The penetration Testing domain has grown exponentially in the last couple of years and so the competition. Validating and Proving your skills in a short interview call isn’t always a win-win situation for both the employee and employer and this is where various security certification comes into the picture. Various well-known security certifications give the organization confidence about the person they are hiring as they have validated their skills through the certification exam.

eLearnSecurity offers a certification called eLearnSecurity Certified Profession Penetration Tester (eCPPT) v2 which is a real-life practical scenario-based examination. I recently gave this certification and obtained it. After posting about the certification, lots of people pinged me over Twitter and LinkedIn to know my view and feedback on this certification.

In this article, I will be giving a detailed overview of the exam and some tips to rock it on the first attempt.

Please note that I didn’t opt for the coursework as I already have experience with the pre-requisites asked in the exam.

Exam Cost: $400 (Inclusive of Tax)

Voucher Validity: 6 Months from Purchase

Pre-Scheduling: Not Required. Start when you are ready

Exam Duration: 7 Days for Exam + 7 Days for Reporting. (If you submit during this deadline and do not pass, you will get another attempt to give after 7 days).

Support line during Exam: Available & Really Fast.

1. You will need to start your exam by using the eLearnSecurity portal.
2. Before starting the exam make sure that your testing environment is set up properly.
3. Once you will start the exam, you will have all the required scope of testing and you can connect to the VPN provided and start hacking.
4. After 7 days, you will not be able to access the exam environment.
5. You can submit a report during the 7 days of the exam as well. You will get an option to upload the report.

1. The exam is not a CTF-style exam, however, a real-life scenario-based exam.
2. You will need to obtain a root level shell on the target machine as defined in your scope.
3. The exam environment is really stable and you can perform a limited no. of resets each day just in case you messed up.
4. Since this is a real-life scenario-based exam, make sure to find and exploit as many vulnerabilities as you can.
5. Remember this exam is a simulated penetration test.
6. The exam is a bit challenging and you will see challenges while pivoting if your basic concepts are weak.

Day — 1: Tower Conquered

I started my exam in the morning around 11AM and started enumerating stuff. From the entry point, I took detailed screenshots and started to make rough steps to reproduce each identified issue. I used Joplin to manage the Exam steps and Saved screenshots target_ip wise in a structured way.

I was able to gain root shell in the first machine by multiple ways in first couple of hours and moved further in the scope. If your basics with pivoting are clear, achieving root with the next machines is super easy. By 4 PM, I had 3 root shells and the next target was Buffer Overflow.

I took a small break and started back at 6 PM to hack the Buffer which was my personal fear. To my surprise, I was able to replicate Buffer Overflow locally by 7 PM but when it came to exploiting remote target, I had to struggle a bit.

By 10 PM, I was able to find a way to achieve Buffer Overflow in the remote target and now I was just 1 root away from completing the exam. I had rooted 4 boxes and had a long time-frame left so I paused my exam environment to chill for a while.

Day — 2: Root, Root, Everywhere!

I started back on the next day and started to enumerate and after 2 hours of hassle, I was able to gain root access into the final box as well. Technically, in 24-Hours, I had root privileges on all 5 targets and I had rough steps and proper screenshots. I quickly verified If I am missing anything for the report and took note of all the missing items.

I started to write a report and finished my report by the next day and reviewed it on another day. I still had 3 days before the exam times up. (and 7 days more for reporting 😛.)

I finally submitted my report on the 7th day when my exam timed up and after two days, I received a pretty looking email saying “You are now an eCPPTv2!”

1. This is a penetration testing style, real-life exam so ensure writing a quality report and take proper screenshots wherever required.
2. Practice PIVOTING. I repeat PIVOTING is important.
3. Learn privilege escalation techniques for both Windows & Linux-based systems. The Cyber Mentor has some really cool content on it.
4. Learn & Practice Buffer Overflow. (https://www.youtube.com/watch?v=qSnPayW6F7U)
5. Do not rely upon Metasploit only. It is not restricted, however, make sure to always keep other options handy.
6. Enumeration is the key. If you are not good at enumerating stuff, make sure you learn this well before you go into the exam.
7. Practice some boxes on HTB just to get a good idea of how these machines are built and you always have multiple options to hack your way in.
8. This is an open book exam, you can use google and your notes. This will always come in handy.
9. Do not stress, you have more than sufficient time. Take breaks and enjoy while you hack the boxes.

I really liked the way the exam is structured and gives a flavor of real-world penetration testing scenarios. However, I feel the time provided for this exam can be reduced to make it more competitive. I really enjoyed my exam and learned a lot of things along the way by solving some situations from an unconventional way to finally getting my first Practical Exam certification, this was a great ride. I will highly recommend this certification to anyone who would like to challenge their Penetration Testing Skills.

I am looking forward to jumping into the eLearnSecurity Web Application Penetration Tester Extreme (eWAPTX) v2 examination and I hope it will be an interesting one like this. Once again, I would like to thank the eLearnSecurity team for constructing and putting together this exam.