Directory and Windows internals
- Knowledge of Windows authentication weaknesses
- Web application Manual exploitation
- Stealthy Scanning and Profiling the target
- Advanced Persistence / Backdooring
- Privilege escalation
I recommend using the INE course. But it will not be completely mandatory and I will explain why.
HTB is the key
(I recommend that you try making your own machines. Because this helps you a lot in understanding how any exam or any CTF is structured.)
For pass this exam i’ll give you some boxes to do:
- Intelligence (HTB)
- Pivotapi (HTB)
- Sharp (HTB)
- Monteverde (HTB)
- Resolute (HTB)
- P.O.O Endgame (HTB)
- Rastalabs, Offshore & Cybernetics (HTB)
By doing these machines 2 or three times, you will be able to understand how the Active directory works. And if I can give you my advice, you no longer play on linux machines, but only play on windows machines. I can said you that are the same machines needed for pass OSEP. (I just see that in other blogs)
The eCPTX Exam
The exam takes only 48 hours to finish the environment, and a further 48 hours to make the report. You need to know all the basics tools like nmap, smbmap, mimikatz and more. An in-depth knowledge of powershell? No. There is no need, thanks to the use of google I was able to find all the syntaxes I needed.
Honestly, you need to know the C# language. Personally, on this, I was very lucky, because in the past I worked for a company where I used this language every day, for tickets and fixing some bugs in some applications. I’m not very good, but I understand it well.
In this exam, Elearning Security give you 2 free attempt.
The key for pass this exam
The key for pass this exam is to do all windows HTB machines, and googling. So much!!! Learn about Pivoting, Horizontal privesc, Mimikatz, Rubeus, crackmapexec, hashcat, john etc..
If you don’t pass this exam, don’t be disheartened. An exam doesn’t mean anything, it doesn’t mean if you’re good or not, even a 14 year old can pass this exam if he plays HTB every day. Certifications is different by skill. Many certifications are mechanical. You don’t need to know every little thing.
So good luck for you exam! :D