I wanted to share my journal and stream of thoughts from my eCPPT exam, and my successes/failures.
eCPPT Exam – Introduction
Now, obviously my memory will be a bit hazy as it has been over three months, and I don’t want to include any exam spoilers, but I will do my best to describe the exam and my process.
The course and exam have been updated a lot since I took it, but I cannot recommend it enough.
YouTube Version of this Post
If you prefer a video over reading the text, then you can find the YouTube version of this post below.
That said, don’t forget to hit those like and subscribe buttons to help support the blog and channel!
Day 1 – February 14, 2014
I started off the evening with a nice, romantic Valentine’s Day dinner at Taco Bell with 2 close friends.
The exam kicks off at 9:28pm, and I have nothing but my wits, skills, and 6 Sugar Free Amp energy drinks to help me.
I perform a lot of enumeration and understanding of the network and externally facing systems. Some planning, but I’ve never been great about that.
There are also TONS OF SCREENSHOTS (Evernote is my hero).
Day 2 – February 15, 2014
Some progress as of 24 hours and 3 energy drinks in (~144 hours and 3 energy drinks remaining), but too early to tell.
According to the VM timer I spent around 10+ hours in the environment this day, and I didn’t get too burnt out (yet).
eCPPT Exam Day 3 – February 16, 2014
A bit more progress (and a lot more frustration) as of ~48 hours and 4 energy drinks in, but a lot to go.
Day 5 – February 18, 2014
(no day 4 update)
After ~76 hours and 5 energy drinks (~92 hours and 1 energy drink remaining) I did not make any more progress, other than increased frustrations.
At this point I start to go back over everything both network and lab wise, to try to decide what I might be missing or forgetting.
Additionally, I’m taking screenshots and noting everything down, to prepare for my report.
This is also the point where I start trying to randomly brute force EVERYTHING…not the best solution.
Day 6 – February 19, 2014
~122 hours and 6 energy drinks in (~46 hours and 4 energy drinks (thanks to a friend for the surprise) remain), and I’m making progress again.
Always remember that there are multiple ways to attack something, as well as different payloads…this was something that caused me no shortage of frustration (TRY MORE THAN ONE PAYLOAD NEXT TIME).
“All” that I have left at this point is some custom exploit dev and the DMZ.
eCPPT Exam Day 6 Night/Day 7 Morning
The custom exploit dev went along without too many hitches, and with a pretty interesting solution. (Shouldn’t be a spoiler) Instead of a more standard payload (was running into issues), my exploit remotely deleted a user, added that user back, made them an administrator, and then enabled RDP.
At this point I have ~18 hours left and nothing but the DMZ left.
Day 7 – February 20, 2014
As of 11am on the seventh day (~146 hours and 7 energy drinks in), I obtained root level access in the DMZ, thus completing the testing part of the exam.
At this point, I just had to perform a bit more information (AND SCREENSHOT) gathering, and verifying that I found every vulnerability on the machines instead of just one.
Then I had 7 days to write the report (had 99 pages of unformatted screenshots and notes at this point).
eCPPT Exam – Reporting
While I don’t have many notes on my report itself, I’ll try to give an understanding of how it went.
I started with 99 pages of screenshots and mostly unsorted/un-formatted notes.
From here I sorted them out, added headers, and began looking at sample Penetration Test reports.
All in all, my report ended up being 50 pages in total including an Executive Summary, Vulnerability report (including remediation steps), and source code Appendix
While writing the report wasn’t that hard with all of my notes, it was still something very new to me, and a valuable experience.
The only real advice I could give on this is to take constant screenshots and notes, make sure you have a format in mind, and don’t wait until the last-minute.
Results / Follow-up
As of March 7th @ 12:12pm, I received the following e-mail:
“Our instructors at eLearnSecurity want to congratulate with you and award you with the eLearnSecurity Certified Professional Penetration Tester certificate. You are now an eCPPT!”
eCPPT Exam – Conclusion
I know that this is an older post (that I actually updated in 2016 and 2020), but hopefully it serves as a bit of a diary into my exam experience.
I also recommend that you check-out my eCPPT review for more information.
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he’s done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!
He currently serves as a Senior Staff Adversarial Engineer for Avalara, and his previous position was a Principal Penetration Testing Consultant for Secureworks.
This page contains links to products that I may receive compensation from at no additional cost to you. View my Affiliate Disclosure page here.