HomeGitHubPortfolioTwitter/XMediumCont@ct

eCPPTv3

eCPPT - Version 3 (newest - after 2024)

Course duration & Topics β³πŸ“š

~ 107 hours (~97 of videos) 10 courses , 172 videos, 124 quizzes, 67 labs

πŸ›£οΈ RoadMap / Exam Preparation πŸ§‘πŸ»β€πŸ«

E-Links πŸ”—πŸ“”

​eCPPT Exam πŸ“„πŸ–ŠοΈ

  • Time limit: 24h

  • Expiration date: yes

  • Objectives:

    Information Gathering & Reconnaissance (10%)

    • Perform Host Discovery and Port Scanning on Target Networks

    • Enumerate Information From Services Running on Open Ports

    Initial Access (15%)

    • Perform Username Enumeration to Identify Valid User Accounts on Target Systems

    • Perform Password Spraying Attacks to Identify Valid Credentials for Initial Access

    • Perform Brute-Force Attacks on Remote Access Services for Initial Access

    Web Application Penetration Testing (15%)

    • Perform Web Application Enumeration to Identify Potential Vulnerabilities & Misconfigurations

    • Identify and Exploit Common Web Application Vulnerabilities For Initial Access (SQLi, XSS, Command Injection, etc)

    • Perform Brute-Force Attacks Against Login Forms

    • Exploit Vulnerable and Outdated Web Application Components

    • Exfiltrate Data and Credentials From Compromised Web Applications and Databases

    Exploitation & Post-Exploitation (25%)

    • Identify and Exploit Vulnerabilities or Misconfigurations in Services

    • Identify and Exploit Privilege Escalation Vulnerabilities

    • Dump and Crack Password Hashes

    • Identify Locally Stored Unsecured Credentials

    Exploit Development (5%)

    • Develop/Modify Exploit Code For Initial Access and Post-Exploitation

    • Identify and Exploit Memory Corruption Vulnerabilities (Stack Overflow, Buffer Overflow)

    Active Directory Penetration Testing (30%)

    • Perform Active Directory Enumeration

    • Identify Domain Accounts With Weak or Empty Passwords

    • Perform AS-REP Roasting to Steal Kerberos Tickets for Authentication

    • Perform Active Directory Lateral Movement Techniques (Pass-the-Hash, Pass-the-Ticket)

    • Obtain Domain Admin Privileges/Access

These notes do not fully cover the original course and may contain errors, but they are definitely a solid foundation in preparing for the certification exam. Feel free to improve them and make a useful push on github to help the community, thanks.

Resources πŸ“‘πŸ“˜

πŸ‘‰ eCPPT/PTP Cheat Sheet πŸ“”

πŸ“– Read the Lab Guidelines πŸ“–

PreviouseCPPT / PTP - NotesNext1 - Resource Development & Initial Access