eWPT Exam – Another Cert Bites the Dust

I finally took my eWPT exam this past weekend, so it is nice to have another cert out-of-the-way.

eWPT Exam

While I can’t give away too much information about exam specifics, it was fairly straightforward.

To quote NovaHax on TechExams:

  1. Here’s an App
  2. Test the App
  3. Gain Admin Access to App
  4. Document all findings

The exam starts with a wildcard domain, and the goal of finding all vulns in all subdomains. I started by performing some subdomain enumeration, but I won’t get into too many details about that.

Once all the domains are found, the test becomes a standard web app pentest. Paying attention to all information gathered, as well as ALL possible venues of exploitation is very important.

In the end, I ended up with over 10 vulns for the entire web application and a 39 page report.

Status/Next Steps

I am currently awaiting reviewer feedback on my report, but I’m fairly confident about my current status.

eWPT Exam - Status

The reviewer has 30 business days to give feedback, but I know that my eCPPT only took about seven. I will be on vacation during the holidays, but I am hoping to know how I did before then.

This was an enjoyable cert, is relevant to my current position, and surprisingly useful (even considering my experience).

Once I return from the holidays, I plan on starting the eWPTX course.

doyler on Githubdoyler on Twitter
doyler

Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he’s done it all. To show for it, he has obtained an OSCP, eCPPT, eWPT, eWPTX, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!


He currently serves as a Senior Penetration Testing Consultant for SecureWorks. His previous position was a Senior Penetration Tester for a major financial institution.


When he’s not figuring out what cert to get next (OSCE?!) or side project to work on, he enjoys playing video games, traveling, and watching sports.


26 Comments

Filed under Security Not Included

26 Responses to eWPT Exam – Another Cert Bites the Dust

  1. Josh

    Wow thanks for the feedback! What is your current job title? You said this very was relevant to what you do now.

    • Thanks, and always glad to provide feedback on certs/course I take!

      Current job title is Penetration Tester, but a large focus is definitely on web applications.

      I didn’t expect to learn anything going into this one (figured it would be a refresher before eWPTX), but was pleasantly surprised.

      • Josh

        That is my dream title 🙂 I only have the eJPT at the moment. Do you think I should focus on getting the ePPT or the eWPT?

        • Haha, yea, it’s a pretty sweet gig once you finally get into it.

          I suppose it would depend on what you’d prefer to do, as well as your current skill-set.

          The eCPPT is closer to the OSCP, which will definitely help as far as getting a foothold into a pentesting position is concerned. That said, the eWPT is far more useful as far as web applications are concerned, and this is what you will primarily run across in most organizations.

          I’d recommend eCPPT -> OSCP -> (other certs) from a general career standpoint though.

  2. Josh

    Thanks for the reply! I’m going to take your advice and go for the eCPPT, followed by the OSCP. I have little experience in Pen Testing. I do it at work from time-to-time but not a lot. I don’t think my eJPT cert has any weight in the infosec world haha.

    I forgot to check the “Notify me of follow-up comments by email” box which is why I replied twice lol

  3. Hey man, first off congrats! I am a system engineer but my work has allowed me to pursue Infosec certs. Hoping one day to become a pentester like yourself.

    I am just finishing up on eCPPT and hoping to take the exam over the up and coming holidays. It’s good to hear that eCPPT is very close to OSCP as I plan on getting that cert in the near future.

    I have been “trying” to participate in bug bounties as a way to learn web app sec. From your experience, the eWPT course even taught you a thing or two considering you’re a season pentester?

    I feel that pentesting will move more into web app based testing in the near future with the adoption of cloud based technologies. Do you agree with that statement?

    Thanks and looking forward to reading about your experience on eWPTX course.

    • Hi Chris,

      Thanks for that, and good luck!

      OSCP is a great follow-up to eCPPT, especially if you really followed the material and learned. The eWPT definitely taught me a bit even as a pentester, so I’d recommend it. I’m looking forward to the eWPTX, as it should be even more advanced.

      I think that there will always be plenty of Web App Pentesting, and it is actually already in the majority.

      Good luck with the certs, and let me know if you have any other questions.

  4. Thanks for the review. I’m currently working through the WAPT course. I signed up for the course only to prepare for the WAPTX course and fill in gaps in my knowledge. I’m impressed with the course materials and I’ve definitely learned new things from it even it has only “filled in the gaps”. I wasn’t planning on taking the exam but after reading your review I’m looking forward to it now.

    • Glad you found the review useful, and it was a good course.

      That was exactly how I felt taking the course, but it was definitely more than just a refresher for WAPTX. I’d take the exam if I were you, as it never hurts to have the cert/proving the experience.

      Good luck!

  5. Josh Holmes

    Hey Doyler! Hope all is well in the InfoSec world! I just got back my results for this exam and I failed :(. I wasn’t able to gain admin access and I ended up with about 10 Vulner. Any hints or tips on what I should be studying more? Any feedback would be appreciated.

    Thanks!

    Josh

    • Hi Josh, it is, thanks for asking!

      That’s too bad to hear, hopefully next time you’ll get it. I had roughly 14 vulnerabilities, so you weren’t too far off…

      As far as what you should be studying, it will mostly revolve around what you missed or think you missed. That said, I’d suggest really looking back over SQLi, XSS, and unrestricted file uploads.

      Good luck!

      • Josh

        Thanks for the feedback as always Doyler! I’ll let you know once I get the cert!

        Thanks again and goodluck with the eMAPT! I bought the bundle (eMAPT, eWPT, eWPTX, and eCPPT) so I’ll be adding it to my arsenal soon!

  6. Kumaran

    Hi,

    Great article

    I have done my first attempt of ewpt and found the userID and hashes, anyway I wasn’t able to crack the hash and get the admin access, I submitted the report and waiting for the reviewer to come back. Then I think i can start the 2nd attempt.

    Is the way I followed is correct ? I need to crack the hash to get the admin access right ?

    in that case could you please provide me any hint, that I can use to crack this hash.

    PS: Not asking the exact answer, just a hint 🙂

  7. Josh

    Hey Doyler I have a question. In your opinion, which was more difficult, eWPTX or eCPPT?

    I’m trying to decide which of the two to take next. I would like to get it before the year is out.

    • Hmm, probably the eWPTX? That said, they’re different certs, so it really just depends on what you’re looking for.

      There is little to no overlap, so one isn’t really going to prepare you for the other.

Leave a Reply

Your email address will not be published. Required fields are marked *

ERROR: si-captcha.php plugin: GD image support not detected in PHP!

Contact your web host and ask them to enable GD image support for PHP.

ERROR: si-captcha.php plugin: imagepng function not detected in PHP!

Contact your web host and ask them to enable imagepng for PHP.