OSEP PEN-300 review - Evasion and Breaching Techniques
You got a reverse shell, but I got a meterpreter shell with antivirus enabled. We are not the same.
I got to say this journey was long due. Before signing up for OSCP, I bought eCPPT exam voucher for half it’s price as elearnsecurity were running discounts at that moment, I figured it’ll be a great place to sink my feet in after completing my PWK lab time to be fresh. Unfortunately it didn’t go as plan and I directly went for OSCP.
After completing my PWK, I was hooked on learning further more and also as everyone did mention, eCPPT exam is more like a real life pentesting scenario and not so CTF oriented, and I thought let’s dive right in, as it was during Christmas time, it was the perfect time to learn something new to end the year with a bang!
Well, the eCPPT cert is the next level to their foundational eJPT cert and many professionals compare it to a OSCP variant. As I cant afford to buy their whole course, I can’t really say anything about how good the materials are but based from my exam experience, I will definitely recommend anyone to get eCPPT if they are into network pentesting and want to explore further on.
PTP course evaluates and assesses your skills in these following domains:
As I was fresh off learning in PWK for OSCP, I reused some of their materials to keep myself intact and also ventured into blogs and reviews from other eCPPT holders. I would totally recommend first start off with The CyberMentor Buffer Overflows Made Easy series to have a super smooth time in understanding concepts of buffer overflow, at the mean time you could explore several buffer overflow machines in TryHackMe to keep yourself in touch with the concepts, few of the ones Id totally recommend is brainpan, and TheMayors Gatekeeper. If you studied right and understand what you are doing, you’ll find Buffer Overflow to be super easy.
One of the best part about elearnsecurity is they give you ample amount of time to finish the exam and for writing a full penetration test report based on your findings. This exam consist of a penetration test on a simulated client network based on the given client scope and also to write a penetration testing report. You would come across web servers, sub-nets, and also a DMZ and the requirement to pass the exam is to obtain root privilege on the DMZ host. Additionally, reporting all the other various vulnerability is mandatory. I personally enjoyed this part cause you are not restricted to exploit things and you can go crazy with how you wanna enumerate, exploit and pivot across various networks. It allows you express how much you know in this field which is really nice.
From reading their syllabus on the website, many of the information from Ruby, Powershell, or WiFi were not present in this exam but more information is always good for further knowledge development :D
To sum it up, it took me roughly 3 full days to complete my exam and another additional 4 days to write my report, simply because I understand the importance of a penetration report so I wanted to put my full effort into it.
I initially had some difficulties with using Metasploit 6 in the exam environment so I had to downgrade the version to Metasploit 5 to have my experience smoother. If anyone is facing similar issues Id recommend you to check out pimpmykali script from Dewalt repository.
Learn how to be comfortable with using metasploit and its services, being good at this will make your life easier not just in the exam but also working as a penetration tester. Learn how to be comfortable with using metasploit and its services. Understand how to pivot within networks with tools like socks4a proxy, proxychains, and autoroute. I picked up most of it from another blog: Pivoting. Be familiar with upgrading normal shells to metepreter shells, this is super important in this exam and if you aren’t familiar with these processes, you’d end up being stuck in several places. Take your time as the given duration is alot, enumerate all services as much as you want, check out all ports and applications if you have to. Lastly, be descriptive and in layman on your report to the extent where other people can reproduce the findings without seeking assistance.
As I dedicated majority of my 2020 to understanding and being versed in network pentesting, I plan to dedicate my 2021 to web application security as we all know this is the heart of most penetration testing engagement. eWPTXv2 exam is my next target and closing it out with OSWE.
Stay curious and have a good one!