Tag Archives: ecPPT

Coliseumlab – Observations

Back in March I wrote a post about my beta testing of http://Coliseumlab.com Elearnsecurity’s latest project.

Well the labs are live and the first new students have arrived in the forums and are experiencing the fresh new design and interface, wow what a difference from the BETA.

I personally was eager to test the new lab simulations that had just been released, to date there are currently 14 live, with I believe more in the pipeline.

The designs are great and yet simple enough, you’re not overwhelmed as you are trying to learn more about the concepts/techniques of particular attacks. You would probably benefit from some prior exposure to tools like burp, dirbuster, sqlmap & firebug to really get the most of your time. Though the support through the forums will assist anyone who feels the need to ask for more information.

I don’t think I need to go into great detail about the actual attacks in this post, you can get those from the link above, instead I wanted to note a few points that I personally felt benefited my  own studies by using my time in the environment.

My observations of any gains I’ve made:

Well I first feel much more confident in using some tools. The more hands on practice you get with software tends to have that affect.

I’m much more serious about taking useful notes. Well worth the effort and something to maintain/improve on into the future.

Saving you time that could be easily wasted by searching the net. Searching the net or through books is not always a shortcut.

Sure it’s easy to search the net, it is also too often easy to get distracted with all the extra content being thrown your way.

Books? Well is that not too far away from your desk.

Spent some time looking at other aspects I was curious about, when given a learning plan for a lab, I like to think “what else I can learn from this?”

This was good; I ended up feeling compelled and motivated to write a ruby script that helps me on a particular Joomla information gathering task.  Thanks to Digitalwestie and Matugm for hints in the right directions, I know you guys are busy with your own stuff. So I do appreciate people who take time out to give a few pointers.

There may be other tools doing the same job, but being able to solve your own problem has its advantages and again keeps me away from the distraction of searching. I also happen to be reading about ruby at the moment, so a chance to get away from the usual puts “hello world” stuff and try to develop these skills somewhat was fantastic!

Trophies gathered.

Tagged , , ,

eCPPT – Review and Passed

I am pleased to be able to report I am now a proud holder of eCPPT.

From my own background and perspective the course and exam was a very enjoyable experience. I would recommend this to anyone interested in security and perhaps on a limited budget.

I had done CEH prior to this course and personally found CEH useful in giving me a good foundation to approach this course. My day-to-day working life is not at the moment centred on security.

From my initial contact with eLearn security, I was impressed by the way I was handled as a potential customer and supported in terms of believing that I could achieve.

I did ponder long and hard before I parted with my own hard-earned cash.

After making my decision to join the course, I initially did feel a bit unsure in what I had bought into, mainly due to my concerns that perhaps I could not do this on my own in a distance learning fashion.

My fears where quickly put to rest, once I seen responses to my questions and I had read every post in the forums to make sure I was not adding posts already answered and just creating a general nuisance of myself.

The responses I received gave me matters to think about and pointers as to where to head to next, which is useful when you’re learning; building on my understanding was a combination of taking in the good advice and information in the slides/videos and asking appropriate questions.

I never felt at any time that if I had tried on my own and had to request for more info that I would not be given some sort of support, be it from someone experienced on the course or Armando the creator himself.

I would also say that experience from network+ and CCNA came in useful, as did some of my previous studies in relation to web technology including HTML, CSS (limited PHP and SQL), a basic understanding of Linux is also helpful.

The challenge of the exam really does focus on expecting you to apply what you learn; I believe this to be an excellent approach. No exam cram sessions on this one I am afraid, if you’re really only looking for another CV filler.

I had good fun and I believe that Armando is building on its success and looking to provide new and interesting experiences for current and potential new students. I look forward to this and hope to continue on as a student/contributor as I learn and have more fun.

If like me you wondered if you had what it took to perform a manual web application penetration test, then this is the one for you!

Details of the course content can be found at http://www.elearnsecurity.com/

Tagged ,