drum roll please .... report is in

[robertray 41]

Hi folks.

I like to engage with learning, for me that also means with my class mates, even if mostly they are virtual. Anyway, quick update for peeps. My report is in.

I actually thought I had until next week. Must have mixed something up there. Lesson in smartphone alerts.

Anyway I feel reasonably positive. For some I think its certainly a challenging task.

It was for me. At the beginning I was s bit worried I would not have even done as much as I felt I did, I've enjoyed the process, I feel I learnt alot. I'm sure I've much more to learn.

Looking forward to my result. But in no rush, I know there is much going on in terms of new developments to look forward to.

[Bluntlee 1]

Congrats man. I would like to say I have enjoyed your contributions to the forum, I have learned from your links and other knowledge you have shared. I myself need to push to get the exam started, but first I want to finish the web app handbook. Hope you still stay as active in the forum your a good source...As well as all the other members who shard their knowledge

Lee

[robertray 41]

Still to pass, I am not assuming anything! Even then I still have plenty to learn so I dont think you will see the last of me.

I would have taken a bit longer. My advice to anyone, is start early. Even if its just building up the structure of your report and collecting up the details.

If I had to do it all over this is what I would do. msfconsole /spwntimemachine

[Armando 156]

Don't think that any of you will leave this forum after certified.

We have so many things you can enroll in again soon...

[matugm 65]

I certified 8 months ago and still checking forums every day =p damn times goes so fast!

[Bluntlee 1]

Matugm do you have any video projects in the works? I was enjoying your tutorials.

[matugm 65]

Yes,a video about the pass the hash technique should be up very soon I sent it to Armando a few days ago.

[robertray 41]

Should be able to find sometime to check out your videos now. Just been too busy lately with work

[Armando 156]

Ye, it will be up soon. Just overwhelmed by the Student course project

[robertray 41]

Delegate :-)

[Bluntlee 1]

cool. thats a nice feature in metasploit

[matugm 65]

cool. thats a nice feature in metasploit

Yes,but metasploit guys didn't invent this,they just imported the functionality,check this great article about the technique:

http://www.sans.org/reading_room/whitepapers/testing/pass-the-hash-attacks-tools-mitigation_33283

[Bluntlee 1]

Thanks for the share. It was a great article, I only new about HD Moore's hashdump but now I see the whole picture. Just one cached domain admin password can cripple an organization

[robertray 41]

Yet another update folks: 1ST Attempt /fail

Yep, I managed to fail on my first go /cry (for any wow or ex-wow heads)

But I was not so disapointed and Ill tell you why, first off the exam is be no means easy!

You need to make sure you give yourself plenty of time, thats my first lesson learned when It comes to pen testing and report writing. Dont put of starting the report writing part to the last minute, preperation is key! In fact it was for sure my downfall.

As I knew this to be the case as I uploaded my first attempt I was expecting to have to improve matters.

So last night I knew this to be the case and set about thinking things over and planning for what I was going to do today.

Woke up fresh, well fresh enough and went about attacking my problem armed with very useful feedback, another study of the materials and a bit of extra research online was extremely helpful, for I think about 2 hours I was sorta stuck and starting to worry again!

I am now happy to say I have now uploaded my 2nd attempt and await further news, hopefully good.

My other lesson today, when you get knocked down just get back up again!

Thanks for a great review.

[Equix3n 1]

I'm sorry to hear about the result and hope that you pass the second time

[robertray 41]

The result is in and I can now say I am a proud holder of another certification!

Its all good here at the moment :-)

Anyone who thinks for one minute, that you will never pass. Don't believe that feeling! Trust me I know.

I say stick with it, keep reading the materials, do some external research and keep testing, and following the methods described.

This is exactly what I done and I have to say it feels pretty good to have reached my own personal goal. I can honestly say I found it to be a real challenge.

Thanks to Armando for his support and patience, thanks to matugm & Equix3n for some great posts to external resources, thanks to everyone else for your questions in the forums and great discussions that also helped with my understanding.

I plan now to keep learning from you all and hopefully contribute something back in return.

Oh yeah and thanks to Brett for not having a voice like the dudes on the CBT nuggets videos ;-)

[Armando 156]

I'm glad you enjoyed our exam.

I believe that the 7 days retake that we give after the first failureis greatly useful to our students to think thoroughly on their mistakes and make a better job with their free retake.

(Sometimes I reject exams cause I know they can do better).

There has been some debate whether 7 days are little time or not.

We always aimed at targeting people with full time jobs that do not have much time to dedicate everyday.

However I was a strong supporter of the little time (7 days) because it forces students to concentrate their efforts and focus much more than if the retake period were say 1 month.

As a last note I'm happy that a great community supporter like Rob has managed to get our certification. Once again congrats to Rob.

[Armando 156]

Oh wow, I didn't realize you bacame a Praefectus in our forums...

[robertray 41]

Never been one of those before :-)

[kesterpoon 0]

Congrads !!!!

[Equix3n 1]

Congrats!!! Perhaps you're the first one to get the newly designed cert.

@Armando 1 week, according to me, is a perfectly reasonable time. Once a student submits his report, then I guess he has already done all the reconnaissance and understands the web application well. During the retake period he just has to focus on finding the vulnerability. With only a week in hand students will be more focused.

For anyone preparing foe the exam: Relax! If you've properly gone through the study materials and understand EACH AND EVERY vulnerability, you'll be fine. It's better to start early as the final report will consume MOST of your time. The eCPPT forum has a lot of useful hints and during the exam period Armando emails further hints every 5-10 days. I found these hints very valuable during my test. Also, KNOW YOUR SCOPE. You might discover 'some' issues with the image provided for the test but it's better to ask the eLearnsecurity support before putting them on the report.

[Armando 156]

Wise words.

Better to ask the forum, if you have doubts. We are here to point you to the right direction.

In the end I consider the exam a further opportunity to learn about pentesting.

[R3B007 0]

Hi Rob

congrats on your achievement. I also just received an email from eLearnSecurity that I passed my exam (second attempt too).

I'm glad all the 2 months of continuous training slides and videos, only after dinner when the kids are asleep, and 4 weeks of gruesome pen testing and report writing, have finally paid off.

By the way, I was browsing through the forum and noticed that the official certificate will be mailed to you. Have you received yours? What should we do to have our certificate mailed to the correct address?

Oh, and I also read your wordpress article on eCPPT – Review and Passed. It was a really nice read, and I felt the same way when I got back my first attempt results....

I was wondering if eLeanSecurity would be coming out with T-Shirts, jackets, collar pins, cups etc for members to purchase, so that we can identify ourselves as eCPPT members. Oh what about the good old, eCPPT logos?

Cheers

X-Man

[robertray 41]

Congrats to you and thanks for reading my blog.

I'm sure Armando will comment on your questions.

As far as having the cert posted out. I have not. Though personally I'm happy with the digital version.

You could email support@elearnsecurity.com to get a response a bit sooner.

[R3B007 0]

Congrats to you and thanks for reading my blog.

I'm sure Armando will comment on your questions.

As far as having the cert posted out. I have not. Though personally I'm happy with the digital version.

You could email support@elearnsecurity.com to get a response a bit sooner.

Thanks and roger that.

Cheers