Being a system and network administrator by trade and interested in system and network security as a hobby I wanted to expand my knowledge about penetration testing. I went looking for a course that would teach hands on and practical penetration testing skills and found community members on the netsecstudents Reddit discussing the Penetration Testing Student v3 (PTS) course from eLearnSecurity.
The PTS is an introductory course into the field of penetration testing that is in my opinion not too expensive to just ‘try out’ to see if you like it. While it is certainly possible to learn about penetration testing from free online resources such as YouTube videos and online blogs I opted to purchase the PTS course to save myself some time and make things a little bit more official and also obtain my eJPT certification in the process.
The PTS course is available in three plans, barebone, full and elite.
The barebone plan is the PTS entry level offering and is often available for free. eLearnSecurity invites for this plan can usually be earned by attending one of their webinars or keeping an eye out for discounts in online communities such as the netsecstudents Reddit or the techexams forums. All the plans give lifetime access to the course slides but the video content and hands on labs are not included in the barebone plan.
The full plan is the middle of the pack and includes the video material, 30 hours of lab access and instructor and community support on the eLearnSecurity community forums. While the forums have a low post volume the instructors and community members do respond to questions rather quickly. This plan also includes an eJPT exam voucher with one free retake in case you fail the exam the first time. Take note though as the exam voucher included in this plan expires 180 days after purchase and if you let it expire you have to purchase a new voucher if you want to do the exam.
The elite plan has everything included in the full plan and offers 60 hours of lab access and three free retakes in case you fail the exam more than once. The exam voucher included in this plan does not expire so if you want to take your time with the course this is the right plan for you. If you pass the exam this plan has the option to ship your shiny new certificate to your home address without additional cost.
The biggest advantage of the elite plan in my opinion is that the course materials are available in HTML 5 and PDF formats making it available on mobile clients such as a tablet or mobile phone this allowed me to learn on the go while using my iPad. Having the course content available in downloadable PDF format also helps as you can download the PDF files and index them to search through the course materials to look something up quickly.
Demo and Purchasing
Before you purchase the course you can try out a free demo by filling in your name and email address. You get access to a subset of the slide material to see if you like the content.
When you decide you want to enroll in the course you have to create an account on the eLearnSecurity website when you have done this you can purchase the course. After I signed up and made my purchase I received an email to verify my identity apparently to prevent fraud.
This process is straight forward but does require you to upload your ID and credit card information through their web portal so be aware of this before purchase. The verification process took about an hour after I uploaded the requested documents but I have heard stories from others about the process taking a bit longer.
The Course Content
The course content is split up into three major modules starting with some prerequisite knowledge before you dive into the penetration testing module itself.
The main modules of the course are:
- Preliminary Skills - Prerequisites
- Preliminary Skills - Programming
- Penetration Testing
The content is well made, composed with care and is laid out in such a way that it feels like you naturally progress through the material, especially if you have a plan with video and lab access and follow along with the videos and labs in between slides.
The materials begin with a brief introduction into the information security field, laying a basic foundation in networking, web application fundamentals and programming before moving on with the penetration testing module.
While it is tempting to skip straight to the interesting stuff I highly recommend to take some extra time to do the programming module of the course. While this module is not strictly needed to pass the exam, it lays a good foundation for a beginner that wants to enter the penetration testing and computer security field where basic programming and scripting knowledge is a good skill to have.
The networking module and Wireshark videos should also NOT be underestimated and spending some extra time to really understand what is going on here will make you a more effective penetration tester and IT professional in general. Trust me and thank me later.
The course videos are well done and, in my opinion, solidify the theory you learn in the course slides. The slides and videos together prepare you well for the hands-on labs. The voice over in some of the videos seems to be a bit robot like at times but nothing too annoying.
The labs are awesome and honestly the best part of the entire course! Each lab has a lab manual. The manual usually has a short description of the lab goal, recommended tools to use during the lab and several tasks that help you to reach the labs end goal. Each lab manual also has a section with solutions to complete the lab if you get stuck. I recommend reading and trying the solutions in the labs even if you solved the labs goal on your own as they can give you more insight and another perspective on how to solve the lab challenge.
There are twelve labs in total covering HTTPS sniffing, web application and operating system enumeration and exploitation, SQL injection and man in the middle attacks among others. The lab network is dedicated to you and you do not share the resources with other students. This means you are free to do as you please within the labs. The hands-on experience the labs give you really help you prepare for the exam. If you did the labs and completed all of them without leaning on the solutions to much you will pass the exam without much trouble.
I did all the labs two times and spent about 10 hours in total in the labs. When I was done with the course and passed my exam I still revisited them a few times because they are really fun to do.
- Go for a plan with video content and lab access as they really solidify your understanding of the slides
- Take your time with the course materials
- Take some extra time for the programming module if you want to make this your career
- Take your time in the labs and do them more than once before attempting the exam
- When doing the labs do not jump to the solutions too quick but try to solve them yourself
- Do NOT underestimate the networking module of the course
When you start the exam, you receive a letter of engagement with a scope to perform your tests. To complete the exam, you have to perform a hands-on penetration test on a small company network and answer several questions along the way. The answers to the questions are not obvious at first glance but will reveal themselves once you start compromising the company network. You have three days to perform your tests and this is plenty of time to complete the exam.
The exam network is setup and configured as a real small company network and a fun challenge to complete. If you did all the labs a few times and understood the course materials you will pass the exam without much trouble.
- You have three full days to complete the exam, this is plenty of time
- Do all the labs again the day before you start the exam
- Make yourself a cheat sheet with commands you used during the labs
- Revisit the course materials and videos if you are stuck
- Double check your answers before submitting the exam
- Upon completing the exam, you are given the results immediately
- Enjoy the exam like the labs it is a really fun challenge to complete
The PTS course is well suited for beginners that want to step into the security industry or just want to expand their knowledge about penetration testing. A little background in computer networking and the Linux operating system is advised before stepping into the course but not strictly needed.
The course material is informative, to the point and has a natural flow to it that most beginners will appreciate. The video content and especially the labs that come with the two higher plans are well worth the upgrade and are a lot of fun to complete.
All in all, I found the PTS a worthwhile course that expanded my knowledge about the penetration testing and information security field so much so that I purchased the more advanced eLearnSecurity PTP course right after completing the eJPT exam.