Return to Level1Techs.com

My review of eLearnSecurity's Penetration Testing Student certification


#1

Hello All!

Some of you may recognize me from the Twitch chat. I haven't been there in a while, but I'll be back, been busy with life and working on this dang cert, so I figured I would share the knowledge and let people know a little about my experience with it. You can check out the cert and associated training here. You can also check out a sample of the course. I am not affiliated with eLearnSecurity in any way. No one is paying me to do this review, and all of my opinions are just that, my opinions. Ya know, standard internet non-sellout disclaimer.

The TL:DR of this is that this cert, and the associated training material, is absolutely great for anyone without a background in Ethical Hacking. It provides a comprehensive training program complete with VM labs and videos, which works great for the student looking to get their hands dirty without spending a ton of time hunting down specific YouTube videos on topics. I would recommend the "Full" version over the "Elite", see below for reasons why.

The course structure, which you can view on eLearnSecurity's site, consists of death by PowerPoint, an informative video with the presenter walking through how to use the tool/concept described in the PowerPoint, and then each topic is given a Virtual Lab, which you can VPN into and use to practice your skills. Overall, it works pretty well, and I found the structure to be quite good at pounding the concepts into my brain for use in the labs later on.

The course walks you through a basic intro to Networking and Information Security, then dabbles with entry level programming (C++ and Python). The programming part is not useless, but I would recommend CodeAcademy and Learn Python the Hard Way for those looking to start down those roads. You end with a walkthrough of the basic methodologies of Penetration Testing:

  1. Information Gathering
  2. Footprinting and Scanning
  3. Vulnerability Assessment
  4. Web Attacks
    5.System Attacks
    6.Network Attacks

I ended up picking up the Elite version of the course, which is more expensive, but gives you access to the training materials via HTML5 for mobile use and the ability to download all the training material in PDF format. It also includes more VM lab time and a non expiring voucher to take the exam whenever I wanted, with 3 free retakes. Please note, if you spring for the "Full" plan, you'll have to take the exam 180 days from the date you buy the course. The mobile Downloads were nice for studying on the go, but I barely used 8 hours of total lab time, and passed the exam on my first time, so I would recommend the "Full" version if you're thinking of picking this up, unless you need the ability to train offline.

If anyone has any questions, feel free to shoot them my way or comment, I'll answer to the best of my ability. Also, if you're interested in this and you've gotten this far, check out Cybrary! They are an absolutely phenomenal free site for learning anything and everything about Cybersecurity.


#2

Do they ha e a low level blue team defensive course? Work is always down to pay for me to learn things.

I really need to learn more pen testing stuff. I have a high level understanding of actually doing it but I know a good bit of how to do it. I would just need to copy someone's homework on the scripts and junk.


#3

Without knowing what it is that you do, I can offer the following:

I can't speak for the quality of any other of their courses, but they do have a Practical Network Defense course, which would likely be a good fit if you're a network guy, but it doesn't go into Incident Response or Threat Hunting. Depending on your budget from work, I would suggest looking into SANS if they will pay for it. Check out SANS SEC401: Security Essentials and SEC501: Advanced Security Essentials - Enterprise Defender. I would recommend 401 if you're just getting into InfoSec, and 501 is a pretty good blue team course. Cybrary also offers a free course on Incident Response and Forensics.


#4

My official job title is Security Analyst but I'm in more of a sys admin role these days since I manage more than just the security appliances. Practical network defense may be a bit under what I'd need but I'll check it out... I appreciate you taking the time to make a review of this.

I don't manage our SAN system directly but I seem to have learned enough. I don't patch it or anything. Enterprise defender may be what I'd want. I like to take as many courses as possible just to make sure I don't have any gaps in knowledge that needs to be filled.

Edit: Threat hunting is probably somewhere I'm weaker at. I have the forensic logs to find someone that's been digging around in memory but I'd like to learn a more aggressive approach.


#5

No problem on making the review! Knowledge is power and early in my career, I had a lot of great people take me under their wings and help me along. I just want to pass their efforts along and help others because I definitely wouldn't be where I am without them. It's great that your employer offers training, and SANS is definitely cream of the crop. Mine doesn't offer training, hence my review of this course, which I got over SANS because of the cost out of my own pocket. ($400 vs $6000).

If you're looking for more threat hunting, FOR508: Advanced Digital Forensics, Incident Response, and Threat Hunting may be a good fit as well. So many choices!


#6

Thanks for sharing, currently working towards Cyber Defense Bachelors and it seems you got more out of this course than I've gotten in two years of college so far.


#7

College sucks.

/s


#8

I've been there. I also got my bachelor's in Cybersecurity, and the degree is more of a key that opens the door to a job, rather than an end all for learning. Trust me, you will learn more in the first year out of school than you will ever learn in school. Degrees simply check the box for HR.

EDIT: Degrees also help you learn how to think analytically and manage your time, at least, mine had that effect.


#9

I've painfully known this since day one. I'll look into this thing you've shown.


#10

from beginning to end, how long did it take you to complete the course?


#11

I would say roughly about 3 weeks of work. Some of the course, like the intro to infosec and networking, as well as the coding parts, I effectively breezed through, since I already work in the field. I would estimate a complete beginner would probably need 4-5 weeks of study. I studied primarily in my time off of work for a few hours a day. Hope that helps! The "Full" package expires 180 days from the time you buy the course, so you have plently of time. The "Elite" version never expires, so if life gets busy, you have until HL3 comes out to complete it.


#12

thanks for replying, and sharing. I am interested in this field and consider this worth-while.


#13

Hi,
i am interested for the practical defense network, do you have any idea about this training course? is this a good one to make a carear change?

i was always interested to achieve a job in the security domain, now i am planning also for CCNA R&S.

kindly can you give an advice?


#14

Standby for necro warning.