February 17, 2022
eLearnSecurity content and certifications are relatively well-known, with an overall good reputation as their materials are up-to-date and their exams practical and real-life applicable. With that said, and taking into account that there are lots of reviews out there, I won’t be covering the high-level details about it. If you’re interested in the exam I’d recommend you to read both the syllabus and eLS’ landing page.
Technical Background
I’ve already had previous practical and professional experience with security and penetration testing before starting the PTP course, and also familiar with a pretty good amount of the topics covered. I was also doing Vulnhub, HackTheBox and TryHackMe machines.
Exam VS Labs
This is a question that I’ve googled myself and couldn’t find anything, no one comparing the exam to the actual labs, instead only comparing it to OSCP or other exams. As already said, because of the exam’s main focus, you should really know your way around networks, pivoting and post-exploitation. Do not approach this with a user-to-root or CTF mentality as it won’t work. One thing to be noted is that you have plenty of time (7 days), even to learn some stuff while doing the exam. Although I’m a little biased because of previous experience, I really think you should be able to crack it being a student or a professional in other IT segments, just focus on understanding the stuff instead of memorizing it and you should be fine.
Exam Walkthrough
I started my exam on a thursday, my idea was to at least get a root foothold up to friday and burn my neurons in the weekend if necessary, having the whole day available to it. Turns out I managed to finish everything in 3 days and started writing the report. I’m not sure how many hours of actual work i put into the exam, but it wasn’t much to be honest. I’m really not sure how much I can talk about it, and I really don’t want to spoil anything as I think you should figure stuff out by yourself, so I’ll only talk about high-level stuff.
Day 1
Started the exam on January 20th, with eLS you do not need to schedule and bother with proctor stuff, you only click start and the system will generate a VPN access to you, and I really liked this a lot. So first thing I did was to read the letter of engagement and start the initial enumeration. Didn’t took me much time to get the initial foothold and privesc. Then I started pivoting into the internal network and got access to the first machine. I worked on it from 16pm to 21pm or so.
Day 2
Started around 7am, a little groggy. After re-establishing my foothold and configuring the routes, I started enumerating more hosts, made a discovery that I prefer not to quote in here to avoid spoiling anything, but that gave me a boost. A little after I found another thing, so downloaded the thing to a local machine and developed the exploit. Managed to get my exploit working through the pivoting around 2pm, as this was on Friday I was working normally on my job and took several breaks to workout, lunch, take a bath and just chill. This day I struggled a little with the pivoting and a technical detail in one machine. Won’t be spoiling anything, but again, think of it as a real network designed for a company, and not a CTF where you only get flags and take off. I even restarted the environment a couple of times to see if it wasn’t any bug, and it wasn’t.
Day 3
Started the 3rd day with the environment paused after the reset, so i started it all again establishing footholds and configuring the routes. That’s when i found out that there wasn’t anything wrong with the environment, so I started thinking what it could be and figured it out really quickly. The exam environment is unique for you, unlike other exams where you share the environments, so if you think something is out of place i would recommend that you give it a reset and if the issue persists it’s not a bug. After figuring out what i wanted and gathering further information, got a foothold into the final machine, and it only took me a few minutes to privesc.
Spent the next 4 days writing the report, and i was quite thorough with it, made sure all details were covered and everything was in order. I wrote a really detailed, professional and commercial report, as it is also part of the grading and you don’t have specific points to earn, they will examine it as the result of a professional engagement, as if you were hired by them. And what I would like to emphasize is that i did fail the first attempt because I did not provided a step-by-step guided walkthrough of a specific portion, so be sure you do it or you will also fail. I personally totally disagree with this, as I don’t think the excessive details will provide any additional value for the customer, the developer or analyst that would be implementing the mitigations… but sometimes you gotta go with the tide in order to achieve what you want.
Final Thoughts
My main goal with this was to prove myself that I had the skills to do it and also to use it as a step stone to OSCP, and I ended up learning a lot of cool tricks and really sharpened some network and post-exploitation stuff.
Overall I enjoyed the materials, but one thing i disliked was that there are lots of slides, and the videos just cover the same stuff that were in the slides with a narration placed on top. In particular, the System Security module was crushing, and as I’ve said, I already knew the content covered on it, so i imagine that for a newcomer it should be even worse. One thing i wish to have would be some full environments to practice at the end of the courses, to really practice for the exam as there aren’t a lot of machines you can use to practice a full network test. The course also does not cover any Active Directory topics, i missed that a lot as even OSCP has some nowadays, it’s a main point of improvement for a future PTPv6.
Overall I think it is really worth it, either if you already have real-world experience like me but isn’t as sharp on networks and infrastructure or is willing to get certified on something cheaper than Offensive Security or SANS. INE is frequently throwing out some offers, I myself bought a premium pack for $499, including 1 year of access, a $400 voucher and $200 voucher.
References
Post-Exploitation
Buffer Overflows
Pivoting
0 Comments