eCPPT: The Least Favourite Certification Out There.

Introduction

The eCPPT is a certification by INE that has been around for quite some time with three different versions where the latest one, version 3, heavily focuses on Active Directory. Two things made me want to take it; Active Directory and there was a summer discount where the prices of the certification voucher were up to 50%! These were enough to convince me to try the exam out.

My Background

Active Directory (AD) is my main strength as I spent years in system administration and networking before shifting into cybersecurity auditing/consulting. Most of my Attacking AD training originally came from TCM Security’s Practical Ethical Hacking Course, followed by Hack The Box Academy and later on OSCP’s PEN-200 course. Not to mention Altered Security’s CRTP course. Based on that I was confident that those materials were already enough for me to not enroll into INE’s eCPPT course and just jump straight into the exam.

Exam Experience

Oh boy, where should I start? Prior to taking the exam I was aware of the issues that some previous exam takers have encountered. When you do a Google search of eCPPTv3 reviews, you will most likely find not so good reviews about it. These range from the web-based Kali environment that they provide, issues with the vulnerable machines not working, slow connection, tools restriction and no internet connection on the attacker machine which means you cannot install custom scripts from Github! This is also another reason why I purchased the exam at a discount as I was not willing to pay full price for what is considered to be a broken exam.

Back to the exam, the format has been changed from writing a report to just answering 45 questions within 24 hours. You will be tested on your scanning, enumeration, initial access, privilege escalation and password cracking, all the usual stuff. If you have practiced enough boxes on TryHackMe, HackTheBox & Proving Grounds, the exam should be a cake walk for you. The only aspect that is unfamiliar is having to answer those 45 questions as you hack your way through the infrastructure. I would consider around 5 - 6 of those as free points since they are all revealed based on your scanning & enumeration. Another 3 - 4 questions are general questions that you can ask ChatGPT for! HAHAHAH.

The main complaints I have for this exam are the restriction to using tools that are pre-installed in the Kali environment which also has no internet connection and some questions are buggy? There were two questions that I knew was the right answer but for some reason their Kali environment was not allowing me to proceed, was it due to tool restriction? A lower version of Metasploit? Or was it my methodology? The tools there were not enough to execute the exploits so two points were lost.

Thoughts

Well luckily despite the issues I passed the exam! Overall I think my experience further justifies the not-so-good reviews this version of eCPPT has out there. Restricted environment to only using their tools, no internet on the attacker machine, broken tools/not updated tools and lastly unable to answer the questions despite getting the exact methodology. They have solved one thing right, which is the 24 hour period to hack these machines just like how the format is for OSCP, but other than that the rest of it is quite poor. I do not think that this exam replicates what a real-life pentester goes through in an assessment. Instead it replicates the situation whereby a pentester is provided with tools that only the organization provides.

Recommended?

Let's keep it short. Recommended? Yes but wait for the discount or wait to see if they come up with a new version that addresses these issues. The exam is not bad, it is similar to PNPT or any black-box assessment where you start off with an external environment. Its just that restricted the tools and environment that make it frustrating for aspiring cybersecurity professionals to attempt it. I am not sure how this certification ranks when compared to other certs. I asked ChatGPT and they mentioned that its second only to OSCP? Hmmm. For me its below the PNPT is better in terms of the overall experience and real-life relevancy. Since I am planning to take the OSCP, this was a good test of my endurance where I also tested out starting the exam at night.