☕
Brinkles Pentesting Notebook
  • Introduction
    • My Journey to Pentesting
    • Twitter
    • Github
  • Certification Reviews
    • OSEP Review
    • CISSP Review
    • OSCP Review
    • RTJC Review
    • RTAC Review
    • CEH Review
    • CRTO Review
    • PNPT Review
    • eWPT Review
    • eJPTv1 Review
    • CCNP Security Review
    • CCNA Review
    • CompTIA Net +, A+ Review
  • C2 and Payloads
    • Sliver C2
    • Cobalt Strike
      • BOFs and Aggressor Scripts
        • Situational Awareness BOF
        • HOLLOW BOF
        • DLL_Version_Enumeration_BOF
        • InlineExecute-Assembly BOF
        • BOF.NET
        • C2-Tool-Collection BOFs
        • Inline-Execute-PE
      • Payloads
  • Tools
    • Internal Tools
      • BloodHound
      • Certi
      • Coercer
      • CrackMapExec
      • DCSync
      • DFSCoerce
      • DonPAPI
      • WMIEXEC
      • Kerberoasting
      • Lsassy
      • mitm6
      • Pcredz
      • PowerSploit
      • PrivExchange
      • Responder / RunFinger
      • Rubeus
      • Seatbelt
      • Seth
    • Web App Pentesting
      • Payload All The Things
        • Directory traversal
          • Deep Traversal
          • More Directory Traversal Payloads
        • SAML Injection
        • XXE - XML External Entity
        • XSS - Cross Site Scripting
        • XSLT Injection
        • XPATH injection
        • Upload Insecure Files
        • SQL injection
          • MSSQL Injection
          • MYSQL Injection
          • Oracle SQL Injection
          • PostgreSQL injection
          • SQLite Injection
        • Server Side Templates Injections
        • Server-Side Request Forgery
          • Payloads Included in Server-Side Request Forgery
        • Request Smuggling
        • OAuth
        • NoSQL injection
        • LDAP injection
        • Kubernetes
        • JSON Web Token
        • HTTP Parameter Pollution
        • GraphQL injection
        • CORS Misconfiguration
        • CRLF
        • Cross-Site Request Forgery
        • CSV Injection (Formula Injection)
        • File Inclusion
          • PHPINFOlfi.py
          • uploadlfi.py
  • Network Security
    • DMVPN GRE NHRP IPsec Profiles
    • Flex VPNs
    • GET VPN with Key Server
    • IKE Site to Site w/ IPSec
    • Point to Point GRE over IPSec
    • Remote Access VPN
    • Helpful Cisco Firewall CLI Commands
Powered by GitBook
On this page
  • Introduction
  • Study Plan
  • Exam
  • Looking back at the exam
  • What this cert did for me

eWPT Review

Introduction

My name is Nick and I am currently a Penetration Tester / Red Team Operator. I had some experience coming into this cert from work as well as previous studies. I started studying for this cert right after completing the eJPT.

Study Plan

My plan was similar to the eJPT. I studied the official INE course for the web app penetration tester certification. It took about 6 months of studying which was way longer than I wanted to finish it by. Work and other life events came into the way so my 3 month goal doubled to about 6 months. For this exam, I did in fact study a bit of extra resources. Portswigger has some awesome labs you can take that help expand knowledge on topics such as XSS, CSRF, XPath injection, etc. As this is not needed to pass the exam, if any topics are not clicking from the INE course, feel free to go to external resources. I used OWASP and Portswigger to further study on some topics I had trouble with. I also completed a few burp suite stand alone labs for clickjacking. However, the INE course is enough to pass the cert.

To prepare for the report writing, I decided to use attack forge at first however switched to a more manual template. For my manual template, I used the Mayor's report template. It can be found here: https://themayor.notion.site/themayor/Pentesting-Notes-9c46a29fdead4d1880c70bfafa8d453a

Reason why I switched off of attack forge was because of customizability. I wanted my attack path to look a certain way and I couldn't figure out how to manipulate attack forge to make my attack path look the way I wanted. Hence, I switched to a more manual report which actually helped me gain experience of writing a full report vs filling in information and having a program automate a report.

Exam

First off, wow... what a challenging exam! After connecting to the exam environment, you receive your scope of what to test. I fell into multiple rabbit holes and wasted hours of testing, realizing that the path I was going down was not the path to focus on. You get 1 week of access to the exam environment, then 1 week to write up a report. I started the exam on a Wednesday afternoon and submitted my report on Monday. I spent about 8 hours Wednesday, 4 hours Thursday, 12 hours Friday, and 8 hours Saturday until I reached my objective. I then spent about 4 hours collecting resources on Sunday and then about 5 hours Monday writing my report. Throughout the exam, I was collecting screenshots of vulnerabilities and collectively building my attack path. I highly recommend this route so you do not have to remember all the steps it took to get to the objective. It also helps immensely when it comes time to build your report.

Looking back at the exam

Like I said above, remember to screenshot findings and paths while testing in the exam. You WILL forget everything you have done and without screenshots, vulnerabilities might be missed. Something that helped me during the exam was I set up a nice folder structure within my kali instance. I had my scanning in one folder, automated tool usage in another, screenshots, attack path, etc. etc. I took screenshots of everything. Luckily I passed my first report submission however, if you submit your report after the 1 week pentesting allowance and do not pass the report submission, your whole baseline will be the screenshots you take and past terminal commands.

EX. If I would have failed my first report submission, and lets say the grader wanted more specific attack path steps, I would not be able to go back into the environment to collect more specific screenshots. I would be stuck with the screenshots I collected and past terminal output.

This is why I highly recommend you take screenshots of everything. Yes, you may not use a lot of them, but it is good to take just in case.

Other than that, make sure you take plenty of breaks, get some good sleep, and eat to help refresh your mind. In the previous review, I talked about how rabbit holes can be huge time wasters. Ensuring you take 10 minute breaks can help break you out of those holes by thinking differently on your approach and trying new techniques.

Negatives of the course:

The one thing I do wish was changed is the learning structure. Yea, the information is good however it was truly death by PowerPoint. I think a huge improvement would be to spend more time on labs, have more interactive videos, and try to limit the PowerPoint slides. I would rather be engaged actively exploiting something than to me scrolling through slides and taking notes for hours and hours.

What this cert did for me

Even though the cert is pretty outdated, the topics are very much alive and thriving. The eJPT showed me that web app pentesting was one of my weaknesses. I still feel like I am weak on web app pentesting (hello imposter syndrome! ) however I have learned a ton of knowledge on different vulnerabilities, exploitation techniques, and remediations on a bunch of popular web app vulns. I strongly suggest this cert if you are interested in bug bounties or just need to improve on your "external" pentesting weeks 😄.

This cert specifically has helped me further understand different concepts from "here is how to trigger a XSS alert box" to "This is how I can take over this website just with a simple xss payload". If anyone is considering taking this exam, I would highly encourage you to do it!

PreviousPNPT ReviewNexteJPTv1 Review

Last updated 2 years ago

Page cover image