eCPPT course : The Honest Review

eLearnSecurity Certified Professional Penetration Tester (eCPPTv2) is a 100% practical certification focused on allowing you to prove your penetration testing skills through real world scenarios

Welcome N1NJ10

in this article i will share with you my journey with eCPPT course and share my resources with you also the platforms that i practice on it and the courses that helped me to pass every section

Let's start

• System Security

This section talked about the Assembly language , debuggers , Bufferoverflows attacks and concepts , Types of shell code , Malware analycis , .....

In my opinion to understand this module well you should have a programming concepts and the Assembly basics and write some Assembly codes like Hello world and this stuff

I encourage you to read this book

Penetration Testing with Shellcode :

Penetration Testing with Shellcode: Detect, exploit, and secure network-level and operating system vulnerabilitiesAmazon.com

Penetration Testing with Shellcode

You can practice on this great site

x86-64 Assembly on ExercismExercism

Problem Solving

And try to download a vulnerable programs and practice on it

Freefloat FTP Server 1.0 - 'STOR' Remote Buffer OverflowExploit Database

FTP vuln_Server

or you can find some attackboxs in Tryhackme and Hackthebox .

https://tryhackme.com/dashboardtryhackme.com

Tryhackme

Hacking Training For The BestHack The Box

Hack The Box

• Network Security

This is one of my best sections in the course as it was the longest and biggest section in terms of content. It covered a lot of different types of attacks and techniques that can be used for penetration testing on networks, both internally and externally , It also talked about Privilage escalation , Anonymity , .... .

If you have a network background that will ease the process , If not you can take some network courses like Network+

There is some courses that helped me on this

Practical Ethical Hacking from TCM :

Practical Ethical Hacking - The Complete Course

Practical Ethical Hacking

Linux Privilege Escalation from TCM :

Linux Privilege Escalation

Linux Privilege Escalation

Windows Privilege Escalation from TCM :

Windows Privilege Escalation for Beginners

Windows Privilege Escalation

JR Pentrationtester Path from Tryhackme :

TryHackMe | Cyber Security TrainingTryHackMe

JR Pentrationtester

Pre Security Path from Tryhakcme :

TryHackMe | Cyber Security TrainingTryHackMe

Pre Security

And you can also read this great book about practical network attacks

Attacking Network Protocols :

Attacking Network Protocols: A Hacker's Guide to Capture, Analysis, and ExploitationAmazon.com

Attacking Network Protocols

I like the ICMP protocol so i decide to study ICMP attacks well and this pdf helped me alot

ICMP Usage

Also you can see my post i share many websites that helped me to pass it

Fady Moheb on LinkedIn: #networksecurity #linux #windows #unix #network #share #help #ecppt…linkedin

Network_Resources

Try to practice more and more on this module by playing CTF or manual labs

Free_Platforms_To_practice

• Powershell For Pentesters

This section talked about the Powershell but for the pentesting tasks , so you need to understand the basics before you getin , So you can read this book to get the basics

Powershell 101 :

PowerShell 101Leanpub

Powershell 101

After reading this book the section will learn you most techniques about download and upload , evasion the AV and the Firewalls , execute remote commands , ...

You can practice on this techniques from your pc with another windwos vm machine this helped me to understand how powersehll really works

Basic PowerShell for PentestersHackTricks

Good one

Also take a look on my post about sites that helped me on this section

Fady Moheb on LinkedIn: #ecppt #empire #nishang #blogs #pentesting #networksecurity #microsoft…linkedin

Powershell_resources

• Linux Exploitation

This is one of my best sections in the course that talks about Local/Remote enumeration on linux distributions , Remote Exploitation attacks like password attacks , shellshock , Heartbleed , RMI , Lateral Movements , .....

If you have experience with playing CTF this section will be interesting for you cuz it talked about interesting topics especially pivoting

There is some courses that helped me on this :

Movement, Pivoting, and Persistence from TCM :

Movement, Pivoting and Persistence for Pentesters and Ethical Hackers

Pivoting

Wreath from Tryhackme :

TryHackMe | WreathTryHackMe

wreath

Linux 101 from TCM :

Linux 101

Linux 101

Complete Beginner Path from Tryhackme :

TryHackMe | Cyber Security TrainingTryHackMe

Complete Beginner

Windows Post-Exploitation :

Windwos_Post_Exploitation

Linux/Unix/BSD Post-Exploitation :

Linux/Unix/BSD Post-Exploitation

OS X Post-Exploitation :

OS X Post-Exploitation

this section is very informative and have many good techniques about pivoting and persistence

• Web Security

This section talked about the basics web security attakcs like xss , x/csrf , sql injection , file upload , ....

Honestly this not a good one to depend on so you can practice on the hacking platforms especially Portswigger

Web Application Security, Testing, & Scanning - PortSwigger

Portswigger

Also take a look on my post about sites that helped me on this section

Fady Moheb on LinkedIn: #ecppt #webapplicationsecurity #websecurity #xss #csrf #sqlinjection…linkedin

Resources

• WI-FI Security

This is one of my best sections in the course but you should know some wireless basics so you can read this book to understand basics wireless concepts and attacks like WEP Cracking , KRACK , WPA Capture Attacks , Evil Twin Attacks , .....

Kali Linux Wireless Penetration Testing Beginner's Guide - Third Edition :

Kali Linux Wireless Penetration Testing Beginner's Guide - Third Edition: Master wireless testing techniques to survey and attack wireless networks with Kali Linux, including the KRACK attackAmazon.com

Wireless Penetration Testing

This module need you to have a network adapter like Alfa adapters this is the best ones

ALFA Network Inc.ALFA Network Inc.

ALFA

You can practice on your Home network or from Attack-Defense

Attack-Defense Online Lab

Attack-Defense

Also take a look on my post about sites that helped me on this section

Fady Moheb on LinkedIn: #wifi #wifisecurity #sniffing | 13 commentslinkedin

Resources

• Metasploit & Ruby

This section is good also cuz it have a good introduction about Ruby lang and help you to make your own modules in metasploit and it gives you a good brief about how to use metasploit

I encourage you to read this book about metasploit and it's modules

Metasploit Penetration Testing Cookbook - Third Edition:

Metasploit Penetration Testing Cookbook - Third Edition: Evade antiviruses, bypass firewalls, and exploit complex environments with the most widely used penetration testing frameworkAmazon.com

Metasploit & Ruby

You can practice in your home lab or from the above platforms

Also take a look on my post about sites that helped me on this section

Fady Moheb on LinkedIn: #ecppt #metasploit #ecppt #free #resourceslinkedin

Resources

I will try to update this post from time to time with other resources so make sure to save this post and fell free to follow me on linkedin i'm active on it

https://www.linkedin.com/in/fadymoheb/

Fady_Moheb

And you can join To this Telegram channels this will help you especially you're an arabic one

Telegram Chats: Sec_STUFFTelegram

Sec_Stuff