I started my journey with practical certifications in the Cyber Security world because I have been trying to pivot careers after being in technical sales in the Fintech space for nearly a decade.
After obtaining my eJPT and eCPPTv2 certifications, I am proud to announce that I am now an Information Security Analyst for Synack on their Vulnerability Operations team.
With that being said, I wanted to talk through my journey on how I managed to pass the eCPPTv2 exam on my first try, without using any of the INE resources.
Yes, it can be done! How bad do you want it?
(proof of my certification if you don't believe me haha) https://verified.elearnsecurity.com/certificates/2dabc4f1-6fbe-4e6f-bc65-3f26368e9da9
Let's start off with the obvious. If you passed your eJPT, and think it is a similar exam, I promise you, you will be in for a very unpleasant surprise. The eCPPTv2 exam is similar to the OSCP in my opinion aside from the obvious, which is being able to use any tool that you want, and that you have 7 days to hack all the targets.
If you are not comfortable with pivoting through multiple subnets, privilege escalation methods for Linux and Windows, identifying buffer overflows and writing a script to exploit the buffer overflow, along with detailed professional report writing, I highly suggest you follow the material I list out below.
I used a mix of paid and free resources to study, and to be honest, you could get away with passing this exam without spending a dime in study material if you are really committed.
The best way I can add value to the community is be providing the resources I used to pass the exam. I suggest that you use the following resources as your bible when it comes to preparing for the eCPPTv2 exam, and I can almost guarantee you will pass.
Side Note: Please do NOT reach out to me if you think I will give you the answers for the exam. I felt the pain, you will feel the pain too. Don't be a lazy n00b.
Let's get this show on the road boys and gals!
Privilege Escalation Resources:
- Linux Privilege Escalation for Beginners by TCM Security (PAID): https://academy.tcm-sec.com/p/linux-privilege-escalation
- Windows Privilege Escalation for Beginners by TCM Security (PAID): https://academy.tcm-sec.com/p/windows-privilege-escalation-for-beginners
- TryHackMe Room LazyAdmin (FREE!): https://tryhackme.com/room/lazyadmin
- TryHackMe Room LinuxPrivEsc (FREE!): https://tryhackme.com/room/linuxprivesc
- TryHackMe Room Empline (FREE!): https://tryhackme.com/room/empline
- TryHackMe Room Windows PrivEsc (FREE!): https://tryhackme.com/room/windows10privesc
- TryHackMe Room Wreath (FREE!): https://tryhackme.com/room/wreath
- TryHackMe Room VulnNet: Internal (FREE!): https://tryhackme.com/room/vulnnetinternal
- Explore Hidden Networks with Double Pivoting (FREE!): https://pentest.blog/explore-hidden-networks-with-double-pivoting/
- Pivoting with Metasploit (FREE!): https://arf-sec.com/?p=99
- Network Pivoting with Metasploit and Proxychains (FREE!): https://blog.pentesteracademy.com/network-pivoting-using-metasploit-and-proxychains-c04472f8eed0
Buffer Overflow Resources:
- TryHackMe Room Gatekeeper (FREE!): https://tryhackme.com/room/gatekeeper
- TryHackMe Room Buffer Overflow Prep (FREE!): https://tryhackme.com/room/bufferoverflowprep
- Practical Ethical Hacking - The Complete Course (PAID!): https://academy.tcm-sec.com/p/practical-ethical-hacking-the-complete-course
- The Braindead Buffer Overflow Guide to Pass the OSCP Blindfolded (FREE!): https://boschko.ca/braindead-buffer-overflow-guide-to-pass-the-oscp-blindfolded/
- Buffer Overflows Made Easy (FREE!): https://tcm-sec.com/buffer-overflows-made-easy/
Metasploit / MSFVenom Resources:
- TryHackMe Room Metasploit (FREE!): https://tryhackme.com/room/rpmetasploit
- TryHackMe Room Metasploit: Introduction (FREE!): https://tryhackme.com/room/metasploitintro
- MSFVenom Cheatsheet - Easy way to create metasploit payloads (FREE!): https://thedarksource.com/msfvenom-cheat-sheet-create-metasploit-payloads/
- Meterpreter Cheatsheet (FREE!): https://pentestwiki.org/metasploit-meterpreter-cheat-sheet/
- Metasploit Cheatsheet (FREE!): https://nitesculucian.github.io/2018/12/01/metasploit-cheat-sheet/
- Hakluke's Ultimate OSCP Guide: Part 3 - Practical Hacking Tips and Tricks (FREE!): https://hakluke.medium.com/haklukes-ultimate-oscp-guide-part-3-practical-hacking-tips-and-tricks-c38486f5fc97
- OSCP Enumeration Cheatsheet (FREE!): https://github.com/oncybersec/oscp-enumeration-cheat-sheet
- Liodeus Personal OSCP Cheatsheet (FREE!): https://liodeus.github.io/2020/09/18/OSCP-personal-cheatsheet.html
- TryHackMe Room Web Enumeration (FREE!): https://tryhackme.com/room/webenumerationv2
- Post Exploitation Cheatsheet (FREE!): https://oscp.securable.nl/post-exploitation
- Post Exploitation Cheatsheet (FREE!): oscp.infosecsanyam.in/post-exploitation
- SQLmap Tutorial (FREE!): https://www.binarytides.com/sqlmap-hacking-tutorial/
Report Writing Resources:
- TCM Security Sample Pentest Report (FREE!): https://github.com/hmaverickadams/TCM-Security-Sample-Pentest-Report
Before I end by write up, I want to leave you with a few personal tips of mine. I hope they are helpful for you.
- Make sure that you screenshot everything, from enumeration, too exploitation. I created folders for each machine by IP address and stored every screenshot in there.
- If an exploit doesn't work for you, try different payloads. You have hundreds of payloads available to you, just because your reverse shell doesn't work, doesn't mean your exploit didn't.
- Enumerate EVERYTHING. Continue to enumerate through each phase of your methodology.
- Post exploitation is KEY. Be diligent, dig through everything. You never know what you might find that will help you to get to the next box, subnet, etc.
- Do not underestimate the report. People have failed solely on the report. In my opinion I struggled more on the report than I did the actual pentest. Remember this is a mock professional pentest, I highly suggest you treat this as if you are working with a live client.
- Take breaks. Sleep. Eat. Shower.
- If you are stuck, google. I did. I dug deep!
Wrapping this up, my report was around 70 pages, mainly because I walked through every step of the exploit, provided screenshots for each step, and I provided detailed remediation steps. Please for the love god, pay special attention to your report. Add everything you find, I don't care if it's a reflected XSS, add it in the report. Treat this report and exam like a live client.
eLearn Security laid out this exam really well. I actually enjoyed it even though I was banging my head on the keyboard somewhat frequently. You have 7 days to complete the hacking portion which is MORE than enough time to do it. They also provide an additional 7 days to complete the report, I would savior every moment of it. I did.
It took eLearn Security around 14 days to get back to me with my results.
If you have any questions, please feel free to reach out to me on twitter: twitter.com/grumpzsux
I hope this was helpful. Hack the planet nerds.