📝eCPPT / PTP - Notes

INE/eLearnSecurity Certified Professional Penetration Tester (eCPPT) / PTP v2 and v3 Notes

📕 eCPPT - Version 3 (newest - after 2024)

Course duration & Topics ⏳📚

~ 107 hours (~97 of videos) 10 courses , 172 videos, 124 quizzes, 67 labs

• Resource Development & Initial Access ~ 22 hours

• Web Application Attacks ~ 14 hours

• Network Security ~ 17 hours

• Exploit Development ~ 7 hours

• Post Exploitation ~ 18 hours

• Red Teaming ~ 19 hours

🛣️ RoadMap / Exam Preparation 🧑🏻‍🏫

E-Links 🔗📔

• Where to find the eCPPTv3 certification exam? - eCPPTv3

• Where to find the PTPv3 (Professional Penetration Testing v3) course INE Learning Paths​

​​eCPPT Exam 📄🖊️

• Time limit: 24h

• Expiration date: yes

• Objectives:

  Information Gathering & Reconnaissance (10%)

  • Perform Host Discovery and Port Scanning on Target Networks

  • Enumerate Information From Services Running on Open Ports

  Initial Access (15%)

  • Perform Username Enumeration to Identify Valid User Accounts on Target Systems

  • Perform Password Spraying Attacks to Identify Valid Credentials for Initial Access

  • Perform Brute-Force Attacks on Remote Access Services for Initial Access

  Web Application Penetration Testing (15%)

  • Perform Web Application Enumeration to Identify Potential Vulnerabilities & Misconfigurations

  • Identify and Exploit Common Web Application Vulnerabilities For Initial Access (SQLi, XSS, Command Injection, etc)

  • Perform Brute-Force Attacks Against Login Forms

  • Exploit Vulnerable and Outdated Web Application Components

  • Exfiltrate Data and Credentials From Compromised Web Applications and Databases

  Exploitation & Post-Exploitation (25%)

  • Identify and Exploit Vulnerabilities or Misconfigurations in Services

  • Identify and Exploit Privilege Escalation Vulnerabilities

  • Dump and Crack Password Hashes

  • Identify Locally Stored Unsecured Credentials

  Exploit Development (5%)

  • Develop/Modify Exploit Code For Initial Access and Post-Exploitation

  • Identify and Exploit Memory Corruption Vulnerabilities (Stack Overflow, Buffer Overflow)

  Active Directory Penetration Testing (30%)

  • Perform Active Directory Enumeration

  • Identify Domain Accounts With Weak or Empty Passwords

  • Perform AS-REP Roasting to Steal Kerberos Tickets for Authentication

  • Perform Active Directory Lateral Movement Techniques (Pass-the-Hash, Pass-the-Ticket)

  • Obtain Domain Admin Privileges/Access

Resources 📑📘

👉 eCPPT/PTP Cheat Sheet 📔

📖 Read the Lab Guidelines 📖

---

https://security.ine.com/certifications/ecppt-certification/

📙 eCPPT - Version 2 (until 2024)

Course duration & Topics ⏳📚

~ 84 hours (~56h of videos) 8 courses , 85 videos, 83 quizzes, 27 labs

• ​System Security ~ 13 hours

• Network Security ~ 33 hours

• PowerShell for Pentesters ~ 6 hours

• ​Linux Exploitation ~ 9 hours

• ​Web App Security ~ 10 hours

• ​Wi-Fi Security ~ 6 hours

• ​Metasploit & Ruby ~ 8 hours

🛣️ RoadMap / Exam Preparation 🧑🏻‍🏫

E-Links 🔗📔

• Where to find the PTPv2 (Professional Penetration Testing v2) course? - INE Learning Paths​

• Where to find the eCPPTv2 certification exam? - eCPPTv2​

​eCPPT Exam 📄🖊️

• Time limit: 7 days + 7 days for report

• Expiration date: no

• Objectives:

  • Penetration testing processes and methodologies, against Windows and Linux targets

  • Vulnerability Assessment of Networks

  • Vulnerability Assessment of Web Applications

  • Advanced Exploitation with Metasploit

  • Performing Attacks in Pivoting

  • Web application Manual exploitation

  • Information Gathering and Reconnaissance

  • Scanning and Profiling the target

  • Privilege escalation and Persistence

  • Exploit Development

  • Advanced Reporting skills and Remediation

Resources 📑📘

👉 eCPPT/PTP Cheat Sheet 📔

📖 Read the Lab Guidelines 📖

---

Other Resources 📑📘

👉 Preparation RoadMap to pass eCPPT/PTP exam 🛣️

👉 Exam Experience (v2) 💯