TheLeopard65
Published on

INE eCPPTv3 Exam Review (April 2025)

AUTHORS
  • avatar
    NAME
    Yasir Mehmood
    TWITTER

Hi, I am Yasir Mehmood and I recently passed the eCPPTv3 exam, and I wanted to share my experience with this certification. The eCPPTv3 is the third version of the eLearnSecurity Certified Professional Penetration Tester (eCPPT) certification, which was released in June 2024. Although I had high hopes that this new version would improve upon its predecessor, I believe there are better ways to invest your time and money. In this post, I'll highlight both the strengths and weaknesses of the eCPPTv3 exam, as well as share what helped me prepare and what I wish had been different.

My Experience

The eCPPTv3 exam format was a complete black box, and I was provided with very little information about the target, which I had expected. Despite preparing with the available resources, It took 21 hours out of the 24-hour deadline to pass the exam on my first attempt. The official training didn’t fully cover everything required, particularly when it came to Active Directory (AD) pentesting.

However, I had already taken and passed the eLearnSecurity Junior Penetration Tester (eJPT) exam about 8-9 months ago, I had a general idea on what precautionary measures to take. Before starting, I also read a few reviews of the eCPPTv3 certification exam, which helped me learn more about the AD part before beginning the exam. In this review, I will break down what went right and wrong throughout my journey.

Positive Side

  1. Active Directory Learning: One positive aspect was gaining valuable hands-on experience with pentesting Active Directory. This was a key area of the exam, and it was a significant learning opportunity for me.
  2. No Spoilers: The lack of spoilers prior to the exam made it more exciting, though this might change in the future.
  3. Quick Results: The 24-hour exam timeframe was a positive, as it meant I received my results quickly, which was a relief for someone impatient like me.

Negative Sides & My Advice

Now, let’s dive into the issues I faced, as these were significant hurdles during my journey.

1. Inadequate Training

  • The Problem: The training materials provided by INE were not sufficient, especially when it came to Active Directory pentesting. The exam is primarily focused on AD, but the training barely scratched the surface. The training I received was better than what my peers received before me, but it still wasn't enough.
  • My Solution: After reading online review blogs, I realized I needed to supplement the official training with additional resources. I turned to Hack The Box (HTB), Youtube Playlists, and TryHackMe (THM), which were incredibly helpful. Specifically, I tackled HTB Academy’s Active Directory Enumeration & Attacks module and various CTF tracks related to AD. This gave me the necessary skills and hands-on experience, which helped me approach the exam with more confidence.

2. Exam Environment Issues

  • Web Interface: The provided exam environment was frustrating. Instead of a VPN connection, I had to use a web interface (Browser-based Kali Instance), which led to connectivity and speed issues. Additionally, when I first tried to use Firefox for accessing the Guacamole client, copy-paste didn’t work. Switching to Google Chrome resolved this, but it cost me valuable time. I had to reset the lab environment at one point because of lag and the screen tear.
  • Lab Reset Issues: The Lab Reset feature was unreliable. After a reset, I experienced delays and issues with missing flags that should have been available. While I think the browser-based Kali instance is good for the eJPT course, a VPN connection should be provided for the eCPPT exam.

3. No Internet and Broken Tools

  • No Internet: The exam environment did not have internet access, which was a significant limitation. It made it difficult to search for solutions, check documentation, or verify information during the exam. This restriction felt like a major hindrance, especially since many pentesting tasks often require up-to-date information or specific external resources.
  • Broken Tools: Many of the tools I relied on during the exam, such as evil-winrm and Impacket scripts, were broken and didn’t work properly. Key tools like psexec, wmiexec, and smbexec were completely nonfunctional, preventing me from performing essential tasks like lateral movement and remote code execution. Additionally, tools like firepwd.py and SharpHound were either missing or not provided, which severely impacted my ability to conduct thorough Active Directory enumeration. The lack of functional tools hindered my progress and added unnecessary frustration to the exam experience.

Training I Chose

Given the gaps in the official training, I recommend the following resources:

  • Hack The Box Academy – Specifically, the Active Directory Enumeration & Attacks and Windows Attacks & Defense modules.
  • TryHackMe – Various modules related to Linux and Windows exploitation & Privilege Escalation were useful for the exam.
  • YouTube - I watched several YouTube playlists on Active Directory pentesting by various YouTubers to help fill the gap.

Tools and Commands

Here are some of the tools and commands that I used during the exam:

  • AD Enumeration: Kerbrute, Crackmapexec, ldapsearch, PowerView
  • Metasploit: For exploiting vulnerabilities and obtaining shells
  • Powershell Scripts: powerview.ps1, powerup.ps1, winpeas.ps1, linpeas.sh
  • Impacket: psexec, wmiexec, smbexec (I tried to use them, but they didn’t work properly.)
  • Other Tools: wpscan, hydra, hashcat, john, nmap, GTFObins

Note-Taking Tips

Effective note-taking during the exam was crucial for my success. Here’s how I organized my notes:

  • Folder Structure:

    • General: High-level details like scope and subnets
    • Credentials: Document all discovered credentials
    • Hosts: Keep track of host details like IP, service, shares, etc.
    • Brute Force: Track usernames and passwords being tested
    • Nmap Scans: Recorded all the scan results for later use.

  • Tools Used: I used Notion for note-taking, and it was an excellent tool for staying organized.

Conclusion

The eCPPTv3 exam was challenging and provided valuable hands-on experience, particularly in Active Directory pentesting. However, there were significant issues with the training materials and exam environment that made the experience frustrating.

Despite these setbacks, I ultimately found success by supplementing the provided training with additional resources, improving my note-taking process, and leveraging external platforms like Hack The Box.

If you plan on taking the exam, my advice is to prepare extensively in Active Directory and be ready for some potential technical issues during the exam. While there is room for improvement in the certification, it can still be a rewarding experience for those who are dedicated to thorough preparation.

My eCPPT Certification

VIEW THE BLOG POST ON GITHUB