If you are in the information security industry, or plan to be you’ve probably been looking at the various infosec certifications available. Back when I started there really wasn’t anything available, there were no infosec degrees and no professional certs. Only later some high level ones came from SANS, then more jumped on the bandwagon with stuff like Security+ and CEH.
The ones I found respected in the industry were certs such as SANS GIAC and Cisco CCIE just for the pure level of network understanding it took to pass. Some others came along mostly aimed at those interested in management like CISSP and CISA.
In more recent years some more technical and more accessible courses and certs have been appearing such as OPST (which I hold) and OSCP. The oldest being CEH has always been thought of as a script kiddy cert, and well it still remains as such – although it has improved vastly over the years it’s still not what it should be (I’ve taught CEH before).
The course itself contains 3 knowledge-domains spread over 1600 interactive elearning slides with 4 hours of video and labs. It’s authored by a guy I’ve known a long time Armando Romeo from Hackers Center along with Brett D. Arion and the famous pair Nitin & Vipin Kumar. If you’ve been reading Darknet for a long time most likely you’d have read about Nitin and Vipin here when we wrote about VBootkit bypassing Vistas digital signing.
The course also has an optional certification called Certified Professional Penetration Tester (eCPPT) which should be relevant to most as the course is targeted at those with between 0-3 years of experience. It covers all the way from the basics up to advanced techniques, especially in the System Security section written by Nitin and Vipin.
The course itself is basically a Penetration Testing Course and covers 3 main areas; System Security, Network Security & Web Application Security. This pretty much covers what you need to know to conduct a penetration test as each of the 3 topics are quite broad. The course-ware itself is well presented and it doesn’t limit the order in which you can learn the topics, there’s no linear progressions so you can pick and choose depending on your mood.
Let’s take a look at the sub-sections.
The topics covered in System Security are as follows:
- Module 1 : Introduction
- Module 2 : Cryptography and Password cracking
- Module 3 : Buffer overflow
- Module 4 : Shellcoding
- Module 5 : Malware
- Module 6 : Rootkit coding
You’ll fare a lot better in this topic if you have some coding experience as it heads in quite deep starting out with Dev-C++ and Assembly language using NASM. This is probably the most intensive section of the course, especially for the uninitiated. This course once again re-enforces what I wrote 2 years back, that yes – you still need to learn Assembly (ASM).
That’s why I say programming will help, they don’t spoon feed you on ASM and C++ so you’ll need to do some work on your own. However if you already have some knowledge of these two languages you’ll have a definite advantage. They also cover the basics of Windows Driver Development.
After that it’s onto the harder stuff, each topic is covered fairly broadly but with enough pointers so you can continue to do more research on your own. When it comes to subjects like Cryptography, you can spend 4 years doing a degree on that alone – so don’t expect to become an overnight master. Remember the focus of the course is to become a professional penetration tester, so you need to understand enough to do your job. Even though saying that pretty much all bases are covered here, for example the Cryptography module alone has around 150 slides (some of those contain sub-slides) so expect to spend quite some time on this.
The shortest section is the Rootkit module, but then how much can you write about rootkits? As long as you understand the concept and how they generally work you’re good to go.
- Module 1 : Information Gathering
- Module 2 : Scanning and target detection
- Module 3 : Enumeration and Footprinting
- Module 4 : Sniffing and MITM Attacks
- Module 5 : VA & Exploitation
- Module 6 : Anonymity
Network Security would probably be my favourite topic, as you get deeper into infosec you’ll tend to find you have a certain affinity for some things, maybe natural talent in those areas or just more interest. Either way, for me it’s always been Network Security.
It follow a fairly logical structure as you would with a pen-test (info gathering, scanning, enumeration/fingerprinting then on to attacks). They explore plenty of tools but do note there are many more out there, it’s not possible to cover them all – plus they only really briefly introduce the tools. Getting familiar/skilled with the tools is on you, finding them however is easy – just look on Google and of course we have a good stock of tools for Network Hacking here at Darknet.
The Vulnerability Assessment and Exploitation section (the fun part!) covers both Nessus and Metasploit fairly well. There are also quite a few videos in this section, which makes the whole thing a lot more interactive. The videos tend to take the form of a screen-cam with a voice over.
Web Application Security
- Module 1 : Introduction
- Module 2 : Information gathering
- Module 3 : Vulnerability assessment
- Module 4 : XSS
- Module 5 : SQL Injection attacks
- Module 6 : Advanced Web Attacks
Web Application Security is of course the newest and hottest security topic right now and has been for the past few years, with more and more sites moving important data online, ecommerce and online payment solutions it’s a critical area.
The code examples are mostly based around PHP which makes sense, the content is well structured and starts from the very beginning (database structure) all the way to advanced SQL Injection attacks. I personally feel this is one of the strongest and most useful sections in the courseware, props to Armando for authoring these modules.
He also gives a good low-down on most of the popular tools for SQL Injection and even includes a taxonomy of what features are supported by each. Where possible the tools are linked directly and in some cases are attached to the slides for immediate download.
- Methodology : Handling information
- Methodology : Forms
- Reporting : Guide
One of the main differences with this course, rather than just teaching you how to ‘hack’ and leaving it there – the course also includes a section on how to professional handle information and how to create reports.
As a professional penetration teser (and as with most) I personally hate the reporting part…but if you want to get paid it’s a necessary evil. You should know to report your findings in a clear, concise and methodological order. This is a very important part as in reality reporting on a VA/PT project can actually account for 30-50% of the total project time, it’s a safe bet in most cases that if the job will take 2 weeks the reporting will take another 1-2 weeks on top of that.
The labs consist of a customized version of Backtrack 4 with a vulnerable web application built in, there is a comprehensive PDF for download on how to setup the lab to attain the eCPPT certification.
If you really put the effort in, completing the practical assessment shouldn’t be a big problem. The certification exam is a practical pentest over a virtual lab and the production of a full report that will be carefully valuated by one of our instructors – there’s no multiple choice or automated marking here. You really have to prove you know what you’ve learned – including the reporting section.
All in all I think if you are looking for Penetration Testing Training this is a great choice, even if you have no desire to take the certification you can learn a lot just by studying the modules and applying yourself. Perhaps if are new to infosec (1-2) years and you feel you have some weak areas or blind-spots you could fill those in with this course.
If you are just starting out (still studying or a fresh grad) I think the course and the certification will definitely have a positive effect on your career. Currently at only $599USD it’s one of the cheaper offerings on the market and certainly makes economic sense when comparing to attending real life 5-day courses. Also of course it gives you the advantage of taking your time and making sure you really understand each module – more differentiators here [PDF].
It goes into a lot more depth than courses like CEH and can really benefit your skills. I wish there was something like this in 1999 when I was starting out. The way in which the material is presented is a lot more interactive and interesting than many other courses out there with a good mix of words, images and videos plus a good theory/practical mix too. This makes it a lot easier as many of the topics within infosec can get very dry very fast.
You can view the full syllabus here: syllabus.pdf
If you have any more questions you can check the PTP FAQ here.