My Journey into eCXD – eLearnSecurity Certified eXploit Developer

Exploit Developer Student – XDS Course Review

I first want to thank eLearnSecurity for creating such a course on this topic of exploit development. I have always been a big fan of the Windows operating system. For the past few years, I have spent a lot of time on Windows reverse engineering, Windows internals and exploit development on Windows. However, the thing I liked the most about this course is about the diversity they have with both Windows and Linux both x86 and x86_64. I spent quite a good amount of time on learning Linux exploit development and internals and I totally loved to understand those concepts no matter how hard they were to grasp. It is a feeling I cannot explain ?

I will share my thoughts on each section.

Linux Exploit Development

Module 1: Linux Stack Smashing

As usual, this is the introductory module where you will get a nice understanding of Linux internals and basics of stack-based buffer overflows and identifying them.

The labs included for this module are:

  • Hidden Function
  • Linux Basic Stack Overflow
  • Linux x64 Basic Stack Overflow

(more…)

eLearnSecurity Courses

With the competitiveness of the infosec industry, security training is definitely needed. Let me share my story. Back in 2013 I heard about eLearnSecurity. Those days the only courses was Penetration Testing Professional and Penetration Testing Student. But I didn’t have enough money to sign up since I was 16 years old. With the pocket money I had, I signed up for the Penetration Testing Student course since I was curious about the material. I was amazed by their teaching techniques. Everything was so clearly written. After that I had to enter university and I had no time to concentrate on the things I like to do. Gradually eLearnSecurity started developing specialized courses starting from Web Application Penetration Testing and next came the Extreme edition of this. Meanwhile, they launched a course on reverse engineering too which I was really surprised to see that course since it was the first ever course I saw on reverse engineering.
(more…)

Journey into eWPTX

eWPTX

On the request of some people I thought of writing a small review for this course and certificate. The course is WAPTx – Web Application Penetration Tesing eXtreme. The certificate is eWPTX – eLearnSecurity Web application Penetration Tester eXtreme. Last year I completed eWPT you check that post from here.
This course is very up to date compared to other web application penetration testing courses. I learned many things that I didn’t know in different web application technologies. There are many languages, technologies in the world of web applications. It’s very hard to master them all. This course however covers many advanced attack methodologies.

The exam is however “hard”, not matter you are a web developer or a networking guy, you need to make sure you understand how each vulnerability is exploited and also how to bypass filters. You cannot just fire up a tool and expect results. Make sure you understand manual exploitation and exploitation is always not straight forward in real world applications.

I actually loved the exam, it was a very small web app but lots of unseen holes. My experience with SQL injections came in handy in the exam 😉

If you are seeking for a next level certification in web application hacking I would recommend this course.

It was a very fast year! 2016 ended nicely as I planned. By October completed eCPPT, by November completed eCRE, by December completed eWPTX 🙂 Nothing is impossible if you try hard 😉

Thank you everyone for your feedback and messages!

cert

[tweet https://twitter.com/eLearnSecurity/status/814775586640068608]

Passed eCRE!

ecre_certificate_sm
I don’t know how to begin with, I’m not a expert experienced reverse engineer. I actually entered this field recently. Before that I had experience with basic exploit development and solving crackmes. But reverse engineering is not about solving a hard crackme, anyone can code a hard algorithm. However at the beginning some people said that this course is hard for me and not suitable for me. As the course title suggests “Advanced Reverse Engineering of Software” it is surely advanced to a level. I haven’t spent years in this field but I dedicated the last few months in this area and I really learned a lot from this course. If you ask the existing people in this field how to enter this area 9/10 people would recommend the tutorial series of “Lena151”. Actually those tutorials do not give a complete idea and is a bad choice. I’m not the only person who says this.

I have been thinking about why this happens. Thinking back to myself, I started learning reverse engineering by reading the Lena151 tutorials. I thought they were awesome until Daeken told me that was an awful approach to learn reverse engineering.
At first I didn’t understand why they were so bad. After all, Lena’s tutorials had taught me how to crack my first software.

You can check his post from here.

The things I learned in here really helped me to take my C/C++/ASM skills to the next level. Each topic I learned helped me research more and more into the subject.
(more…)

My Journey into eCPPT

This course covers lots of areas in the field of penetration testing. I like the content since it covers good theory as well. They have included new sections such as Ruby and Wi-Fi. The content is very up to date. The exam was more realistic and not CTF based. I’m not going to write a complete review, but I would recommend this course for anyone who wants to enter the field of penetration testing or existing people. Always there’s something to new to learn from any course 😉

ecppt

My Journey into eWPT

Last year I thought of getting certified in the field of web application security since I haven’t done any certifications before. I researched about the current certifications in the market and found out most of them are just answering few MCQs and getting certified, but unfortunately those are highly accepted by different organizations. But when it comes to the info sec industry there’s a bunch of good certifications I had in mind to complete someday. So considering my budget, time and resources I thought of taking eLearnSecurity’s eWPT certification. This certification is highly hands-on and a fully practical penetration test based exam. When it comes to the industry it’s hard to prove we know something, so I think I did a better choice in taking a certification in the field which I have experience since small age. Apart from that before I loose my teens I wanted to get certified 😉
(more…)