1. Elearnsecurity Exam Guide Exams
2. Elearnsecurity Exam Guide 2020
3. Elearnsecurity Exam Guide Questions
4. Elearnsecurity Exam Guide Exam

Download and Read online Elearnsecurity Certified Professional Penetration Tester A Complete Guide 2020 Edition ebooks in PDF, epub, Tuebl Mobi, Kindle Book. Get Free Elearnsecurity Certified Professional Penetration Tester A Complete Guide 2020 Edition Textbook and unlimited access to our library by created an account. Fast Download speed and ads Free!

ELearnSecurity Certified Professional Penetration Tester A Complete Guide 2020 Edition

Once I got started again in May, I utilized more practice test resources: Boson CEH Exams: these exams were excellent for helping me learn extra concepts at a more in-depth level than the AIO book went into. I started at about 70% and once I finished all exams, I used the random exam generator to help prevent memorization.

• ELearnSecurity Threat Hunting Professional - My course and exam review u1tras OSCP, eCTHP Moscow Member Posts: 81 January 2019 edited January 2019 in Other Security Certifications.
• The eLearnSecurity Certified Incident Responder (eCIR) exam challenges cyber security professionals to solve complex Incident Handling & Response scenarios in order to become certified.
• I passed the eLearnSecurity Junior Penetration Tester certification exam with 90% today in 06H:13M:35S. For those who have questions about the exam or it's course: Penetration Testing Student (PTS) I hope I can answer some of those questions for you.
• We are eLearnSecurity. Based in Santa Clara, California, with offices in Pisa, Italy and Dubai, UAE, Caendra Inc. Is a trusted source of IT security skills for IT professionals and corporations of all sizes. Is the Silicon Valley-based company behind the eLearnSecurity brand.

How likely is it that a customer would recommend your company to a friend or colleague? Does the scope remain the same? What is measured? Why? How do you listen to customers to obtain actionable information? Who is gathering ELearnSecurity Certified Professional Penetration Tester information? This easy ELearnSecurity Certified Professional Penetration Tester self-assessment will make you the trusted ELearnSecurity Certified Professional Penetration Tester domain assessor by revealing just what you need to know to be fluent and ready for any ELearnSecurity Certified Professional Penetration Tester challenge. How do I reduce the effort in the ELearnSecurity Certified Professional Penetration Tester work to be done to get problems solved? How can I ensure that plans of action include every ELearnSecurity Certified Professional Penetration Tester task and that every ELearnSecurity Certified Professional Penetration Tester outcome is in place? How will I save time investigating strategic and tactical options and ensuring ELearnSecurity Certified Professional Penetration Tester costs are low? How can I deliver tailored ELearnSecurity Certified Professional Penetration Tester advice instantly with structured going-forward plans? There's no better guide through these mind-expanding questions than acclaimed best-selling author Gerard Blokdyk. Blokdyk ensures all ELearnSecurity Certified Professional Penetration Tester essentials are covered, from every angle: the ELearnSecurity Certified Professional Penetration Tester self-assessment shows succinctly and clearly that what needs to be clarified to organize the required activities and processes so that ELearnSecurity Certified Professional Penetration Tester outcomes are achieved. Contains extensive criteria grounded in past and current successful projects and activities by experienced ELearnSecurity Certified Professional Penetration Tester practitioners. Their mastery, combined with the easy elegance of the self-assessment, provides its superior value to you in knowing how to ensure the outcome of any efforts in ELearnSecurity Certified Professional Penetration Tester are maximized with professional results. Your purchase includes access details to the ELearnSecurity Certified Professional Penetration Tester self-assessment dashboard download which gives you your dynamically prioritized projects-ready tool and shows you exactly what to do next. Your exclusive instant access details can be found in your book. You will receive the following contents with New and Updated specific criteria: - The latest quick edition of the book in PDF - The latest complete edition of the book in PDF, which criteria correspond to the criteria in... - The Self-Assessment Excel Dashboard - Example pre-filled Self-Assessment Excel Dashboard to get familiar with results generation - In-depth and specific ELearnSecurity Certified Professional Penetration Tester Checklists - Project management checklists and templates to assist with implementation INCLUDES LIFETIME SELF ASSESSMENT UPDATES Every self assessment comes with Lifetime Updates and Lifetime Free Updated Books. Lifetime Updates is an industry-first feature which allows you to receive verified self assessment updates, ensuring you always have the most accurate information at your fingertips.

The Pentester BluePrint

JUMPSTART YOUR NEW AND EXCITING CAREER AS A PENETRATION TESTER The Pentester BluePrint: Your Guide to Being a Pentester offers readers a chance to delve deeply into the world of the ethical, or 'white-hat' hacker. Accomplished pentester and author Phillip L. Wylie and cybersecurity researcher Kim Crawley walk you through the basic and advanced topics necessary to understand how to make a career out of finding vulnerabilities in systems, networks, and applications. You'll learn about the role of a penetration tester, what a pentest involves, and the prerequisite knowledge you'll need to start the educational journey of becoming a pentester. Discover how to develop a plan by assessing your current skillset and finding a starting place to begin growing your knowledge and skills. Finally, find out how to become employed as a pentester by using social media, networking strategies, and community involvement. Perfect for IT workers and entry-level information security professionals, The Pentester BluePrint also belongs on the bookshelves of anyone seeking to transition to the exciting and in-demand field of penetration testing. Written in a highly approachable and accessible style, The Pentester BluePrint avoids unnecessarily technical lingo in favor of concrete advice and practical strategies to help you get your start in pentesting. This book will teach you: The foundations of pentesting, including basic IT skills like operating systems, networking, and security systems The development of hacking skills and a hacker mindset Where to find educational options, including college and university classes, security training providers, volunteer work, and self-study Which certifications and degrees are most useful for gaining employment as a pentester How to get experience in the pentesting field, including labs, CTFs, and bug bounties

Advanced Penetration Testing

Build a better defense against motivated, organized, professional attacks Advanced Penetration Testing: Hacking the World's Most Secure Networks takes hacking far beyond Kali linux and Metasploit to provide a more complex attack simulation. Featuring techniques not taught in any certification prep or covered by common defensive scanners, this book integrates social engineering, programming, and vulnerability exploits into a multidisciplinary approach for targeting and compromising high security environments. From discovering and creating attack vectors, and moving unseen through a target enterprise, to establishing command and exfiltrating data—even from organizations without a direct Internet connection—this guide contains the crucial techniques that provide a more accurate picture of your system's defense. Custom coding examples use VBA, Windows Scripting Host, C, Java, JavaScript, Flash, and more, with coverage of standard library applications and the use of scanning tools to bypass common defensive measures. Typical penetration testing consists of low-level hackers attacking a system with a list of known vulnerabilities, and defenders preventing those hacks using an equally well-known list of defensive scans. The professional hackers and nation states on the forefront of today's threats operate at a much more complex level—and this book shows you how to defend your high security network. Use targeted social engineering pretexts to create the initial compromise Leave a command and control structure in place for long-term access Escalate privilege and breach networks, operating systems, and trust structures Infiltrate further using harvested credentials while expanding control Today's threats are organized, professionally-run, and very much for-profit. Financial institutions, health care organizations, law enforcement, government agencies, and other high-value targets need to harden their IT infrastructure and human capital against targeted advanced attacks from motivated professionals. Advanced Penetration Testing goes beyond Kali linux and Metasploit and to provide you advanced pen testing for high security networks.

Kali Linux Revealed

Whether you're a veteran or an absolute n00b, this is the best place to start with Kali Linux, the security professional's platform of choice, and a truly industrial-grade, and world-class operating system distribution-mature, secure, and enterprise-ready.

Kali Linux Network Scanning Cookbook

Kali Linux Network Scanning Cookbook is intended for information security professionals and casual security enthusiasts alike. It will provide the foundational principles for the novice reader but will also introduce scripting techniques and in-depth analysis for the more advanced audience. Whether you are brand new to Kali Linux or a seasoned veteran, this book will aid in both understanding and ultimately mastering many of the most powerful and useful scanning techniques in the industry. It is assumed that the reader has some basic security testing experience.

Ethical Hacking and Penetration Testing Guide

Requiring no prior hacking experience, Ethical Hacking and Penetration Testing Guide supplies a complete introduction to the steps required to complete a penetration test, or ethical hack, from beginning to end. You will learn how to properly utilize and interpret the results of modern-day hacking tools, which are required to complete a penetration test. The book covers a wide range of tools, including Backtrack Linux, Google reconnaissance, MetaGooFil, dig, Nmap, Nessus, Metasploit, Fast Track Autopwn, Netcat, and Hacker Defender rootkit. Supplying a simple and clean explanation of how to effectively utilize these tools, it details a four-step methodology for conducting an effective penetration test or hack.Providing an accessible introduction to penetration testing and hacking, the book supplies you with a fundamental understanding of offensive security. After completing the book you will be prepared to take on in-depth and advanced topics in hacking and penetration testing. The book walks you through each of the steps and tools in a structured, orderly manner allowing you to understand how the output from each tool can be fully utilized in the subsequent phases of the penetration test. This process will allow you to clearly see how the various tools and phases relate to each other. An ideal resource for those who want to learn about ethical hacking but dont know where to start, this book will help take your hacking skills to the next level. The topics described in this book comply with international standards and with what is being taught in international certifications.

Penetration Testing

Penetration testers simulate cyber attacks to find security weaknesses in networks, operating systems, and applications. Information security experts worldwide use penetration techniques to evaluate enterprise defenses. In Penetration Testing, security expert, researcher, and trainer Georgia Weidman introduces you to the core skills and techniques that every pentester needs. Using a virtual machine–based lab that includes Kali Linux and vulnerable operating systems, you’ll run through a series of practical lessons with tools like Wireshark, Nmap, and Burp Suite. As you follow along with the labs and launch attacks, you’ll experience the key stages of an actual assessment—including information gathering, finding exploitable vulnerabilities, gaining access to systems, post exploitation, and more. Learn how to: * Crack passwords and wireless network keys with brute-forcing and wordlists * Test web applications for vulnerabilities * Use the Metasploit Framework to launch exploits and write your own Metasploit modules * Automate social-engineering attacks * Bypass antivirus software * Turn access to one machine into total control of the enterprise in the post exploitation phase You’ll even explore writing your own exploits. Then it’s on to mobile hacking—Weidman’s particular area of research—with her tool, the Smartphone Pentest Framework. With its collection of hands-on lessons that cover key tools and strategies, Penetration Testing is the introduction that every aspiring hacker needs.

The Basics of Hacking and Penetration Testing

The Basics of Hacking and Penetration Testing, Second Edition, serves as an introduction to the steps required to complete a penetration test or perform an ethical hack from beginning to end. The book teaches students how to properly utilize and interpret the results of the modern-day hacking tools required to complete a penetration test. It provides a simple and clean explanation of how to effectively utilize these tools, along with a four-step methodology for conducting a penetration test or hack, thus equipping students with the know-how required to jump start their careers and gain a better understanding of offensive security. Each chapter contains hands-on examples and exercises that are designed to teach learners how to interpret results and utilize those results in later phases. Tool coverage includes: Backtrack Linux, Google reconnaissance, MetaGooFil, dig, Nmap, Nessus, Metasploit, Fast Track Autopwn, Netcat, and Hacker Defender rootkit. This is complemented by PowerPoint slides for use in class. This book is an ideal resource for security consultants, beginning InfoSec professionals, and students. Each chapter contains hands-on examples and exercises that are designed to teach you how to interpret the results and utilize those results in later phases. Written by an author who works in the field as a Penetration Tester and who teaches Offensive Security, Penetration Testing, and Ethical Hacking, and Exploitation classes at Dakota State University. Utilizes the Kali Linux distribution and focuses on the seminal tools required to complete a penetration test.

Starting Out with Python

For courses in Python programming. A clear and student-friendly introduction to the fundamentals of Python In Starting Out with Python�, 4th EditionTony Gaddis' accessible coverage introduces students to the basics of programming in a high level language. Python, an easy-to-learn and increasingly popular object-oriented language, allows readers to become comfortable with the fundamentals of programming without the troublesome syntax that can be challenging for novices. With the knowledge acquired using Python, students gain confidence in their skills and learn to recognize the logic behind developing high-quality programs. Starting Out with Python discusses control structures, functions, arrays, and pointers before objects and classes. As with all Gaddis texts, clear and easy-to-read code listings, concise and practical real-world examples, focused explanations, and an abundance of exercises appear in every chapter. Updates to the 4th Edition include revised, improved problems throughout, and new Turtle Graphics sections that provide flexibility as assignable, optional material. Also Available with MyLab Programming. MyLab(tm)Programming is an online learning system designed to engage students and improve results. MyLabProgramming consists of programming exercises correlated to the concepts and objectives in this book. Through practice exercises and immediate, personalized feedback, MyLab Programming improves the programming competence of beginning students who often struggle with the basic concepts of programming languages. Note: You are purchasing a standalone product; MyLab Programming does not come packaged with this content. Students, if interested in purchasing this title with MyLab Programming, ask your instructor for the correct package ISBN and Course ID. Instructors, contact your Pearson representative for more information. If you would like to purchase both the physical text and MyLab Programming, search for: 0134543661 / 9780134543666 Starting Out with Python Plus MyLab Programming with Pearson eText -- Access Card Package, 4/e Package consists of: 0134444329 / 9780134444321 Starting Out with Python 0134484967 / 9780134484969 MyLab Programming with Pearson eText -- Access Code Card -- for Starting Out with Python Students can use the URL and phone number below to help answer their questions: http://247pearsoned.custhelp.com/app/home 800-677-6337

The Basics of Web Hacking

The Basics of Web Hacking introduces you to a tool-driven process to identify the most widespread vulnerabilities in Web applications. No prior experience is needed. Web apps are a 'path of least resistance' that can be exploited to cause the most damage to a system, with the lowest hurdles to overcome. This is a perfect storm for beginning hackers. The process set forth in this book introduces not only the theory and practical information related to these vulnerabilities, but also the detailed configuration and usage of widely available tools necessary to exploit these vulnerabilities. The Basics of Web Hacking provides a simple and clean explanation of how to utilize tools such as Burp Suite, sqlmap, and Zed Attack Proxy (ZAP), as well as basic network scanning tools such as nmap, Nikto, Nessus, Metasploit, John the Ripper, web shells, netcat, and more. Dr. Josh Pauli teaches software security at Dakota State University and has presented on this topic to the U.S. Department of Homeland Security, the NSA, BlackHat Briefings, and Defcon. He will lead you through a focused, three-part approach to Web security, including hacking the server, hacking the Web app, and hacking the Web user. With Dr. Pauli’s approach, you will fully understand the what/where/why/how of the most widespread Web vulnerabilities and how easily they can be exploited with the correct tools. You will learn how to set up a safe environment to conduct these attacks, including an attacker Virtual Machine (VM) with all necessary tools and several known-vulnerable Web application VMs that are widely available and maintained for this very purpose. Once you complete the entire process, not only will you be prepared to test for the most damaging Web exploits, you will also be prepared to conduct more advanced Web hacks that mandate a strong base of knowledge. Provides a simple and clean approach to Web hacking, including hands-on examples and exercises that are designed to teach you how to hack the server, hack the Web app, and hack the Web user Covers the most significant new tools such as nmap, Nikto, Nessus, Metasploit, John the Ripper, web shells, netcat, and more! Written by an author who works in the field as a penetration tester and who teaches Web security classes at Dakota State University

Practical Malware Analysis

Introduces tools and techniques for analyzing and debugging malicious software, discussing how to set up a safe virtual environment, overcome malware tricks, and use five of the most popular packers.

Bug Bounty Hunting Essentials

Get hands-on experience on concepts of Bug Bounty Hunting Key Features Get well-versed with the fundamentals of Bug Bounty Hunting Hands-on experience on using different tools for bug hunting Learn to write a bug bounty report according to the different vulnerabilities and its analysis Book Description Bug bounty programs are the deals offered by prominent companies where-in any white-hat hacker can find bugs in the applications and they will have a recognition for the same. The number of prominent organizations having this program has increased gradually leading to a lot of opportunity for Ethical Hackers. This book will initially start with introducing you to the concept of Bug Bounty hunting. Then we will dig deeper into concepts of vulnerabilities and analysis such as HTML injection, CRLF injection and so on. Towards the end of the book, we will get hands-on experience working with different tools used for bug hunting and various blogs and communities to be followed. This book will get you started with bug bounty hunting and its fundamentals. What you will learn Learn the basics of bug bounty hunting Hunt bugs in web applications Hunt bugs in Android applications Analyze the top 300 bug reports Discover bug bounty hunting research methodologies Explore different tools used for Bug Hunting Who this book is for This book is targeted towards white-hat hackers, or anyone who wants to understand the concept behind bug bounty hunting and understand this brilliant way of penetration testing. This book does not require any knowledge on bug bounty hunting.

The Art of Assembly Language 2nd Edition

Assembly is a low-level programming language that's one step above a computer's native machine language. Although assembly language is commonly used for writing device drivers, emulators, and video games, many programmers find its somewhat unfriendly syntax intimidating to learn and use. Since 1996, Randall Hyde's The Art of Assembly Language has provided a comprehensive, plain-English, and patient introduction to 32-bit x86 assembly for non-assembly programmers. Hyde's primary teaching tool, High Level Assembler (or HLA), incorporates many of the features found in high-level languages (like C, C++, and Java) to help you quickly grasp basic assembly concepts. HLA lets you write true low-level code while enjoying the benefits of high-level language programming. As you read The Art of Assembly Language, you'll learn the low-level theory fundamental to computer science and turn that understanding into real, functional code. You'll learn how to: –Edit, compile, and run HLA programs –Declare and use constants, scalar variables, pointers, arrays, structures, unions, and namespaces –Translate arithmetic expressions (integer and floating point) –Convert high-level control structures This much anticipated second edition of The Art of Assembly Language has been updated to reflect recent changes to HLA and to support Linux, Mac OS X, and FreeBSD. Whether you're new to programming or you have experience with high-level languages, The Art of Assembly Language, 2nd Edition is your essential guide to learning this complex, low-level language.

BackTrack

Written in an easy-to-follow step-by-step format, you will be able to get started in next to no time with minimal effort and zero fuss.BackTrack: Testing Wireless Network Security is for anyone who has an interest in security and who wants to know more about wireless networks.All you need is some experience with networks and computers and you will be ready to go.

Learn Kali Linux 2019

Explore the latest ethical hacking tools and techniques in Kali Linux 2019 to perform penetration testing from scratch Key Features Get up and running with Kali Linux 2019.2 Gain comprehensive insights into security concepts such as social engineering, wireless network exploitation, and web application attacks Learn to use Linux commands in the way ethical hackers do to gain control of your environment Book Description The current rise in hacking and security breaches makes it more important than ever to effectively pentest your environment, ensuring endpoint protection. This book will take you through the latest version of Kali Linux and help you use various tools and techniques to efficiently deal with crucial security aspects. Through real-world examples, you’ll understand how to set up a lab and later explore core penetration testing concepts. Throughout the course of this book, you’ll get up to speed with gathering sensitive information and even discover different vulnerability assessment tools bundled in Kali Linux 2019. In later chapters, you’ll gain insights into concepts such as social engineering, attacking wireless networks, exploitation of web applications and remote access connections to further build on your pentesting skills. You’ll also focus on techniques such as bypassing controls, attacking the end user and maintaining persistence access through social media. Finally, this pentesting book covers best practices for performing complex penetration testing techniques in a highly secured environment. By the end of this book, you’ll be able to use Kali Linux to detect vulnerabilities and secure your system by applying penetration testing techniques of varying complexity. What you will learn Explore the fundamentals of ethical hacking Learn how to install and configure Kali Linux Get up to speed with performing wireless network pentesting Gain insights into passive and active information gathering Understand web application pentesting Decode WEP, WPA, and WPA2 encryptions using a variety of methods, such as the fake authentication attack, the ARP request replay attack, and the dictionary attack Who this book is for If you are an IT security professional or a security consultant who wants to get started with penetration testing using Kali Linux 2019.2, then this book is for you. The book will also help if you’re simply looking to learn more about ethical hacking and various security breaches. Although prior knowledge of Kali Linux is not necessary, some understanding of cybersecurity will be useful.

Violent Python

Violent Python shows you how to move from a theoretical understanding of offensive computing concepts to a practical implementation. Instead of relying on another attacker’s tools, this book will teach you to forge your own weapons using the Python programming language. This book demonstrates how to write Python scripts to automate large-scale network attacks, extract metadata, and investigate forensic artifacts. It also shows how to write code to intercept and analyze network traffic using Python, craft and spoof wireless frames to attack wireless and Bluetooth devices, and how tos web applications Learn essential hacking techniques attackers use to exploit applications Map and document web applications for which you don’t have direct access Develop and deploy customized exploits that can bypass common defenses Develop and deploy mitigations to protect your applications against hackers Integrate secure coding best practices into your development lifecycle Get practical tips to help you improve the overall security of your web applications

Social Engineering

Harden the human firewall against the most current threats Social Engineering: The Science of Human Hacking reveals the craftier side of the hacker’s repertoire—why hack into something when you could just ask for access? Undetectable by firewalls and antivirus software, social engineering relies on human fault to gain access to sensitive spaces; in this book, renowned expert Christopher Hadnagy explains the most commonly-used techniques that fool even the most robust security personnel, and shows you how these techniques have been used in the past. The way that we make decisions as humans affects everything from our emotions to our security. Hackers, since the beginning of time, have figured out ways to exploit that decision making process and get you to take an action not in your best interest. This new Second Edition has been updated with the most current methods used by sharing stories, examples, and scientific study behind how those decisions are exploited. Networks and systems can be hacked, but they can also be protected; when the “system” in question is a human being, there is no software to fall back on, no hardware upgrade, no code that can lock information down indefinitely. Human nature and emotion is the secret weapon of the malicious social engineering, and this book shows you how to recognize, predict, and prevent this type of manipulation by taking you inside the social engineer’s bag of tricks. Examine the most common social engineering tricks used to gain access Discover which popular techniques generally don’t work in the real world Examine how our understanding of the science behind emotions and decisions can be used by social engineers Learn how social engineering factors into some of the biggest recent headlines Learn how to use these skills as a professional social engineer and secure your company Adopt effective counter-measures to keep hackers at bay By working from the social engineer’s playbook, you gain the advantage of foresight that can help you protect yourself and others from even their best efforts. Social Engineering gives you the inside information you need to mount an unshakeable defense.

Social Engineering

The first book to reveal and dissect the technical aspect of many social engineering maneuvers From elicitation, pretexting, influence and manipulation all aspects of social engineering are picked apart, discussed and explained by using real world examples, personal experience and the science behind them to unraveled the mystery in social engineering. Kevin Mitnick—one of the most famous social engineers in the world—popularized the term “social engineering.” He explained that it is much easier to trick someone into revealing a password for a system than to exert the effort of hacking into the system. Mitnick claims that this social engineering tactic was the single-most effective method in his arsenal. This indispensable book examines a variety of maneuvers that are aimed at deceiving unsuspecting victims, while it also addresses ways to prevent social engineering threats. Examines social engineering, the science of influencing a target to perform a desired task or divulge information Arms you with invaluable information about the many methods of trickery that hackers use in order to gather information with the intent of executing identity theft, fraud, or gaining computer system access Reveals vital steps for preventing social engineering threats Social Engineering: The Art of Human Hacking does its part to prepare you against nefarious hackers—now you can do your part by putting to good use the critical information within its pages.

Linux Basics for Hackers

This practical, tutorial-style book uses the Kali Linux distribution to teach Linux basics with a focus on how hackers would use them. Topics include Linux command line basics, filesystems, networking, BASH basics, package management, logging, and the Linux kernel and drivers. If you're getting started along the exciting path of hacking, cybersecurity, and pentesting, Linux Basics for Hackers is an excellent first step. Using Kali Linux, an advanced penetration testing distribution of Linux, you'll learn the basics of using the Linux operating system and acquire the tools and techniques you'll need to take control of a Linux environment. First, you'll learn how to install Kali on a virtual machine and get an introduction to basic Linux concepts. Next, you'll tackle broader Linux topics like manipulating text, controlling file and directory permissions, and managing user environment variables. You'll then focus in on foundational hacking concepts like security and anonymity and learn scripting skills with bash and Python. Practical tutorials and exercises throughout will reinforce and test your skills as you learn how to: - Cover your tracks by changing your network information and manipulating the rsyslog logging utility - Write a tool to scan for network connections, and connect and listen to wireless networks - Keep your internet activity stealthy using Tor, proxy servers, VPNs, and encrypted email - Write a bash script to scan open ports for potential targets - Use and abuse services like MySQL, Apache web server, and OpenSSH - Build your own hacking tools, such as a remote video spy camera and a password cracker Hacking is complex, and there is no single way in. Why not start at the beginning with Linux Basics for Hackers?

My eLearnSecurity Web Application Pentester experience

This blog post is a review/summary of my experience with the eLearnSecurity Web Application Pentester training path.

eLearnSecurity has this to say about this training path:

The Web Application Pentester path is the most advanced and hands-on training path on web application penetration testing in the market.

This training path starts by teaching you the fundamentals of networking and penetration testing, then proceeds to providing you with the established web application penetration testing methodology and the latest web attacks, and ultimately showcases how to execute more advanced and complicated attacks, by heavily manipulating web application components.

After completing this path, you will be able to perform a professional web application penetration test against any kind of web application or web service, by using your own custom payloads, combining different attacking techniques and evading web application firewalls.

The path develops proficiency towards the NIST role Secure Software Assessor.

A little background

I’ve been a hobby coder since I was 10, and a professional developer for a long time, so I know my way around a computer. I have also in depth networking knowledge, and have been using tools like Wireshark and Fiddler for many years (for testing and development work).

I have done the OSCP and OSWP from Offensive Security in between the parts of this training path.

The start

I had zero experience with pentesting before I started the PTS course, I had only done one HTB box and a couple challenges.

The PTS course was what I used to determine if I wanted to continue with this journey or not. So even though I didn’t spend that many hours in total on it, it took me about a month to finish. I also continued doing HTB in parallel, which also affected the time it took.

I didn’t find the exam to be very hard, but it was very relevant to the course material. This was a great start, and it gave me the confidence I needed to jump on the PWK/OSCP.

Running through the WAPT

The same week as I finished the WiFu/OSWP, which I took directly after PWK/OSCP, the SARS-CoV-2 pandemic caused Norway to go into a state of semi-voluntary lockdown. I was still determined to continue my journey, so I started the WAPT course. It took a while to adjust to the new work from home conditions, both in terms of mentally adjusting and trying to stay away from all the new distractions. This impacted the time I was able to spend on the course.

Since I had very recently finished the OSCP, and the material felt a bit basic (due to my developer background), I decided to just do the slides, and skip both videos and labs.

Once the slides was finished, I jumped straight into the exam. The exam was a lot of fun, and I thoroughly enjoyed it! I submitted my report, went for a walk, and by the time I got back, I had already received the passing grade!

The third and final

WAPT was only a step along the way for me, WAPTX was the one I was waiting for. By the time I started this, I had finally adjusted to the (temporary) “new normal”, and was able to concentrate a lot better. There was a lot of slides to read through, and a lot of great labs. I struggled with a couple of them, but they were all a lot of fun.

I jumped into the exam almost immediately after I finished the material. Compared to the other two exams, this was a beast! I got stuck, badly, several times. It felt like I wasn’t going to make it, but then something finally clicked. Then I got stuck again. But I had come too far to give up, so I managed to get 8 hours to use during the working hours (everything up to this has been after regular working hours), and that was exactly what I needed to break through the wall. I got all the objectives, made sure I had found everything I was able to find, and then it was time to write the report.

Elearnsecurity Exam Guide Exams

I submitted the report, and the the waiting game started. Checking my email every 5 minutes. And then, finally, while driving across the country for the first time in a long while - I received the result I had been waiting for.

WAPTX offline labs

The WAPTXv2 comes with a set of “offline labs”, which consists of a VM and a PDF with further exercises. You have to download and run the VM yourself, which also means it won’t affect your lab time. These exercises are more advanced than the regular labs. I have not done these exercises, yet, but I highly recommend at least looking at them!

Thanks to @DraconianNet for pointing this out to me!

My thoughts

There are a couple things I like about eLearnSecurity, compared to other alternatives:

• Student dashboard with access to all resources - the progress tracker is very nice both for motivation and actually tracking progress
• Dedicated labs - you don’t share the lab environment with any other student
• Exam can be started whenever you are ready - no need to schedule in advance, just click the button and start hacking!
• No restrictions on tools - use whatever tools you are comfortable with, free and commercial
• The exam feels a lot more realistic - you have more time and have to write a professional report

There are also a couple downsides, the biggest being the support. It is much harder to get help. It should be said that the current pandemic has led to an influx of new students, probably making it a lot worse. But for some questions, I did have success asking in the forums. The moderators appear to be quite active at times, which is very nice. The course material, especially for WAPTX, does have some minor bugs, but it’s not too bad.

The labs are really great, but they do get disconnected every now and then (also during the exam), which will give you a new IP address. This is a bit annoying, and force you to keep changing your payloads. It also makes it really hard to run long/slow scans during the night (for the exams).

I also wish ELS would deliver physical certificates, especially for the Elite editions (or at least for a completed training path).

eLearnSecurity is a lot less known than other big names in the industry, but that might change in the future.

Elearnsecurity Exam Guide 2020

PTSv4 / eJPT

The PTS course is a good introduction and warm-up, especially when it is on sale and you can get your employer to pay for it. It is also a nice course for developers/administrators that want to learn more about security.

I consider this course to only be a preparation for the other courses, it’s not enough on its own.

This course is often free in the barebone edition. At the time of writing, you can get it by registering on The Ethical Hacker Network. The free edition is more than enough to see if this is something you want to continue with - so give it a try!

WAPTv3 / eWPT

Elearnsecurity Exam Guide Questions

The WAPT course did feel a bit dated, especially when you get to modules like the Flash module. But a lot of things still work the same was as they did several years ago, so there’s a lot of relevant things in there.

I didn’t do any of the labs (but still have access to them, so I might spend some time on them later), so can’t say much about them. The slides are easy to read.

Given my developer background, a lot of the material was a bit basic for me, but this is still a good course for developers that want to learn more about how attackers can exploit their applications. It is also a nice stepping stone on the way to WAPTX.

WAPTXv2 / eWPTXv2

I watched the launch webinar of WAPTXv2, and wanted to dive right into it. But I finished the PWK, WiFu and WAPT first.

Elearnsecurity Exam Guide Exam

Based on the launch webinar, I was expecting a bit more custom exploits, but the course was mainly focused on firewall evasion/filter bypass. The course does explain some very interesting techniques, and I learnt a lot from it. The labs were great, but the lab guide/solutions are a bit lacking in some of them. It looks like the upgrade from v1 to v2 was a bit rushed, this is apparent also in some of the slides.

I enjoyed both the course, the labs, and the exam (when I finally managed to unstuck myself). Even though there are some minor annoyances, I have no trouble recommending this course to both developers and pentesters. It would be nice to see more about modern applications (JavaScript frameworks, containers, cloud, etc.), but the content is still relevant and interesting.

My advice

This training path is not cheap. I bought all of the courses at discounted prices (end of year sale, launch sale, etc.). I highly recommend keeping an eye out for sales, eLearnSecurity have a lot of them.

Don’t worry too much about the lab time, you probably don’t need 120 hours (nice to have though). Just make sure to stop the lab when you are done with it. The Elite editions do have some nice benefits, but Full is better than nothing! I would not recommend paying for the Barebone edition, it’s simply not worth it (no exam, no video, no labs).

I recommend taking notes during the entire course, for all of the courses. Make your own notebook where you write down everything you discover along the way. I have a git repository where I keep all my notes, written in Markdown in VS Code. This allow me to quickly find commands, techniques, reverse shells, etc. whenever I need it.

Use the forums! Search before you ask. Due to the age of some of the material, you will get some issues with wrong software versions etc. Everyone have the same issues, and the solutions are thoroughly explained in the forums.

Tools

I recommend the following tools:

• XMind - Mind mapping for the exams (and later engagements)
• VSCode - Personal notes
• Joplin - For findings during the exam (easy to organize, and you can paste screenshots directly into it)
• Greenshot - This is the best screenshot application you can get if you use Windows as the host OS

Exam

The exam connection will drop at random intervals, reconnecting will give you a new IP address, so make sure to update your payloads. In some cases you can make the exam environment end up in a state where further exploitation is impossible - this is what we have reverts for, don’t be too afraid to use them.

eJPT exam

If you have done the course material, this exam shouldn’t be too hard. Just make sure you have enough time (maybe do it on a weekend).

I made a excel sheet with all the requirements, printed it, and used it to track my progress during the exam. Double check before you submit your answer.

eWPT exam

This exam will require a lot more time than eJPT, so make sure you have enough time to spend during the 7 day exam period.

Set manual DNS entries or block the exam domain in your DNS server (if you have one - if not, I recommend setting up a pi-hole). The domain used does actually exist. The exam connection will disconnect at random intervals, which may lead to you targeting actual servers on the internet!

Take regular breaks, especially when you are stuck! Make sure you take notes, and screenshots. I recommend mind mapping in XMind, and notes of findings and tool outputs in Joplin.

Write the report like ELS was a customer, focus on quality and presentation. This made it a lot more interesting for me, and I subconsciously put a lot more effort into it.

eWPTX exam

Unless you are a seasoned pentester, I recommend taking a day or two off from work for this one. Or start on a Friday and use the weekend to see if you need to take a day off or not. This exam is considerably harder than the other two. I got stuck, which cost me a lot of time. I would have used a lot less if I didn’t get stuck, but it would probably still take 30-40 hours.

I don’t think I could have done the exam without Burp Suite Professional. I probably could have, but it would have been a lot harder without it. So if you can, use Burp Pro!

Script it if you can. Python was very helpful for me during the exam.
Nothing very difficult, just slight modifications to scripts I used during the labs.

The exam is a bit CTF-ish, but make sure you don’t stop after finding the thing you are looking for.
Make sure you find all the other things as well.

Just as with eWPT, take regular breaks, especially when you are stuck! Make sure you take notes, and screenshots. I recommend mind mapping in XMind, and notes of findings and tool outputs in Joplin.

Same for the report here, think of ELS as a customer.

Time spent

I decided that I wanted to track all the time I spent doing the courses and the exams, resulting in very accurate numbers of time spent.

Time spent across all courses/certifications, not just this training path

Total hours spent: 278 hours, 16 minutes (eJPT: 45 hours, 21 minutes - eWPT: 51 hours, 27 minutes - eWPTX: 181 hours, 28 minutes)

My timeline

• October 16th, 2019: PTP purchased
• November 17th, 2019: eJPT Exam done
• January 23rd, 2020: WAPT and WAPTX purchased
• March 17th, 2020: Started working on WAPT
• March 29th, 2020: WAPT slides finished
• March 31st, 2020: WAPT Exam started
• April 5th, 2020 21:35: WAPT Exam report submitted
• April 5th, 2020 22:02: WAPT Exam graded - passed!
• April 8th, 2020: Started working on WAPTX
• April 25th, 2020: WAPTX slides and lab exercises finished
• April 25th, 2020: WAPTX exam started
• May 2nd, 2020: WAPTX exam report submitted
• May 8th, 2020: WAPTX exam graded - passed!