Michael Thelen

NinjaCat - Security Analyst - Cyber Security Enthusiast

02 Jul 2018

eLearnSecurity Penetration Testing Professional v4 Review

Estimated read time: ~10 minutes

This review is about the eLearnSecurity Penetration Testing Professional v4 (PTP) course. Shortly after I completed the course and exam eLearnSecurity released the PTP v5, an update to the PTP v4 course materials. The plan comparison in this review is for the newer PTP v5 all other sections relate to the now deprecated PTP v4 course materials and exam.

After completing my eLearnSecurity Junior Penetration Tester v3 (eJPT) exam I was eager to learn more about penetration testing and the penetration testing process and methodology. Luckily eLearnSecurity offers a multitude of security courses and their Penetration Testing Professional v4 course seemed like a natural next step on the topic.

The PTP is a comprehensive hands-on course on professional penetration testing, that focuses on both the practical development and application of penetration testing skills as well as the penetration testing process and methodology. While the PTP course is certainly not cheap I opted to purchase the PTP course because I had a good experience while doing their eLearnSecurity PTS course and related eJPT exam.

Plan Comparison

The PTP course is available in three plans, barebone, full and elite.

The barebone plan is the PTP entry level offering and offers access to the course slides in HTML5 format. All the plans give lifetime access to the course slides but the video content, labs and “PowerShell for Pentesters” and “Ruby for Pentesters” modules are not included in the barebone plan.

The full plan is the middle of the pack and includes all of the above, the video material, 60 hours of lab access and instructor and community support on the eLearnSecurity community forums. While the forums have a low post volume the instructors and community members do respond to questions rather quickly and are helpful and friendly to beginners in the security field. The full plan also includes an eCPPT exam voucher. Take note though as the exam voucher included in this plan expires 180 days after purchase and if it expires you have to purchase a new voucher if you want to take the exam.

The elite plan has everything included in the full plan and offers 120 hours of lab access. The exam voucher included in this plan does not expire so if you want to take your time with the course materials this is the right plan for you. If you pass the exam this plan has the option to ship your shiny new certificate to your home address in physical form without additional cost.

The biggest advantage of the elite plan in my opinion is access to the “PowerShell for Pentesters” and “Ruby for Pentesters” modules. I have access to the PTP v5 materials and I especially like the addition of the PowerShell content. The elite plan also makes the course content available in a downloadable PDF format making it possible to index the PDF files locally and search through the materials for reference.

Demo and Purchasing

Before you purchase the course, you can try out a free demo by filling in your name and email address. You get access to a subset of the slide material to see if you like the content.

When you decide you want to enrol in the course you have to create an account on the eLearnSecurity website when you have done so you can purchase the course. I already had an account and verified my identity once before because of my earlier purchase of the PTS course but still received an email to verify my identity before my PTP purchase was allowed through.

The identity verification process is straight forward but does require you to upload your ID and credit card information through their web portal so be aware of this before purchase. The verification process took about a day after I uploaded the requested documents this was significantly longer than when I purchased the PTS course so I contacted support to check if they received my documentation and if everything was okay with my purchase. Support replied promptly and let me know everything was in order and a few hours later my documents where verified and I had access to the course material.

A note on pricing before purchase, the eLearnSecurity website lists pricing without tax, keep this in mind while purchasing the course as they do add tax on checkout if required by law, this can add a significant amount to your bill depending on your location.

The Course Content

“Course Content”

The course content is split up in five main modules four of which relate to the exam. The Wi-Fi module is fun and informative and highly recommended if you have or are willing to purchase the required hardware but is not part of the exam itself and if you really want to safe to skip.

The main modules of the course are:

  • System Security
  • Web App Security
  • Wi-Fi Security
  • Network Security
  • Ruby

eLearnSecurity also provides additional guiding material on how to handle information during a penetration test and how to write a professional penetration test report. The mind mapping method learned in this material helped me a lot to keep track of information gathered while doing the labs and exam.

The course content is well made, composed with care and is laid out in such a way that it feels like you naturally progress through a module. This is especially true if you have a plan with video content and lab access and follow along with the videos and labs in between slides.

As far as I am aware there is no clear guidance on the order the modules should be completed in or with what module to start. While it is tempting to do the modules in order of appearance or follow the order in the syllabus, I recommend doing the modules in the following order to get the most out of the course.

  • Read the reporting guide
  • Read the guide on handling information
  • Do the WebApp security module
  • Read the guide on handling information again
  • Do the network security module
  • Do the Ruby module if you have access to it
  • Do the System Security Module
  • Do the Wi-Fi module if you have the hardware for it
  • Read the reporting guide again

The Videos

The slides and videos together prepare you well for the labs and exam and while I am not a huge fan of the intro music the videos themselves are well done and solidify the theory you learn in the course slides. In my opinion the videos are worth paying for and warrant a plan upgrade on their own.

The Labs

The labs are awesome and honestly the best part of the entire course! Each lab has a lab manual that usually has a short description of the lab scenario, a list of learning objectives, recommended tools to use during the lab and several tasks that help you to reach the labs end goal. Each lab manual also has a section with solutions to complete the lab if you get stuck. I recommend reading and trying the solutions in the labs even if you solved the lab goal on your own as they can give you more insight and another perspective on how to solve the lab challenge.

There are twenty-two labs in total covering topics such as web application and operating system enumeration and exploitation. Several labs focus on techniques for privilege escalation, pivoting and pillaging. There are also labs on client side exploitation, SQL injection, bypassing anti-virus software and several kinds of man in the middle attacks. The labs cover a wide range of hands on skills and topics that lay a good foundation for any aspiring penetration tester.

What I really liked about the eLearnSecurity labs is the way they are set up. Each lab is dedicated to you and you do not share the resources with other students. The time you spend in the labs is only counted if you have an active lab scenario running this means you do not have to worry about your purchased lab time ticking away if you are not spending time on the course.

In short labs are good hands-on experience that help you prepare for the exam and without them I doubt I would have passed the exam on my first try. If you did the labs and completed all of them without leaning on the solutions to much you will pass the practical part of the exam without much trouble.

Study Tips

  • Take your time with the course materials
  • Become comfortable with and learn to pivot in the labs, thank me later
  • Take your time in the labs and do them more than once before attempting the exam
  • When doing the labs do not jump to the solutions too quick but try to solve them yourself
  • Take some extra time for the materials on handling information, this will benefit you during the exam
  • Train the handling of information during your time in the labs, this will benefit you during the exam

The Exam

Over all the exam is a really fun and sometimes stressful experience. The exam is a 100 percent practical penetration test on a medium sized company network that is of course vulnerable by design. When starting the exam, you receive a letter- and scope of engagement to perform your penetration test. You have a total of 14 days for the exam, 7 days to perform your penetration test and an additional 7 days to write a professional penetration test report.

The exam covers all the materials in the course except the Wi-Fi, and Ruby modules. To pass the exam you have to reach a certain goal and find and document all vulnerabilities found along the way. If you studied and understood the course materials and did all the labs those 7 days will be plenty of time to complete your penetration test, reach the exam goal and find a multitude of vulnerabilities along the way to include in your report.

While most people dread documentation a professional penetration test report is part of the exam and in my experience a great learning opportunity. eLearnSecurity takes the report very seriously, it is graded as part of the exam and can make or break your passing score. Make sure to take your time to write a through report and document all vulnerabilities you found including any proof of concept exploits and remediation steps and you will pass the eCPPT exam.

For my final report I used a heavily modified version of the Offensive Security penetration test report. If you are in need of inspiration there are several other penetration test reports available publicly, they can be found here.

Exam Tips

  • Do all the labs several times before attempting the exam
  • Make yourself a cheat sheet with commands used during the labs
  • Use your gained knowledge on persistence, it will come in handy
  • Pillage, pillage, pillage! Did I say pillage?
  • Revisit the course materials and videos if you are stuck
  • Take your time to write and polish your report before submission
  • Enjoy the exam like the labs it is a really fun challenge to complete
  • Prepare a template penetration test report that you can use to document while doing the exam

Conclusion

The PTP course is well suited for IT professionals with a few years' experience that want to broaden their knowledge about penetration testing or system and network security in general. A solid background in computer networking, operating systems, and a basic understanding of programming languages will benefit you while going through the course materials.

The course material itself is informative and to the point. The additional wireless module is fun and worth going through if you have the compatible hardware. All in all, I found the PTP a worthwhile course that expanded my knowledge about penetration testing and system and network security in general. The pricing of the higher paid plans is a bit steep but the additional video content and labs are worth the price.