eLearnSecurity Launches Newly Updated & Refreshed Penetration Testing Professional Training v2

Use Netsparker


It’s been a while since we’ve mentioned this course, of course since we mentioned it back in May 2010 – eLearnSecurity – Online Penetration Testing Training – eLearnSecurity has been making continuous improvements to the course-ware and the subject matter.

But now in 2012, it’s time for them to release their major facelift – Penetration Testing Professional Version 2.


The crew over at eLearnSecurity has drastically improved the overall course material, and if you are familiar with the first iteration you can see they’ve put a lot of effort into it.

Whats New With v2

There’s a lot of new stuff 4 hours of new up to date videos, 800 new slides and even completely new modules – with a makeover on all material.


All new material is now based on Backtrack 5 and Metasploit 4.2/4.3 – so you don’t have to worry about learning to use outdated tools and techniques. Some of the changes/additions are below:

  • The first two sections of the course (Network & System Security) have seen the most changes. Whilst the Web Application security section has undergone a content review but has had no new additions in terms of contents.
  • The use and the samples within the course have been updated to match the new features of the most important tools: Metasploit, Maltego, SET, Nmap and others.
  • Many new tools like FOCA, ShodanHQ, ncrack, Immunity Debugger, HPing2 have been added and covered in-depth within the new videos.
  • The slide deck has been completely redone and significant improvements have been made in readability and usability. You will now find immediate access to videos contained in each module and also references for further reading about each topic.
  • Hera Lab is the new virtual lab that our students can access through VPN to practice all the techniques related to system security and network testing.
  • A very detailed and in-depth analysis of Windows authentication protocols such as LM, NTLMv1 and NTLMv2 is provided through videos and real world examples that the student can test against the Hera Lab machines (This is a completely new chapter).

A lot of feedback has been gathered from the students and users of the course-ware and those have been implemented in this new version to enable faster, more efficient learning.

The Course – Details About The New Stuff!

The training course is still divided in three main knowledge domains:

  1. System Security
  2. Network Security
  3. Web Application Security

System Security (& Exploit Development)

This section covers:

  • Module 1: Introduction
  • Module 2: Cryptography and Password Cracking
  • Module 3: Buffer Overflow
  • Module 4: Shellcoding
  • Module 5: Malware
  • Module 6: Rootkit coding

This section included some of the simplest explanations of Exploit development and shell-coding available today, however it has been further improved with more samples, videos and tools that aid in the process of exploitation.

The videos are really clear, move at a good pace and have a very easy to follow voice-over – you can see the video demo running Metasploit on BackTrack 5.


More C++ and ASM basics are covered in the Introductory model and this should lower the entrance barrier for someone without these kinds of skills. The contents in this section are a lot better organized now and much easier to understand in practice thanks to a Virtual Machine pre-built with C++ compilers, Assemblers, Debuggers, Disassemblers and all the samples included throughout the section.

The Virtual Machine is available within Hera Lab and accessible in VPN/RDP. This drastically minimize the time required to the student to configure the environment. The good part is that the student is also taught how to configure the environment on his own machine for use even after the Lab time expires.

Network Security testing

This section covers:

  • Module 1: Information Gathering
  • Module 2: Scanning
  • Module 3: Enumeration
  • Module 4: Sniffing and MITM attacks
  • Module 5: Exploitation
  • Module 6: Post-exploitation
  • Module 7: Anonymity
  • Module 8: Social Engineering

4 out of 8 modules in this section have undergone major changes, the Information Gathering module in v1 had some overlapping information with Information Gathering module in Web Application security so it really required a re-work.

The Information Gathering module has been completely redone from scratch and has been created systematically along side a methodology which will allow you to thoroughly investigate a target organization from a business and technical perspective.

At the end of the module students can practice all the business related investigation techniques against a fictitious company created by eLearnSecurity with an actual web presence and documents available online. This real world exercise and the Information Gathering lab included in Hera Lab, makes this module a very hands on module.

The Port Scanning module now includes techniques to evade IDS’s and Firewalls as well as an in depth study of the Idle Scan technique that most of the times goes unused even by experienced pentesters. The author decided to use HPing2 to first demonstrate the technique at low level and then Nmap.

Exploitation module is now not just an introduction to the use of Metasploit but offers some great coverage of:

  • Low hanging fruits – Weak or non-existent authentication in network services like RDP or SSH
  • Windows Authentication Protocols Weaknesses
  • More advanced Client side and Remote exploitation

The exploitation module also contains a thorough review of the Java Rhino client side exploit with two videos on how to use it against Windows and Linux by modifying SET and mount a fairly complex attack.

But the part that shines the most in v2 of this training course is the Post Exploitation module that provides a clear cyclic process in 4 steps to escalate privileges, maintain access, harvest internal documents or credentials and exploit and infiltrate further internal networks through pivoting.

The depth of the information in section and the logical flow with which it has been assembled shows the stark difference between free stuff you can find online and a course you need to pay for.


It’s a great update to an already very strong course, I honestly can’t wait to see where they take it next. I want to clear some time to check out Hera Lab properly and get a hands on feel of what they are doing with that.

Remember if you are looking for something more basic/entry level – there is also the Penetration Testing – Student Course/Training by eLearnSecurity.

eLearnSecurity crew has confirmed to me that they are going to add new labs and scenarios every month to cover new parts of the training material and new tools that will be released in the future.

The feedback they’ve gotten on the first version is testament enough, over 2,000 professionals from 81 different countries worldwide have taken the first version of the training course.

Total price of the Penetration Testing Professional Training v2 + eCPPT Certification Exam + 30 days access or 30 hours usage time of Hera Lab is $699.

Find out more here: http://www.elearnsecurity.com/

Posted in: Advertorial, Hacking News

, , , , , , , , , , , , , ,

Latest Posts:

Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.
testssl.sh - Test SSL Security Including Ciphers, Protocols & Detect Flaws testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws
testssl.sh is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.

5 Responses to eLearnSecurity Launches Newly Updated & Refreshed Penetration Testing Professional Training v2

  1. Hannibal March 22, 2012 at 2:37 pm #


    Do you know by chance if the Student – Beginner Course is also something that’s worth taking? Up to date and things like that? So like, I won’t have to work with tools that were built in 1800 or something. :D

    Thank you very much!!

    • Darknet March 26, 2012 at 7:23 am #

      As far as I know it’s well updated and a very good introduction to pen testing. I’ll check with the guys from eLearnSecurity though and get them to verify.

      • Hannibal March 26, 2012 at 8:53 am #

        Thank you very much man! I’m trying to get my boss to finance it. But even if he is not going to be… I will buy it if you give me the go. :)


  2. Armando March 26, 2012 at 12:01 pm #

    Armando from eLearnSecurity here.
    The Student course is not from 1800 :)
    It’s from 2011 so it is pretty much up to date although not as much as Professional that was launched few days ago.

    You can take a demo module that will show you how it is structured and a sample of its contents.

    Let me know if you need more clarifications.

    • Hannibal March 26, 2012 at 2:26 pm #

      Hello Armando!

      Thanks very much mate!! :)

      I’m going to try and convince my boss first. :D

      If that fails, I’m going to buy it. I want to extend my reach and my testing capabilities. Right now I’m a Software Engineer in Test. But I want to be a Pen tester too. :) This will help me get started a LOT!

      Thanks again for the answer. I’ll be back for more :)