# eCPPTv3
## eCPPT - Version 3 (newest - after 2024)
### Course duration & Topics β³π
\~ 107 hours (*`~97 of videos`*) **10** courses , **172** videos, **124** quizzes, **67** labs
* [**Resource Development & Initial Access**](https://dev-angelist.gitbook.io/ecpptv3-ptp-notes/readme/ecpptv3/powershell-for-pt) \~ 22 hours
* [**Web Application Attacks** ](https://dev-angelist.gitbook.io/ecpptv3-ptp-notes/readme/ecpptv3/web-app-security)\~ 14 hours
* [**Network Security**](https://dev-angelist.gitbook.io/ecpptv3-ptp-notes/readme/ecpptv3/network-security) \~ 17 hours
* [**Exploit Development** ](https://dev-angelist.gitbook.io/ecpptv3-ptp-notes/readme/ecpptv3/system-security)\~ 7 hours
* [**Post Exploitation**](https://dev-angelist.gitbook.io/ecpptv3-ptp-notes/readme/ecpptv3/linux-exploitation) \~ 18 hours
* [**Red Teaming**](https://dev-angelist.gitbook.io/ecpptv3-ptp-notes/readme/ecpptv3/wi-fi-security) \~ 19 hours
π£οΈ [**RoadMap / Exam Preparation** ](https://dev-angelist.gitbook.io/ecpptv3-ptp-notes/roadmap-and-my-experience)π§π»βπ«
### E-Links ππ
* Where to find the PTPv3 (Professional Penetration Testing v3) course [INE Learning Pathsβ](https://my.ine.com/CyberSecurity/learning-paths/5e26d0ba-d258-49e0-a421-56cc06626f46/penetration-testing-professional-new-2024)
* Where to find the eCPPTv3 certification exam? - [eCPPTv3](https://security.ine.com/certifications/ecppt-certification/)β
### β[eCPPT](https://security.ine.com/certifications/ecppt-certification/) Exam πποΈ
* **Time limit**: 24h
* **Expiration date**: yes
* **Objectives**:
**Information Gathering & Reconnaissance** (10%)
* Perform Host Discovery and Port Scanning on Target Networks
* Enumerate Information From Services Running on Open Ports
**Initial Access** (15%)
* Perform Username Enumeration to Identify Valid User Accounts on Target Systems
* Perform Password Spraying Attacks to Identify Valid Credentials for Initial Access
* Perform Brute-Force Attacks on Remote Access Services for Initial Access
**Web Application Penetration Testing** (15%)
* Perform Web Application Enumeration to Identify Potential Vulnerabilities & Misconfigurations
* Identify and Exploit Common Web Application Vulnerabilities For Initial Access (SQLi, XSS, Command Injection, etc)
* Perform Brute-Force Attacks Against Login Forms
* Exploit Vulnerable and Outdated Web Application Components
* Exfiltrate Data and Credentials From Compromised Web Applications and Databases
**Exploitation & Post-Exploitation** (25%)
* Identify and Exploit Vulnerabilities or Misconfigurations in Services
* Identify and Exploit Privilege Escalation Vulnerabilities
* Dump and Crack Password Hashes
* Identify Locally Stored Unsecured Credentials
**Exploit Development** (5%)
* Develop/Modify Exploit Code For Initial Access and Post-Exploitation
* Identify and Exploit Memory Corruption Vulnerabilities (Stack Overflow, Buffer Overflow)
**Active Directory Penetration Testing** (30%)
* Perform Active Directory Enumeration
* Identify Domain Accounts With Weak or Empty Passwords
* Perform AS-REP Roasting to Steal Kerberos Tickets for Authentication
* Perform Active Directory Lateral Movement Techniques (Pass-the-Hash, Pass-the-Ticket)
* Obtain Domain Admin Privileges/Access
***
{% hint style="info" %}
These notes do not fully cover the original course and may contain errors, but they are definitely a solid foundation in preparing for the certification exam. Feel free to improve them and make a useful push on github to help the community, thanks.
{% endhint %}
## Resources ππ
### π [eCPPT/PTP Cheat Sheet ](https://dev-angelist.gitbook.io/ecpptv3-ptp-notes/ecppt-cheat-sheet)π
> π [Read the Lab Guidelines](https://drive.google.com/file/d/1kgS7gerK5V5yJxOutb12IPMO1-FLf3Yw/view?usp=drive_link) π
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://dev-angelist.gitbook.io/ecpptv3-ptp-notes/readme/ecpptv3.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
