I am writing this review to let readers know how satisfied I am to have completed the eLearnSecurity course that led me to obtain the ECPPT v2 certification.
In my opinion ECPPT is a complete course covering all the most important areas of the penetration testing. My review will not be specific. I will not list how many and which sections and how many laboratories are included in the course. This can be easily found on the eLearnSecurity website. I will describe my impressions of the course and of the exam.
First of all I think that it is important have some basics before taking this course. I don’t think a total neophyte will be able to start from scratch with the ECPPT, understand everything and pass the exam. In my case I had already obtained the eJPT and this has been of great help to me. With this I do not mean that the eJPT is necessary to do the ECPPT. I am just saying that in my case it has helped me a lot. Said that, I now turn to my impressions of the course and the exam.
The course is really well structured and understandable. It leaves nothing to chance and it makes you understand a complex topic first explain how that branch works. For example in the section of BOFs (Buffer Overflows), before explaining how they work, it explains the fundamentals of architecture, CPU, ISA and Assembly. Subsequently it shows the functioning of some assembler debuggers and only then goes to the technical explanation of a BOF with practical examples included that you can easily reproduce on your pc.
There are many labs related to the topics of the various sections of the course thanks to which you can put into practice the notions learned in the relevant chapter. I must say that not all the labs I did for the first time have managed to complete them without looking at the solution. Then, once the course was over, I started it all over again and redid the labs trying to solve them without looking at any solution.
There is also an active forum, reserved for course members, in case of doubts and questions. Both eLearnSecurity instructors and other students respond in this forum. I felt really good about this too. The main things the course covers are Windows, Linux, networking, powershell, webapp, wifi, Metasploit, ruby, BOF. In each of these sections there are many other topics and various useful tools are shown.
The important thing they focus on, however, is that you not only have to learn the art of hacking but also the various stages of a real professional penetration test, step by step until you get to write a real professional report for your client.
The exam, in fact, consists not only on hacking machines (it is not a capture the flag at all) but on finding all possible vulnerabilities for each victim, even the minor ones that are not needed to go ahead with the exam, and to find for each of them the solution to be proposed to the customer.
During the exam I enjoyed it even if at a certain point I got stuck because I couldn’t find the right way. But in the end I did it and I was very satisfied. In my opinion it is well done and fully reflects reality. I had to take several notes and make several useful screenshots to write later my report.
In conclusion, I recommend this course to all those who want to establish themselves in the world of penetration testing.