πŸ“eCPPT / PTP - Notes

INE/eLearnSecurity Certified Professional Penetration Tester (eCPPT) / PTP v2 and v3 Notes

πŸ“• eCPPT - Version 3 (newest - after 2024)

Course duration & Topics β³πŸ“š

~ 107 hours (~97 of videos) 10 courses , 172 videos, 124 quizzes, 67 labs

πŸ›£οΈ RoadMap / Exam Preparation πŸ§‘πŸ»β€πŸ«

​​eCPPT Exam πŸ“„πŸ–ŠοΈ

  • Time limit: 24h

  • Expiration date: yes

  • Objectives:

    Information Gathering & Reconnaissance (10%)

    • Perform Host Discovery and Port Scanning on Target Networks

    • Enumerate Information From Services Running on Open Ports

    Initial Access (15%)

    • Perform Username Enumeration to Identify Valid User Accounts on Target Systems

    • Perform Password Spraying Attacks to Identify Valid Credentials for Initial Access

    • Perform Brute-Force Attacks on Remote Access Services for Initial Access

    Web Application Penetration Testing (15%)

    • Perform Web Application Enumeration to Identify Potential Vulnerabilities & Misconfigurations

    • Identify and Exploit Common Web Application Vulnerabilities For Initial Access (SQLi, XSS, Command Injection, etc)

    • Perform Brute-Force Attacks Against Login Forms

    • Exploit Vulnerable and Outdated Web Application Components

    • Exfiltrate Data and Credentials From Compromised Web Applications and Databases

    Exploitation & Post-Exploitation (25%)

    • Identify and Exploit Vulnerabilities or Misconfigurations in Services

    • Identify and Exploit Privilege Escalation Vulnerabilities

    • Dump and Crack Password Hashes

    • Identify Locally Stored Unsecured Credentials

    Exploit Development (5%)

    • Develop/Modify Exploit Code For Initial Access and Post-Exploitation

    • Identify and Exploit Memory Corruption Vulnerabilities (Stack Overflow, Buffer Overflow)

    Active Directory Penetration Testing (30%)

    • Perform Active Directory Enumeration

    • Identify Domain Accounts With Weak or Empty Passwords

    • Perform AS-REP Roasting to Steal Kerberos Tickets for Authentication

    • Perform Active Directory Lateral Movement Techniques (Pass-the-Hash, Pass-the-Ticket)

    • Obtain Domain Admin Privileges/Access

Resources πŸ“‘πŸ“˜

πŸ‘‰ eCPPT/PTP Cheat Sheet πŸ“”

πŸ“– Read the Lab Guidelines πŸ“–


πŸ“™ eCPPT - Version 2 (until 2024)

Course duration & Topics β³πŸ“š

~ 84 hours (~56h of videos) 8 courses , 85 videos, 83 quizzes, 27 labs

πŸ›£οΈ RoadMap / Exam Preparation πŸ§‘πŸ»β€πŸ«

  • Where to find the PTPv2 (Professional Penetration Testing v2) course? - INE Learning Paths​

  • Where to find the eCPPTv2 certification exam? - eCPPTv2​

​eCPPT Exam πŸ“„πŸ–ŠοΈ

  • Time limit: 7 days + 7 days for report

  • Expiration date: no

  • Objectives:

    • Penetration testing processes and methodologies, against Windows and Linux targets

    • Vulnerability Assessment of Networks

    • Vulnerability Assessment of Web Applications

    • Advanced Exploitation with Metasploit

    • Performing Attacks in Pivoting

    • Web application Manual exploitation

    • Information Gathering and Reconnaissance

    • Scanning and Profiling the target

    • Privilege escalation and Persistence

    • Exploit Development

    • Advanced Reporting skills and Remediation

Resources πŸ“‘πŸ“˜

πŸ‘‰ eCPPT/PTP Cheat Sheet πŸ“”

πŸ“– Read the Lab Guidelines πŸ“–


Other Resources πŸ“‘πŸ“˜

πŸ‘‰ Exam Experience (v2) πŸ’―

Last updated