eCPPTv3

eCPPT - Version 3 (newest - after 2024)

Course duration & Topics ⏳📚

~ 107 hours (~97 of videos) 10 courses , 172 videos, 124 quizzes, 67 labs

🛣️ RoadMap / Exam Preparation 🧑🏻‍🏫

  • Where to find the PTPv3 (Professional Penetration Testing v3) course INE Learning Paths​

  • Where to find the eCPPTv3 certification exam? - eCPPTv3

eCPPT Exam 📄🖊️

  • Time limit: 24h

  • Expiration date: yes

  • Objectives:

    Information Gathering & Reconnaissance (10%)

    • Perform Host Discovery and Port Scanning on Target Networks

    • Enumerate Information From Services Running on Open Ports

    Initial Access (15%)

    • Perform Username Enumeration to Identify Valid User Accounts on Target Systems

    • Perform Password Spraying Attacks to Identify Valid Credentials for Initial Access

    • Perform Brute-Force Attacks on Remote Access Services for Initial Access

    Web Application Penetration Testing (15%)

    • Perform Web Application Enumeration to Identify Potential Vulnerabilities & Misconfigurations

    • Identify and Exploit Common Web Application Vulnerabilities For Initial Access (SQLi, XSS, Command Injection, etc)

    • Perform Brute-Force Attacks Against Login Forms

    • Exploit Vulnerable and Outdated Web Application Components

    • Exfiltrate Data and Credentials From Compromised Web Applications and Databases

    Exploitation & Post-Exploitation (25%)

    • Identify and Exploit Vulnerabilities or Misconfigurations in Services

    • Identify and Exploit Privilege Escalation Vulnerabilities

    • Dump and Crack Password Hashes

    • Identify Locally Stored Unsecured Credentials

    Exploit Development (5%)

    • Develop/Modify Exploit Code For Initial Access and Post-Exploitation

    • Identify and Exploit Memory Corruption Vulnerabilities (Stack Overflow, Buffer Overflow)

    Active Directory Penetration Testing (30%)

    • Perform Active Directory Enumeration

    • Identify Domain Accounts With Weak or Empty Passwords

    • Perform AS-REP Roasting to Steal Kerberos Tickets for Authentication

    • Perform Active Directory Lateral Movement Techniques (Pass-the-Hash, Pass-the-Ticket)

    • Obtain Domain Admin Privileges/Access


These notes do not fully cover the original course and may contain errors, but they are definitely a solid foundation in preparing for the certification exam. Feel free to improve them and make a useful push on github to help the community, thanks.

Resources 📑📘

📖 Read the Lab Guidelines 📖