📝eCPPTv2 / PTP - Notes
INE/eLearnSecurity Certified Professional Penetration Tester (eCPPT) / PTP v2 Notes
📕 eCPPT - Version 3 (newest - after 2024)
Course duration & Topics ⏳📚
~ 107 hours (~97 of videos) 10 courses , 172 videos, 124 quizzes, 67 labs
Resource Development & Initial Access ~ 22 hours
Web Application Attacks ~ 14 hours
Network Security ~ 17 hours
Exploit Development ~ 7 hours
Post Exploitation ~ 18 hours
Red Teaming ~ 19 hours
🛣️ RoadMap / Exam Preparation 🧑🏻🏫
E-Links 🔗📔
Where to find the eCPPTv3 certification exam? - eCPPTv3
Where to find the PTPv3 (Professional Penetration Testing v3) course INE Learning Paths
eCPPT Exam 📄🖊️
Time limit: 24h
Expiration date: yes
Objectives:
Information Gathering & Reconnaissance (10%)
Perform Host Discovery and Port Scanning on Target Networks
Enumerate Information From Services Running on Open Ports
Initial Access (15%)
Perform Username Enumeration to Identify Valid User Accounts on Target Systems
Perform Password Spraying Attacks to Identify Valid Credentials for Initial Access
Perform Brute-Force Attacks on Remote Access Services for Initial Access
Web Application Penetration Testing (15%)
Perform Web Application Enumeration to Identify Potential Vulnerabilities & Misconfigurations
Identify and Exploit Common Web Application Vulnerabilities For Initial Access (SQLi, XSS, Command Injection, etc)
Perform Brute-Force Attacks Against Login Forms
Exploit Vulnerable and Outdated Web Application Components
Exfiltrate Data and Credentials From Compromised Web Applications and Databases
Exploitation & Post-Exploitation (25%)
Identify and Exploit Vulnerabilities or Misconfigurations in Services
Identify and Exploit Privilege Escalation Vulnerabilities
Dump and Crack Password Hashes
Identify Locally Stored Unsecured Credentials
Exploit Development (5%)
Develop/Modify Exploit Code For Initial Access and Post-Exploitation
Identify and Exploit Memory Corruption Vulnerabilities (Stack Overflow, Buffer Overflow)
Active Directory Penetration Testing (30%)
Perform Active Directory Enumeration
Identify Domain Accounts With Weak or Empty Passwords
Perform AS-REP Roasting to Steal Kerberos Tickets for Authentication
Perform Active Directory Lateral Movement Techniques (Pass-the-Hash, Pass-the-Ticket)
Obtain Domain Admin Privileges/Access
Resources 📑📘
📙 eCPPT - Version 2 (until 2024)
Course duration & Topics ⏳📚
~ 84 hours (~56h of videos) 8 courses , 85 videos, 83 quizzes, 27 labs
System Security ~ 13 hours
Network Security ~ 33 hours
PowerShell for Pentesters ~ 6 hours
Linux Exploitation ~ 9 hours
Web App Security ~ 10 hours
Wi-Fi Security ~ 6 hours
Metasploit & Ruby ~ 8 hours
🛣️ RoadMap / Exam Preparation 🧑🏻🏫
E-Links 🔗📔
Where to find the PTPv2 (Professional Penetration Testing v2) course? - INE Learning Paths
Where to find the eCPPTv2 certification exam? - eCPPTv2
eCPPT Exam 📄🖊️
Time limit: 7 days + 7 days for report
Expiration date: no
Objectives:
Penetration testing processes and methodologies, against Windows and Linux targets
Vulnerability Assessment of Networks
Vulnerability Assessment of Web Applications
Advanced Exploitation with Metasploit
Performing Attacks in Pivoting
Web application Manual exploitation
Information Gathering and Reconnaissance
Scanning and Profiling the target
Privilege escalation and Persistence
Exploit Development
Advanced Reporting skills and Remediation
Resources 📑📘
Other Resources 📑📘
👉 Exam Experience (v2) 💯
Last updated