eCPPT Training Course Review
Introduction. This blog is designed to give a detailed analysis of the collaborative experiences from the members of Spector Security LLC on the eLearnSecurity Certified Professional Penetration Tester (eCPPT) training course. Specifically, we will be looking at both the Gold (1st version) and eCPPTv2 which released a few years later. We will go over the different collaborative experiences, challenges and impression of the eCPPT certification process. Multiple areas will be discussed to include the cost, lesson quality, lab training environment, and testing process. Please feel free to comment and ask any questions that come to mind as we review this training course.
Getting Started. 10/10 – The start up process and organization of the website, members area and instruction is excellent. The course provides very basic and self-explanatory access into both the members area (your private area with your purchased courses) as well as the VPN access into the labs and exam networks.
One significant advantage of this course over others is that they provide immediate access into your course. You can pay your fee for the course, and then immediately start the course or even take the exam. There are no scheduling frustrations for the exam or course itself. You have the option to purchase the material and have unlimited access into the labs and course materials. This may not seem like a big deal but there are plenty of courses that make you schedule ahead of time which causes frustrations and conflicts if your schedule changes.
Cost. 10/10 – The cost of this course is very reasonable at 1,199.00 – 1,599.00 USD depending on the plan you want to purchase. As far as which course you should by I would 100% buy at least the full or elite plan, as that will include the final exam fee (runs you 400.00 USD if you buy it separately). Overall, this is fair pricing for the quality of courses that you get to own. An alternative for experienced penetration testers would also be to just buy the exam and try your luck at passing. This is doable but more on that in the testing process section of this review.
Lesson Quality. 6/10 – The lesson quality of this course is very difficult to assess. If you were rating the material based on the raw value, I may give a higher score in rating this section. However, I have a few issues that I will explain.
First though, the good aspects of the course material. The material is very well organized and easy to understand as a new and experienced student. It also is really nice that they structure the material with PDF writeups, videos (on some material) and labs to coincide with the material. From that perspective it is excellent, and I cannot say that I was disappointed overall. I also will add that it was a big positive that they provide answers to the labs so that you can actually learn and progress when you become stuck.
Now for the bad. The course material failed to train you how to pass the exam. Not that passing should be your only concern, but it fails to give an in-depth methodology as to how to approach a penetration test. It will require a great deal of independent study in order to actually pass the exam. Being experienced in this field, it would be hard to actually gauge what a new student would feel like after going through all of the course material, but I do not feel confident that they would pass the exam (at least on the first try).
Lab Training Environment. 8/10 – This section is similar to the last, although I do appreciate the effort that went into the labs and specifically the writeups that accompanied them. Although each lab is its own subject and not a large testing lab similar to the OSCP, it does a good job of explaining the different tasks in order to assist in learning the material.
Testing Process. 10/10 – The test is by far the best part of this exam. It is fun and interesting to go through (although frustrating if you get stuck). It is great that they give you feedback on the exam, without spoiling any of the testing experience. It is also appreciated that they give an entire week to perform the exam, with an additional free retake if the exam is not passed.
The exam itself is fairly intensive with a ton of steps involved in order to pass and reach the end goal. One major difference from exams like the OSCP is that the exam machines are set up across different networks. This means that you will have to deal with firewalls and gaining access into the different networks to even be able to attack the different targets. This is unique and a great learning experience for red teaming in the real world. The test was creative and requires a great variety of knowledge to pass, including but not limited to: SQL injections, post exploitation and credential gathering, buffer overflows, pivoting and port forwarding, and many other techniques including the usage of different pen testing tools.
Final Conclusion. Score of 8.8/10 – Overall, I really enjoyed the eCPPT Training Course. The best part of this course was the exam by far, but that speaks volumes and means the most in the long run. This course is definitely worth taking but be prepared for it to be different from the OSCP and things like hack the box, as you have to understand how to operate from outside of the target network. The course is a lot of fun and I would recommend it to anyone attempting to break into this field, or for experienced testers that want to test their skills in a great testing environment.