I recently finished the Penetration Testing Professional (PTPv5) course from eLearnSecurity and sat the certification exam from 18 May to 28 May, and here’s my review and tips for the exam itself!

 

Overall experience

The exam was a decent simulation of a real-world penetration test, from the initial engagement letters to your final deliverable. I had unrestricted access to my own exam lab for 7 days, which looks to be powered by the exact same technology as the Hera labs included in the course. Meaning you’re free to start, stop, resume, and reset (4 times per day which I found pretty plenty) any time.

That said, I did have an issue with resetting my lab when I falsely believed I accidentally crashed a machine in the corporate network and had to email the support and post on the forum for help. They got back to me within one day and a bit more, during which I just sat in my home refreshing my lab controls page once every 15 minutes and slightly in fear of not getting that time back and failling the exam because of this technical issue on their end.

Fortunately, they extended my lab deadline after fixing my instance, so if you’re a student in the middle of the exam right now and are experiencing what I did, rest assured they’d reimburse you for that time!

 

Day by day summary

(I found these summaries on Doyler’s blog and found it immensely helpful to seek solace in the struggles of other exam takers, so thought I should include these for future exam takers too!)

Day 1 on Saturday

I started the exam while still a bit under the weather as I was bedridden with fever for days before. I had to skip ballet class day that day and thought ”what the heck, I’m already forced to be home anyway so might as well start it!” Think I rooted the web server that night.

Day 1.5 on Sunday (because the lab broke)

10 minutes into the lab, while trying to pivot from the web server into the next network, I thought I broke one of the machines with an incompatible metasploit module. Tried to reset it… and the entire lab broke. Emailed the support and posted on the forum that afternoon.

Day 2 on Monday

Got back on track when they fixed it around 5PM my time! Also finally got system on one more machine.

Day 3 on Tuesday

Got one more machine in the current network! I was feeling pretty confident so far and I had been sleeping for 9 hours and generally feeling very relaxed at this point.

Day 4 on Wednesday

This was when I seriously started to worry I might not pass the exam. I fell into a million rabbit holes with my current shells, even resorting to forensics modules in metasploit (which is completely unnecessary btw. If I could tell my past me something, it would be… to not overcomplicate everything and chase every tiny clue when all I needed was frankly obvious and easy to find). The only progress I made that day was finally figuring out why I couldn’t seem to enable RDP for machine #2 before while full-blown ranting to my best friend and having her be my duck while I attempted rubber duck debugging (she’s the best).

Day 5 on Thursday:

I got up early since I was seriously panicking, asking myself what I could’ve missed (sigh what a dummy hahaha. I didn’t miss anything at all. I really just thought there would be more to each machine. Advice: just follow whatever is right in front of you and don’t overthink it). After hours and hours of meticulously combing through every single folder and file, I gave up and decided to work on the custom exploit development part.

Tip for the exploit dev: remember to develop and test it on your local machine. Also remember what ASLR is and what that means for your exploit. If you can complete the system security lab in the course, you already know how to do it. The hardest part probably would be the payload, since the course didn’t teach which bad characters to avoid or how you should find the shellcode. My advice: use msfvenom to generate the shellcode, and search around for bad characters to avoid.

Around midnight, I finally rooted that exploit dev machine. About 3 hours later, the final DMZ machine too.

Day 6 and Day 7

I… gave myself a mini-vacation because I was so happy to have completed the objective.

Day 8 to Day 10

Completed the report with screenshots and notes I took during the exam, which in the end turns out to be 21-page long.

 

Tips I’d give to my past self

  1. No need to overthink anything and it’s probably easier right in front of you.
  2. Have a local Windows machine always ready and don’t waste precious exam time by forgetting about it and frantically downloading an ISO in the middle of the exam.
  3. If you’ve only been doing hackthebox and lab machines like me, you are probably lacking in pivoting experience, since hackthebox ones rarely require you to pivot off layers of network. So practice it more in the labs if you can!
  4. RDP really is the best for pillaging! Much better than snooping around in your meterpreter shells, I guarantee it.

 

Conclusion

As I just submitted the report 3 days ago, I haven’t heard anything back yet. I’ll update this entry once I receive my results! Good luck to all exam takers!

 

Update

Just hours after I posted this, I received the email that I passed! Looks like the examiner didn’t have too much to say for the feedback though, just says “Congratulations! You have been awarded the eCPPTv2 certification.”. Was hoping for some constructive criticism for my report, but I’ll happily take my shiny certificate now ;)

 

Apologies

To the nice people who left comments seeking help on this post, I’m very sorry to say that I’m not able to help anymore because it’s been 3 years since I passed the certification and I no longer remember enough details to give useful tips.

I wish you all the best luck! Just remember what you’ve learnt all this time and take a break sometimes.

 

For you who yearn for modern, fun & efficient cybersec courses

If you feel the same way we do, feel free to check out Dev Aviary.

It’s strange to come back to this post and see when I was still on all these websites despite how dissatisfied I felt with them.

It seems so obvious now that I would want to create the cybersecurity courses that I wish I had when I started. I hope future cybersec students don’t have to repeat my frustrating cybersec learning journey anymore :)