So I finally decided to take one of the eLearn Security courses, and decided to start with the Penetration Testing Student course for the eJPT. Wow, I never knew how much I didn't know about attacks. This course was absolutely incredible for someone just entering the penetration testing world. Without giving away too much information, and risk losing my eJPT, I will try to describe the experience.
When I first purchased the course, I bought the Elite version. I chose that due to the infinite amount of time allotted to complete the course. Life gets busy, and mine was no exception. The course started with the basics. What is penetration testion? How do you become a pentester? The beginning of the course covered a lot of information. After going over the basics, the course jumped right into the attacks.
The course itself was definitely NOT boring. The course touched on everything from the penetration testing process, to programming, to exploitation. Some of the tools covered included (but were not limited to) Hydra, SQLMap, NMAP, Nessus and plenty of others. The course dove into the bsics of TCP/IP and included a lab in which you used wireshark to capture credentials. Easy enough, right? The first few labs were a breeze. I started thinking about whether the course itself was worth the purchase, as the techniques discussed were a little on the "obvious" side. However, as the course progressed, things got a lot tougher.
The labs ranged from simple tasks such as adding IP routes in order to reach hidden servers, to full out scanning and exploitation. As you progressed more into the course, you start realizing that the separate labs were actually one large lab. HERA was an incredible learning tool. By time I completed the course itself, I felt like I was armed with enough knowlege to take on the exam.
The day that I started the exam, I was very confident. I had created some scripts beforehand to try and decrease the amount of time certain tasks would take. I grabbed an energy drink, and pressed start. I was given one small piece of information to start with and was informed that this would be a black box test. After reviewing the scope of the engagement, and that single piece of information, my confidence level quickly dropped. I started hammering away at the network, not knowing what exactly I was looking for. After the first hour I was only able to get a picture of the initial network in which I had been given access. Then the unthinkable happened... Our power went out. After a few hours, I realized that this issue wasn't going to get fixed any time soon, so I headed off to bed.
The next morning, I woke up and decided to dive right in. After a few scans, I quickly started seeing a much clearer picture of the networks in which I was attacking. After seven long hours, I had completed the test, and passed with a 90%. This was one of the most difficult tests I have taken in a while.
I wish I could give more information, but due to the strict guidelines put forth by eLearnSecurity, I am unable to really put in much detail. I will say that the course was worth every penny that I invested in it, and would highly recommend it to anyone just starting out in infosec!