| description |
|---|
INE/eLearnSecurity Certified Professional Penetration Tester (eCPPT) / PTP v2 and v3 Notes |
.png){kind=link}
~ 107 hours (~97 of videos) 10 courses , 172 videos, 124 quizzes, 67 labs
- Resource Development & Initial Access ~ 22 hours
- Web Application Attacks ~ 14 hours
- Network Security ~ 17 hours
- Exploit Development ~ 7 hours
- Post Exploitation ~ 18 hours
- Red Teaming ~ 19 hours
π£οΈ RoadMap / Exam Preparation π§π»βπ«
- Where to find the eCPPTv3 certification exam? - eCPPTv3
- Where to find the PTPv3 (Professional Penetration Testing v3) course INE Learning Pathsβ
ββeCPPT Exam πποΈ
.png){kind=link}
-
Time limit: 24h
-
Expiration date: yes
-
Objectives:
Information Gathering & Reconnaissance (10%)
- Perform Host Discovery and Port Scanning on Target Networks
- Enumerate Information From Services Running on Open Ports
Initial Access (15%)
- Perform Username Enumeration to Identify Valid User Accounts on Target Systems
- Perform Password Spraying Attacks to Identify Valid Credentials for Initial Access
- Perform Brute-Force Attacks on Remote Access Services for Initial Access
Web Application Penetration Testing (15%)
- Perform Web Application Enumeration to Identify Potential Vulnerabilities & Misconfigurations
- Identify and Exploit Common Web Application Vulnerabilities For Initial Access (SQLi, XSS, Command Injection, etc)
- Perform Brute-Force Attacks Against Login Forms
- Exploit Vulnerable and Outdated Web Application Components
- Exfiltrate Data and Credentials From Compromised Web Applications and Databases
Exploitation & Post-Exploitation (25%)
- Identify and Exploit Vulnerabilities or Misconfigurations in Services
- Identify and Exploit Privilege Escalation Vulnerabilities
- Dump and Crack Password Hashes
- Identify Locally Stored Unsecured Credentials
Exploit Development (5%)
- Develop/Modify Exploit Code For Initial Access and Post-Exploitation
- Identify and Exploit Memory Corruption Vulnerabilities (Stack Overflow, Buffer Overflow)
Active Directory Penetration Testing (30%)
- Perform Active Directory Enumeration
- Identify Domain Accounts With Weak or Empty Passwords
- Perform AS-REP Roasting to Steal Kerberos Tickets for Authentication
- Perform Active Directory Lateral Movement Techniques (Pass-the-Hash, Pass-the-Ticket)
- Obtain Domain Admin Privileges/Access
π eCPPT/PTP Cheat Sheet π
π Read the Lab Guidelines π
.png){kind=link}
~ 84 hours (~56h of videos) 8 courses , 85 videos, 83 quizzes, 27 labs
- βSystem Security ~ 13 hours
- Network Security ~ 33 hours
- PowerShell for Pentesters ~ 6 hours
- βLinux Exploitation ~ 9 hours
- βWeb App Security ~ 10 hours
- βWi-Fi Security ~ 6 hours
- βMetasploit & Ruby ~ 8 hours
π£οΈ RoadMap / Exam Preparation π§π»βπ«
- Where to find the PTPv2 (Professional Penetration Testing v2) course? - INE Learning Pathsβ
- Where to find the eCPPTv2 certification exam? - eCPPTv2β
βeCPPT Exam πποΈ
- Time limit: 7 days + 7 days for report
- Expiration date: no
- Objectives:
- Penetration testing processes and methodologies, against Windows and Linux targets
- Vulnerability Assessment of Networks
- Vulnerability Assessment of Web Applications
- Advanced Exploitation with Metasploit
- Performing Attacks in Pivoting
- Web application Manual exploitation
- Information Gathering and Reconnaissance
- Scanning and Profiling the target
- Privilege escalation and Persistence
- Exploit Development
- Advanced Reporting skills and Remediation
π eCPPT/PTP Cheat Sheet π
π Read the Lab Guidelines π