You don't necessarily have to perform a a vulnerability scan with Nessus or other similar tools in order to pass it , i didn't use any of those and i passed it :)
The materials the the eCPPT provide isn't enough ?? if it is then why i need to buy PTP for this ??? And can you suggest alternative learning materials??
I mean I'm sure you can pass the exam by doing Hack The Box, TCM Security or other well received or reviewed content. If you did Hack The Box Academy or TCM Security PEH I think you would be well prepared for the eCPPT. When I say the "material isn't enough", almost all pentesting exams have some twist that require you to think outside of the box or do some research that wasn't taught explicitly. Alternative material for passing the exam is mentioned in this video like the double pivoting article.
Do I need to buy one of the Premium Pricing Plans to get all the mandatory Trainings for this certifcation or are they included in the annual fundamentals too?
Thank you for the detailed review on the exam. I actually had a question about the Buffer Overflow. Did you have Immunity on the exam environment provided, or did you download the exe from the lab machine and use Immunity locally on your own machine?
I would recommend having immunity and mona installed on a windows 10 vm for the exam. This will give you a local target to exploit to test your payload on and that you can easily reset during the exam if the program crashes.
So I just start the system security section of the INE course. This is going to be the end of me because it's literally death by power point on some complex subjects. Would you says Heath's Buffer overflow videos are good enough to supplement the system security section/pass the test regarding any buffer exploits that might come up? I took his Linux and windows privilege escalation videos and trully learned so much. I know in John Hammond's review he mentioned kinda the same thing that this 1st section is a huge turn off and complex.
Hey I have a question, You said something is on the exam that probably isnt taught and that is pretty much crucial to do in specific steps, im almost certain you are allowed to tell us which parts to study or brush up on in your opinion, if its not in the course material, how else would we know? For example: some ppl say network security section is really important, so saying 'I think x IMO is good material to study' is not necessarily giving us cheats, its helping us be aware of what to study
Hi Cameron - just wanted to clarify are you referring to the pivoting? Here is an article that can help pentest.blog/explore-hidden-networks-with-double-pivoting/. I have noticed that eLearn exams almost always will require at least 1 or 2 things from outside of the course materials to research or use during the exam. For example in the eMAPT you need to develop an android app, something that isn't covered by the material at all. I've noticed their style is to include examples in the course materials/labs, but in the exam it is often up to you to apply that exploit or material in a new or interesting way. It can certainly be a frustrating scenario at times, but I do believe they give you enough to work with. Let me know if I can help to clarify any other info about the exam.
@@WilsonSecurityGroup hello there okay thank you ill check out that resource, and it wasn't that section, you mentioned something "else" being on the exam that wasn't in the material and to do it in specific steps and how most people probably wouldn't have thought about doing it like this
@@CameronNoakes in regards to the "subtlety" of the exam, just make sure you are enumerating properly even if it only seems moderately "suspicious", and when executing the Buffer Overflow don't limit yourself in creativity in terms of where the attack is coming from.
I don't know why they won't include the labs in the monthly subscription. TryHackMe has some good labs, but it varies wildly based on the course if those labs are relevant to anything with INE/eLearnSecurity.
Personally I don't use htb very often. I am sure it has some valuable rooms similar to the exam. One room I found very valuable was the buffer overflow prep on TryHackMe tryhackme.com/room/bufferoverflowprep
Resetting is very good advice while doing the BoF, i was in the exact same boat
You don't necessarily have to perform a a vulnerability scan with Nessus or other similar tools in order to pass it , i didn't use any of those and i passed it :)
Thanks, I think the letter of engagement says to perform a scan, I was wondering if this is truly required.
Great review, thanks for all advices you gave !
Hey, thank you for the video. I'm going to be taking this exam later this month. I appreciate your review and things to look out for. Best regards
How did you do?
We are anxiously awaiting those results :D
The materials the the eCPPT provide isn't enough ?? if it is then why i need to buy PTP for this ???
And can you suggest alternative learning materials??
I mean I'm sure you can pass the exam by doing Hack The Box, TCM Security or other well received or reviewed content. If you did Hack The Box Academy or TCM Security PEH I think you would be well prepared for the eCPPT. When I say the "material isn't enough", almost all pentesting exams have some twist that require you to think outside of the box or do some research that wasn't taught explicitly.
Alternative material for passing the exam is mentioned in this video like the double pivoting article.
hello, nice video! would you say that the INE course prepares you to face the pivoting issue that you mention?
I believe it was mentioned but definitely recommend reading this article in depth as well: pentest.blog/explore-hidden-networks-with-double-pivoting/
@@WilsonSecurityGroup Thanks!
Thanks for the great review. How long did it take you study for the whole course?
I would say about 1.5 to 2 months. I don't have an exact time-frame for this one.
@@WilsonSecurityGroup Thanks
Do I need to buy one of the Premium Pricing Plans to get all the mandatory Trainings for this certifcation or are they included in the annual fundamentals too?
The eCPPT materials are included in the Premium Plans only. The fundamentals plan has eJPT content as well as other basic IT fundamentals
Thank you for the detailed review on the exam. I actually had a question about the Buffer Overflow. Did you have Immunity on the exam environment provided, or did you download the exe from the lab machine and use Immunity locally on your own machine?
I would recommend having immunity and mona installed on a windows 10 vm for the exam. This will give you a local target to exploit to test your payload on and that you can easily reset during the exam if the program crashes.
@@WilsonSecurityGroup thank you so much for answering this, I've looked for a specific answer to this to no avail in many places!
Is their any Powershell,ruby, or wifi pentesting required on the exam?
No, but these are useful pieces of knowledge for future engagements. You can mostly ignore those from a test perspective
@@WilsonSecurityGroup thank you for your response!
So I just start the system security section of the INE course. This is going to be the end of me because it's literally death by power point on some complex subjects. Would you says Heath's Buffer overflow videos are good enough to supplement the system security section/pass the test regarding any buffer exploits that might come up? I took his Linux and windows privilege escalation videos and trully learned so much. I know in John Hammond's review he mentioned kinda the same thing that this 1st section is a huge turn off and complex.
Yes Heath's videos are very good and much clearer than the course content. Definitely recommend them.
I don’t think it’s necessary to have a Vuln scan for the exam
Hey I have a question,
You said something is on the exam that probably isnt taught and that is pretty much crucial to do in specific steps, im almost certain you are allowed to tell us which parts to study or brush up on in your opinion, if its not in the course material, how else would we know?
For example: some ppl say network security section is really important, so saying 'I think x IMO is good material to study' is not necessarily giving us cheats, its helping us be aware of what to study
Hi Cameron - just wanted to clarify are you referring to the pivoting? Here is an article that can help pentest.blog/explore-hidden-networks-with-double-pivoting/. I have noticed that eLearn exams almost always will require at least 1 or 2 things from outside of the course materials to research or use during the exam. For example in the eMAPT you need to develop an android app, something that isn't covered by the material at all. I've noticed their style is to include examples in the course materials/labs, but in the exam it is often up to you to apply that exploit or material in a new or interesting way. It can certainly be a frustrating scenario at times, but I do believe they give you enough to work with. Let me know if I can help to clarify any other info about the exam.
@@WilsonSecurityGroup hello there okay thank you ill check out that resource, and it wasn't that section, you mentioned something "else" being on the exam that wasn't in the material and to do it in specific steps and how most people probably wouldn't have thought about doing it like this
@@CameronNoakes in regards to the "subtlety" of the exam, just make sure you are enumerating properly even if it only seems moderately "suspicious", and when executing the Buffer Overflow don't limit yourself in creativity in terms of where the attack is coming from.
@@WilsonSecurityGroup okay thank you, much appreciated. Does that mean there is more than 1 vulnerable command to execute BOF attacks against..
@@CameronNoakes No, the BoF will be obvious, but think about where your attacker machine is in relation to the network.
Thanks for u review, plz i need to know if i purchase monthly subscription is there any labs out there that i can practice?
I don't know why they won't include the labs in the monthly subscription. TryHackMe has some good labs, but it varies wildly based on the course if those labs are relevant to anything with INE/eLearnSecurity.
@@WilsonSecurityGroup thank u so much, I appreciate ur reply❤
would you suggest a lot of htb machines to do in order to prep for eCPPTv2?
Personally I don't use htb very often. I am sure it has some valuable rooms similar to the exam. One room I found very valuable was the buffer overflow prep on TryHackMe tryhackme.com/room/bufferoverflowprep
Was heaths bof videos good enough For the exam bof?
Yes, you might need to reset the lab machines for things to work properly
Thank you
I agree and know what your talking about
what was your experience previous to this course and exam?
I passed the eJPT and did Heath Adam's Practical Ethical Hacker
sir is there any retake for ecpptv2 exam sir
Yes. There is a free retake included. After the first failure I think you have 14 days to start the 2nd attempt.
thanks