I’ll be putting up a review of the Penetration Testing Professional course put on by eLS soon, but that’s separate from this one. That post will have some tips on how to get through the material in the most efficient way.

If you prefer to watch the video, check out: https://youtu.be/OqzXajcXKdo

Timeline:

Day 1: Started on Valentine’s Day around 6:30 or so. Got an awesome start… got my first box, rooted it, made solid progress. Went to sleep at about 12:30 pm.

Day 2: Woke up at 6… got literally nowhere. Enumerated, enumerated, enumerated. Got really good at enumerating. Ugh. Found some stuff but really sucked at connecting some dots. Connected dots to stuff that didn’t need connecting. Went to bed at about 2 am. I think I forgot to eat a meal or two this day. This was like an 18 hour work day. I got nowhere.

Day 3: On very little sleep, since I was pretty frustrated and felt like I was falling behind. After lunch, I finally caught my second wind and rooted a few more boxes on the network. Finally, some wins. Yay morale. Got started on a little custom exploit development. Went to bed around 1 a.m.

Day 4: I was scratching my head. Could NOT figure out what I was doing wrong with getting access to the last box on the network before getting to the final objective.

Day 4 evening: I started looking up the retake policy. I was pissed and really getting down on myself.

Day 4 around zero dark whatever… I figured it out. Got access to the last box. Decided to get a couple hours of sleep.

Day 5: Ever get frustrated because you know you’re so close but you just can’t figure it out? Yeah, that was me. And I was mad.  Day 5 around 10 (I decided to sleep in a little), I figured it out. Amazing. Creative. Now all that was left was the final objective. At about 1:00 pm, I had rooted the DMZ. Wow. What a good feeling. Finally, I could breathe a little.

Exam Advice:

If this is your next step after the eJPT, be prepared. This is significantly more difficult. The objective of the eJPT is to introduce you to some pen testing concepts. This exam validates you being able to perform a full-scale penetration test at a professional level.

Keep track of what you’re doing. If it didn’t work the first time, don’t bother trying it again and again in hopes that it will magically work and some unicorn will come by to save the day. I wasted a lot of time doing this.

See if you can get off work.

Do not do a fresh Kali install. If everything has been working for you thus far, leave it as is.

Don’t do 16 hour days on the exam. I did it, and it was awful.

Plan your meals. Eat healthy. Set alarms on your phone if you must to make sure that you eat properly.

Don’t detract from stuff you do regularly. I usually try to go for a walk or go to the gym at least every day. I didn’t do that this time and it just hurt me mentally.

Get creative with how you solve some problems. Don’t overcomplicate things. There are many many different ways to get from point A to point B.

Take your time. I didn’t. I wanted to be done. This will only add to your frustration.

Try different payloads.

When you write your report, remember your audience. I’ve never written a pen test report before so it was a new experience for me, but based on the feedback I got, I did alright. Don’t get overly technical. You’re communicating issues potentially to C-level executives. You’re creating value, so your report is better received if they can understand you instead of you talking about what kind of encoding you decided to use.

Think outside the box. Remember, when you’re launching an attack, there are many different configurations. Trust your gut and try different things. You’re trying to be a certified pen tester after all. You’re expected to research new concepts and apply them. So no, all the answers aren’t in the course material, nor should they be.

Keep track of your IP! It’s not a matter of if you get kicked off, but when you have to re-establish your VPN, your IP may change… Mine changed 5 times.

How I prepped:

I prepped for it like I did the eJPT. Focused heavily on the labs and videos. Did the labs 5 times a piece and I must have read them over at least 10 times. Used about 40 hours of lab time which I consider a lot.

I took notes on everything… literally everything. Every slide, every video… everything.

How I recommend you prep:

Take the eJPT

Do everything I did, maybe only do the labs three times. Don’t overdo it like I did. You’ll get to a point where you’re gonna just stop retaining information.

Know your pivoting! Practice! Practice! Practice! One of the best things this exam does is simulate a real life pen test. It is not like other exams or hackthebox where you just need to root something and then move on to another machine, rinse and repeat. This emulates a full-on red team engagement, so get out of the “get root” mentality.

Make sure you know all the concepts, to include custom exploit development. Every little detail matters. There’s a reason that they teach certain things. It’s not frivolous learning.

Learn about basic operating systems stuff. I don’t want to get into too much detail, but this was a learning point for me. I don’t have an IT background, and I had to look up a lot of stuff.

Make a study schedule and stick to it. If you fall behind one day, make it up the next.

A couple links to some useful stuff to help reinforce what I learned:

Buffer overflow – https://www.youtube.com/watch?v=qSnPayW6F7U&t=1s

Another Buffer overflow video – https://www.youtube.com/watch?v=1TNecxUBD1w

Resource scripts (to make things a little easier on yourself during exam time) – https://www.youtube.com/watch?v=2HSKbE61z48

Pivoting – https://www.offensive-security.com/metasploit-unleashed/pivoting/

Socks Proxy – https://www.offensive-security.com/metasploit-unleashed/proxytunnels/

Reporting – https://github.com/hmaverickadams/TCM-Security-Sample-Pentest-Report

Remember, if you want it bad enough, you can do it. Focus on getting to the objective but remember, you should treat the exam like a real life red team engagement.