I have recently completed my Penetration Testing Professional v5 (Gold) from eLearnSecurity and obtained my eCPPTv2 certification. I took my exam 25-09-2020 and completed it 28-09-2020. Check out the course content for more information!


Overall Experience

I highly enjoyed the course content. It covers many penetration testing subjects on a fairly detailed level. I also really enjoyed the practicality of the course. This course really is hands-on and is aimed at learning by doing.
I previously obtained my eWPT certification from eLearnSecurity so I was already familiar with the ‘hera’ labs and the 7 day long exam. That said, the exam was definitely more difficult than eWPT as it is significantly larger and more complex. However, the fact that you have 7 days (and a potential retake) is plenty of time to complete the objective of this course (obtaining root on the DMZ).


Tips!

  • Buffer Overflow

    If you bought the gold voucher you will have access to the Ruby section of the course. I highly recommend doing this Buffer Overflow that is included in the labs before taking the System Security section. It reflects the exam scenario better and is easier to understand!
    If you are just starting out with Buffer Overflows I highly recommend this youtube series by The Cyber Mentor!

  • The Cyber Mentor

    I purchased the following two courses of the Cyber Mentor from Udemy:

    - Linux Privilege Escalation
    - Windows Privilege Escalation
    These courses are very good because you will be able to build a structured list of things you can check as soon as you get a shell.

  • Read Exam Reviews

    Bravo if you’re reading this! I highly recommend reading several exam reviews to get a view of what you may encounter during the exam. These reviews also contain tips & tricks that you should consider!


Day by Day Summary

Day 1 (Friday)

I started the exam early in the morning and was a little bit nervous about it. Especially because I read how tough the Buffer Overflow was, or so I thought (please don’t get scared by the BOF)! Hitting that exam button felt good after studying for several weeks!

When starting the exam you get access to a letter of engagement. I recommend properly scanning the network before and during your assessment. First you will have access to a web server. The exploitation is fairly simple and remember, there are multiple ways to Rome! After the exploitation I escalated privileges and obtained root level access.
I scanned the network using the web server as pivot and found new machines that could be accessed. With the enumeration from the web server I was able to exploit the second machine really quickly.
When the scans finished I instantly knew what exploit to try on the third machine and this worked instantly. I rooted three machines on the first day and felt really good about the exam so far.

Day 2 (Saturday)

I started early in the morning again and knew that I had to do a lot of enumeration on the machines I exploited. This phase was a bit tough as I was making things too complicated. Please, during the exam, try not to make things too complicated and start with the information you have gathered already! This will save you a lot of time. After having that _“Eureka” moment I knew what step was next - the Buffer Overflow!_I decided to call it a night and continue the next day.

Day 3 (Sunday)

I started early yet again and started with the Buffer Overflow. If you completed the Cyber Mentors course on Buffer Overflows and completed the Ruby lab on Buffer Overflows, than you will find this part to be the easiest. The exam is exactly as the aforementioned resources. Ensure you have a Windows 7 machine locally to test your exploits etc! From my google search prior to the exam I knew what payload to avoid, HINT, and managed to obtain root level privileges on my fourth machine.
With this newly obtained root level access, I opened an RDP session and discovered what to do fairly quickly. This gave me information that I used to obtain a low level shell on the DMZ. The final privilege escalation is super fun! Some find it easy others don’t - my advice is to not make it too complicated and again, ‘start with the information you have gathered already’!. After playing about with this for a bit you should be able to figure it out and obtain root! This concludes the technical aspect of the requirements and all that’s left is writing the report.

Day 4 (Monday)

I used my eWPT report as a starting point and modified the relevant sections where necessary. While taking the exam I took all the necessary screenshots and saved these in my Notion. I highly recommend you to do this as well because it will save you a lot of time with reporting. Also, ensure that you have all the steps that you took to get where you’re at as it may/(will!) happen that your meterpreter sessions die and you will have to repeat several steps again. Good notes are key! I wrote my report in 5 hours and submitted it for review.


Conclusion

This was a super useful certification and the extensive study material as well as the practical labs will definitely keep you interested. The exam is fair and square and I found it very enjoyable. In addition, I have heard this certification is a great stepping stone for OSCP!
I hope that you enjoyed reading my small day to day summary and that you gained some useful tips for the exam. For those that are about to take the exam: best of luck and remember not to make things too complex!
Bon Voyage!