eCPPTv3 Review - Dragkob
Table of contents
Dragkob/eCPPT
Comprehensive eCPPTv3 notes and cheat sheets
INE eCPPTv3 Cheat Sheet / Course Notes. You'll find my comprehensive course notes, which also serve as cheat sheets for the eCPPTv3 course. These are the exact materials I used during my exam.
Dragkob/eCPPT
Comprehensive eCPPTv3 notes and cheat sheets
INE eCPPTv3 Cheat Sheet / Course Notes. You'll find my comprehensive course notes, which also serve as cheat sheets for the eCPPTv3 course. These are the exact materials I used during my exam.
My Background
By the time I took the eCPPTv3, I had already completed the eJPTv2 and the Junior Penetration Testing Path on TryHackMe. This background gave me some familiarity with penetration testing and cybersecurity overall.
The Training
The training provided by INE for this certification is insufficient for passing the exam. Unlike the eJPTv2 course, this course has numerous gaps and lacks depth in certain subjects, particularly Active Directory. While the PowerShell section is adequate, much of the course is delivered in a slow, monotonous tone, which may make it feel less engaging. (Very boring, to be honest.) However, insufficient coverage doesn't mean it's an easy course. The curriculum includes advanced techniques, and the PowerShell section, for example, assumes familiarity with Object-Oriented Programming (OOP). The same applies to other topics, such as pivoting; advanced techniques are discussed without covering the basics. This approach is understandable for a professional-level certification, but it's worth noting that while the content may not fully prepare you for the exam, it's challenging-especially if you're new to AD pentesting and privilege escalation.
What to skip in the training
In summary, as of the date of this article, the following sections in the eCPPTv3 course are not included in the exam:
- Client-Side Attacks
- System Security & x86 Assembly Fundamentals
- Exploit Development: Buffer Overflows
- Command & Control (C2/C&C)
However, I highly encourage you to review these sections, as topics like assembly, client-side attacks (e.g., VBA macros), and C2/C&C remain highly relevant and widely used today. If you've paid for the course, make the most of it-these are valuable skills to have on your resume, so don't skip them.
What to do since the training is not enough
Here's what you'll need to supplement the INE course:
Active Directory
The Exam
The exam is significantly more challenging compared to the eJPTv2 - a notable step up. Be thoroughly prepared, as a strong command of your skills is essential. Practice extensively to ensure you're ready for this exam. Be sure to take thorough notes throughout the course and the exam. With multiple CMD windows open, it's easy to lose track, so detailed notes will be invaluable during the exam. Be sure to use Chrome when starting your exam, as many users have encountered issues with other browsers.
Exam Flaws
- 1.As the exam is still new, it can be somewhat unstable. Occasionally, dynamic flags may not be correctly injected into the exam environment, leading to situations where you're searching for something that isn't present on the machines. For example, I encountered a question asking me to locate a user on a specific machine, but the user didn't exist on any machine until I reset the lab, at which point I found it. Be prepared for these potential instabilities.
- 2.The lists provided in the letter of engagement for password cracking and brute-forcing are misleading and will not be helpful. The lists to use are xato-net-10-million-passwords-10000.txt | seasons.txt | months.txt
- 3.Hashcat and Evil-WinRM do not function on the attacker machine. Therefore, you should either use John the Ripper or set up your own Kali VM to run Hashcat.
What's in the exam?
- •There are numerous Windows machines, as this is an AD-focused exam, so this isn't surprising.
- •Linux machines are present as well.
- •A webapp to pentest.
- •Advanced-level Windows privilege escalation. (A lot of people get stuck here)
- •AD Enumeration via PowerShell is a must.
- •Scanning the first 9999 ports is typically sufficient. I never found it necessary to scan all 65535 ports (-p-)
- •Some machines offer multiple methods for gaining access.
- •A LOT of hash cracking.
Target IPs
Don't worry about it. Once you begin the exam, you'll receive a letter of engagement that specifies the exact subnet to scan, so you won't need to guess or go through an extensive host discovery phase to determine where to focus. This was the fastest part of the exam.
Tools I used in the exam
Tips
My primary tip regarding the current course is to avoid purchasing a voucher for the eCPPTv3 at this time. The lab environment is unstable, with several tools not functioning at all. While this forced me to think creatively and find workarounds, it was frustrating given the cost of the certification. This was especially true since the course alone isn't sufficient to pass, and additional resources from other platforms were necessary to adequately prepare. I may reconsider my opinion if the course improves, but based on my experience, I learned far more during the exam than during the course itself, which is not ideal as the course is supposed to prepare me for the exam. Nevertheless, this exam was a significant accomplishment for me. It was challenging and demanding, and I'm very proud of having completed it!
Best of luck! Feel free to reach out if you have any questions.
