Other Security Certifications — TechExams Community https://community.infosecinstitute.com/ Thu, 21 Mar 2019 07:51:39 +0000 en Other Security Certifications — TechExams Community Passed SecurityTube Linux Assembly Expert x86_64 (SLAE64) https://community.infosecinstitute.com/discussion/135108/passed-securitytube-linux-assembly-expert-x86-64-slae64 Mon, 18 Mar 2019 18:00:58 +0000 Other Security Certifications securitychops 135108@/discussions I had planned on starting work on the SLAE64 immediately after finishing the OSCE, however I ended up with a little bit of certification burnout so I took a few months off ... but I am back and ready to share my experience with taking the SecurityTube Linux Assembly Expert x86_64 (SLAE64)!

Just like the x86 version that I reviewed earlier (https://community.infosecinstitute.com/discussion/132948/passed-securitytube-linux-assembly-expert-slae) I was extremely pleased with the overall experience of this course.  I once again learned a lot, and was pleasantly surprised at how seamless the transition from x86 assembly to x86_64 assembly was.  Just like last time, Vivek did a great job of explaining the core concepts and walking the viewer (me) through all of the material.

One thing I would like to point out is that there is a lot of overlap between the x86 and x86_64 versions of the course.  To the tune of the final exam being almost identical in every single way.  There are a few additional requirements on a couple assignments ... but if you have done the x86 version you are going to be experiencing a lot of deja vu.  

However, even though there is so much overlap between the two courses I would still recommend doing them both if you have never done much with shellcode before.  They are just different enough that I feel like it would merit it.  Plus the final exam is still in the same format as the x86 version, which is blogging/github/etc.  And just like last time I had to again dig deep into concepts in order to be able to properly explain them in writing.

All in all, I highly recommend this course to anyone wanting to learn more about 64bit shellcoding.  I consider it a great value at only $149 :)

Below is a breakdown of the course timeline:
-------------------------------
Oct 30, 2018: Course Purchased
Oct 30, 2018: Course materials arrived via email (7ish GB download)
Oct 31, 2018: Realized I was completely burned out and needed a break
Feb 02, 2019: Actually started course :)
Mar 11, 2019: Sent in final exam (links to blog posts, github, etc)
Mar 14, 2019: Received email congratulating me on passing
-------------------------------

As for study materials/tools, here is most of what I used:
-------------------------------
-------------------------------

My blog posts and code just in case anyone wants to read them:
-------------------------------
Blog Posts:
-------------------------------
]]>
Wasn't sure but... https://community.infosecinstitute.com/discussion/135076/wasnt-sure-but Wed, 13 Mar 2019 21:54:31 +0000 Other Security Certifications triplea 135076@/discussions
"You have passed the ISO27001 Lead Implementer. Congratulations."

Can we start talking salaries boss? ]]>
Iso 27001 la/li https://community.infosecinstitute.com/discussion/133908/iso-27001-la-li Wed, 17 Oct 2018 04:12:16 +0000 Other Security Certifications ragolebi 133908@/discussions I would like to as about PECB ISO 27001 LA/LI exam difficulty. I know that "difficulty" is a very generic term. Currently I am CISA ( I prepared myself 3 months), CISM (4 months preparation), OSCP, OSWP and EC Council Security Specialist. I have worked with ISO 27001 and ISO 27002 within two years. Does it is enough to try pass PECB ISO 27001 exams? What do you think? How hard is the exam?

Thanks!]]>
Do I miss something with Pentest Magazine? https://community.infosecinstitute.com/discussion/100767/do-i-miss-something-with-pentest-magazine Tue, 27 May 2014 09:33:12 +0000 Other Security Certifications impelse 100767@/discussions
Am I missing something with them? Are that magazine really good for the prices?

I never had a subscription with them, so please who ever have one please give me your feedback.

Thanks.]]>
Passed eJPT Today! https://community.infosecinstitute.com/discussion/134657/passed-ejpt-today Tue, 15 Jan 2019 21:34:56 +0000 Other Security Certifications Penguineer 134657@/discussions I started the process yesterday afternoon and finished today with a score of 100%.

Before I started the exam, I finished all the modules in the course except for the web application modules. That was a very, VERY bad idea. Pro tip for you guys: Don't skip the web app modules. I am pretty comfortable with the network attack tools and system attack tools, but I was struggling with the web attack tools during the exam. I'm absolutely disgusted at how bad I am at web app pen testing and I'll most likely enroll in eWPT in the future. Also, for some reason I thought that you had to write a report for this exam, so I wasted a few hours on writing the report. I don't know where I got that idea from.

Some tips:
Make sure you have a reliable network connection. I connected to the exam environment using an unreliable wireless connection and my connection dropped more than 3 times during the exam. Why didn't I use a reliable Ethernet connection? Because I don't have one long enough to reach the couch. :D
Make sure you do all the labs

What's Next?
Virtual Hacking Labs: I will be working on rooting those 38 boxes until my OSCP start date. My start date for the OSCP is on March 3, but I might push it back a month depending on where I'm at in VHL. Also, I'm still (lightly) studying for the CSX-P.
]]>
Splunk Certified User Exam Review https://community.infosecinstitute.com/discussion/134296/splunk-certified-user-exam-review Fri, 30 Nov 2018 20:29:08 +0000 Other Security Certifications Kiyori 134296@/discussions

I failed the first Splunk exam (SPLK-1001: Splunk Core Certified User) this afternoon.

However, I wanted to provide a review as it is fairly new. I decided to take the exam, as the end of the free fundamentals course recommended it. This was a “I don’t know what I’m getting into, but I have to do something about it” moment for me.

The exam is 60 multiple-choice questions with a 60 minute time limit. The cost for a Splunk exam voucher is $125. Register on Splunk’s website first, then use the ID they provide to you in an email to register an account on PearsonVUE.

I completed the free Splunk Fundamentals 1 course offered from Splunk two days prior to the exam. My experience with Splunk is limited to the labs in the free course, and lightly exploring the product at the office. Ok, basic information is out of the way. Here’s what I wish I knew and did:

Read the exam blueprint!

Like most certification exams, the free course was not enough to prepare for it. Do the free course, then do it again. Then do it one more time. Pay attention to small details. You will need to know which words turn which color, correct syntax, and which words are case-sensitive.

Information for each command is very important; you will need to know how to rename fields, sort fields, limit fields, etc. In addition, the exam is tricky – they may put two answers that are VERY SIMILAR – these might be clear to those who are experienced using Splunk, but can be tricky for beginners.

Booleans – learn them, review them, practice, practice, practice. Pay attention to how they are written in the search bar. Practice generating long (not necessarily complex) search strings. For example, try searching more than one index and more than one Boolean statement. Remember how algebra has an order of operations and can specify what happens first with parenthesis? Apply that to your practice searches.

You will also need to know default settings for commands, reports, searches, etc. The exam can get tricky by providing two answers which look like they are both correct – the only difference being one includes a description of default values.

I feel a lot better having sat for the exam and experiencing what it was like. Having discovered the blueprint and seeing the exam results, I can narrow down where I need to focus.

And now back to the training.


]]>
eLearnSecurity - IHRPv1 - Incident Handling and Reponse https://community.infosecinstitute.com/discussion/134275/elearnsecurity-ihrpv1-incident-handling-and-reponse Wed, 28 Nov 2018 15:28:31 +0000 Other Security Certifications averageguy72 134275@/discussions
Registration for the overview webinar is below.

https://www.elearnsecurity.com/resources/webinars/ihrpv1_preview
]]>
What to do next https://community.infosecinstitute.com/discussion/135013/what-to-do-next Sat, 02 Mar 2019 23:18:25 +0000 Other Security Certifications nickn100 135013@/discussions I just received my Security+ today. I am wanting to pursue a career in cyber security and do not want to waste anymore time. I have worked as an IT analyst for the past 5 years and now I want to go into security.

I have help desk tier 2 experience but nothing on an admin level. I am planning to study for my CCNA R/S now. I will also get my B.S. in Networking and Cybersecurity next year.

What certs after CCNA should I pursue and which jobs should I aim for? I was thinking a jr sys admin, then a sys admin, then a jr security analyst, and then hopefully something more advanced in cyber a year after I get my degree. 

I was looking at the CEH but to me it doesn't make sense to get it when I don't have any networking certs except Net+ but that is an entry level cert. I was thinking of doing CEH after I get my degree or when I am about to complete it. 

What cert should I get after CCNA if I want to pursue cyber that will help me get an entry level cyber security position? I have heard from many people and on forums that Sec+ does not necessarily help one get a cyber security job, even an entry level one.

My plan is: CCNA R/S, CYSA, CEH

]]>
IT Security Certification Path https://community.infosecinstitute.com/discussion/133612/it-security-certification-path Tue, 11 Sep 2018 20:09:02 +0000 Other Security Certifications JSN 133612@/discussions
This is in the particular order I'd like to pursue them.

Network+
eJPT
OSCP
[h=3][/h]
Would like some input on this track :)]]>
Passed my CREST CCT App exams and now preparing for OSCE https://community.infosecinstitute.com/discussion/134768/passed-my-crest-cct-app-exams-and-now-preparing-for-osce Wed, 30 Jan 2019 03:13:00 +0000 Other Security Certifications 9emin1 134768@/discussions https://community.infosecinstitute.com/discussion/118757/yoloing-oscp/p1

So it has been one hell of a ride since then. I got a job as a security consultant and more or less became specialized in applications due to the type of projects I was exposed to often.

Just wanted to share that it has been great so far and I recently just cleared my CREST CCT App exam. CREST has huge recognition in the UK and it is expanding across APAC.

The CREST CCT App exam was intense. I will be glad to answer any questions here regarding the exam as long as it does not violate the NDA and does not relate to details on the exam questions.

cheers!]]>
eLearnSecurity - Penetration Testing Professional (eCPPT) Journey https://community.infosecinstitute.com/discussion/134126/elearnsecurity-penetration-testing-professional-ecppt-journey Mon, 12 Nov 2018 11:57:43 +0000 Other Security Certifications r3nzsec 134126@/discussions
- Passed CFR (CyberSec First Responder) - March 2018
- Passed eJPT (Junior Penetration Tester) - July 2018
- Passed eCDFP (Digital Forensics Professional) - September
- Been with Blue Team (SOC/IR) for 6 years and counting

Now my goal is to atleast finish eCPPT before the year ends or atleast before the end of January 2019 (I'm just being realistic because of too much labs covered in the course :) ) and this will serve as my journey and will keep you guys posted for every progress that I will make throughout this course.

Thank you! :)]]>
eLearnSecurity Threat Hunting Professional - My course and exam review https://community.infosecinstitute.com/discussion/134707/elearnsecurity-threat-hunting-professional-my-course-and-exam-review Tue, 22 Jan 2019 09:33:31 +0000 Other Security Certifications u1tras 134707@/discussions Hello all,

I've just finished THP course from eLearnSecurity and passed certification exam. So, as I promised here is my course review.
Background
Before I start my course review itself, I'd like to shortly describe how I came up with an idea to take it. Originally, I'm a Red teamer and have over 6 years experience in Pentesting and AppSec domains. I was hooked with blue team activities after participating in one project of my company. But the term "blue team" is too general and I needed to pick up something. My choice fell on Threat Hunting.
However, there are a few issues connected with learning Threat Hunting. First, it is a relatively new discipline and it is hard to find out what exactly you should do and what crucial skills it requires. You can check this post where we were discussing this issue with @LionelTeo and other nice guys:
Secondly, threat hunting is a very wide infosec discipline. Good hunter should be able to demonstrate knowledge and strong practical skills in at least Security Operations, DFIR, CTI and Penetration testing domains.
Having all this information I started searching trainings and courses. Most of them were too expensive for me (Mosse Security, 7Safe, InfoSec institute etc.), didn't have remote eLearning option or promised to make me a hunter within 3-5 days (that's really funny). I've heard a lot of good reviews about eLearnSecurity courses and after getting $200 gift booked THP course before New Year.
Course review
I really liked topics covered in the course, especially Threat Intelligence, Threat hunting methodology and reporting. Slides were pretty good, everything is short and to the point. I highly recommend to dive deep into threat hunting world while you studying course materials and follow to all links provided in the slides. Don't hurry, read them carefully. It will help you on your exam. Videos also were great, high quality, nothing redundant.
Labs. I really liked labs, but some of them were a little bit boring (personally for me). I like challenges and from my perspective it would be great to add some challenge "style" to the labs. I think making them more like exam challenges would be great.
The greatest weakness of the course, and perhabs the only, is the lack of ELK hunting labs. You can't hunt effectively in modern enterprise without using some SIEM solution and its command line, queries, dashboards etc. ELK videos were nice, but it's definitely not enough. I talked to Dimitrios about this issue and he promised to add such labs in a new THP course version. He also mentioned that recently launched IHRP course will contain plenty of ELK labs. So, I'm happy that I've booked this course too:)
Exam
To better prepare for exam I recommend to read carefully THP and eCTHP forums. You should also feel very confident with all tools covered in the course. Google and try to find some useful articles about the tools, their use, useful options and (it is necessary) conduct practical investigations with them. This will really make a big difference to your exam. Don't be lazy, just do it. Read carefully what exactly exam challenge wants from you, don't hurry up. I took an exam with second shot, because I missed one important detail examiner wanted to "hear" from me.
Manage your time, start from the task where you feel confident and move further step by step. It is possible to go through some challenges in parallel, use this option for time consuming tasks.
Personal Takeaways
The best quality for Threat hunter is to be able to think like an attacker. 
Good hunter should know very well attacker's TTPs and be able to reproduce them. This is necessary in order to create a proper detection content and counteract them. During hunting control your mindset, make hypothesis, prove or reject them. When evil discovered - be ready for DFIR activities (more for companies without dedicated DFIR teams).
Timeline
17.12.18 - course started
02.01.19 - course finished (3-6 hrs/day)
09.01.19 - materials and labs have repeated twice (20 labs hrs spent in total)
10.01.19 - exam started
11.01.19 - report uploaded
16.01.19 - report assessed (Fail)
17.01.19 - report corrected and uploaded
19.01.19 - report assessed (Certified)
]]>
eLearnSecurity WAPT Journey https://community.infosecinstitute.com/discussion/127673/elearnsecurity-wapt-journey Thu, 22 Jun 2017 10:52:23 +0000 Other Security Certifications Hausec 127673@/discussions
Yes, I know, I have an active topic on my journey through OSCP. I start PWK in 3 days but my employer graciously also paid for eLearnSecurity's Web Application Penetration Tester course. I bought the "elite" version, so the documentation and certification voucher does not expire, and I have 130 hours of lab time that I can use whenever. Since they don't expire, I decided to enroll anyways, despite knowing my plate is already full with OSCP/PWK. PWK will still be my main focus over the next 3 months, and WAPT will just be something to fall back on during work when I have down time, as it's not as intensive as PWK/OSCP. I've been told from eLearnSec that it takes usually people a month from start to certification.

Just a bit of background on me first: I really don't know a whole lot about web pentesting. I know the basics of XSS, SQLi, RFI, LFI, etc. and I have a few walkthroughs on my website http://www.hausec.com for Mutillidae, but I felt like I needed formal education on it instead of just watching Webpwnized's Mutillidae Youtube series (although he does a great job!).

eLearnSecurity's format is similar to PWK. I have access to their documentation which covers several web pentesting modules as well as videos, labs, and the certification exam that I can take whenever. The modules covered are:

1. Penetration Testing Process
2. Introduction (Cookies, Session mgt)
3. Information Gathering
4. XSS
5. SQLi
6. Authentication and Authorization
7. Session Security
8. Flash Security and Attacks
9. HTML5
10. File and Resource Attacks
11. Other Attacks
12. Web Services
13. XPath


So far I've made it through the first two modules, which were very simple introduction to things like cookies, session management, same-origin policy, etc.

As far as content goes, so far, I'm pleased with it. The slides are not overly-difficult to follow, but I did notice a few typos. Nothing world-ending but if you're paying $1300 for a course, you'd expect proper grammar. The videos clear up any confusion quiet well, as the presenter is very clear and articulate in his explanations (Yes, he speaks clear English). I have not started the labs yet, but it's similar to PWK where you have to VPN in. I plan on doing that once I wrap up this next module. Overall, the presentation is very nice. You're not jumping all over their website to find videos or references or the lab guides, etc. It's all in one place that is easy to navigate. The labs have walkthroughs as well, so if you're stuck, you can ****, which is the opposite of PWK!

This thread will be updated once I get more into it and can give better feedback, but I thought it would be worth sharing as eLearnSecurity is starting to become more popular. So far so good though!]]>
Fellow of Information Privacy https://community.infosecinstitute.com/discussion/120983/fellow-of-information-privacy Wed, 06 Jul 2016 16:45:56 +0000 Other Security Certifications GoodBishop 120983@/discussions
https://iapp.org/certify/fip/

The requirements are that you need a CIPP, either a CIPT or CIPM, and three years of privacy experience, though a ISACA or ISC2 cert would count for a year.

The cost is FREE! As in beer. You just have to fill out the application. You'll need three referrals and a personal statement.

Applications are reviewed by the Certification Department for satisfaction of the program requirements and applicants will be notified of the results within four weeks.
In addition to receiving a digital FIP designation badge that can be highlighted and shared on LinkedIn and other social media sites, successful candidates will also be profiled in our IAPP FIP online directory.
Each new class of fellows will be announced biannually in conjunction with an IAPP conference.

Plus there are no CPEs! Just have to maintain your other IAPP designations.

I do like the experience part of this compared to the CIPP/CIPT/CIPM, but overall it's not bad. More of a recognition thing than anything. I'll let you know how long it takes.]]>
To admins: please, delete this thread https://community.infosecinstitute.com/discussion/134706/to-admins-please-delete-this-thread Tue, 22 Jan 2019 09:07:54 +0000 Other Security Certifications u1tras 134706@/discussions ]]> eLS THP (Threat Hunting Professional) https://community.infosecinstitute.com/discussion/132482/els-thp-threat-hunting-professional Wed, 30 May 2018 18:01:47 +0000 Other Security Certifications Mooseboost 132482@/discussions
For anyone who has done it, did you find the content worth it? I've worked through their PTS and PTP courses and though the material was good, but I have heard that some of the other courses are not as well designed. If you do hunting in your day-to-day and have done the course, do you feel it teaches real-world hunting or is it more of an academic "this isn't how we actually do it".]]>
eLearnSecurity - PTS pricing https://community.infosecinstitute.com/discussion/134655/elearnsecurity-pts-pricing Tue, 15 Jan 2019 20:19:17 +0000 Other Security Certifications bradl3yC 134655@/discussions Just Passed my CCSK + other observations... https://community.infosecinstitute.com/discussion/134513/just-passed-my-ccsk-other-observations Thu, 27 Dec 2018 23:01:24 +0000 Other Security Certifications TheGrind 134513@/discussions Hi everyone,

I'm a long time lurker, first time poster. These forums have been absolutely fantastic in helping me choose which certs to pursue plus how to complete them.

Anyway, I just passed my CCSK v4 exam and have to say it was much harder than expected. I found CCSK on this forum isn't discussed as much as other more popular certs so I decided to write with regards to a few observations about the cert plus tips on how I completed it.

Firstly, my background is Cybersecurity management. I work in consultancy where I advise large enterprises on how to improve their security posture. My clients are usually the CEO, CIO and CISOs. Given everything is cloud these days I somewhat realized that CCSK was an absolute must. For a senior manager, CCSK provides a lot of weight in terms of credentials and helps participate in conversations with Executives and other senior managers.

In terms of the exam itself, as I said before, it was way harder than I expected - even with my background in cloud. The exam consists of 60 multiple choice questions and you have 90 minutes to complete it.

The exam is open book but no matter what resources you have at your fingertips this won't really help you. This is not an exam you can 'c heat' on because 1) you just don't have time to look up the answers and 2) the questions of the exam itself are worded in such a way that you won't find the answers in the materials anyway.

Cloud Security Alliance did a great job of ensuring that the questions require the candidate to really think through each potential answer. Without giving away too much, I found many of the questions reasonably lengthy with each potential answer also requiring a lot of thought. For myself personally, I found about half the questions were relatively straight forward to answer but the other half had my brain running in overdrive.

At the end of the exam you're directed to a screen which tells you if you've passed or failed. You're also told which were your strongest domains and which were your weakest. If you finish the exam early, I high recommend reviewing all your answers using the guide if you have time. I did this for several questions and in my view I believe it was the difference between a pass or fail.

In terms of how I studied, I read through the CCSK guide multiple times, including the ENISA guide. However, I also read through a lot of material that is recommended for CCSP training as well. This included the videos on Cybrary and the CCSP Official Study Guide by O'Hara and Malisow. I also found several CCSK practice exams on Udemy and in my opinion these were the closest to the real thing. There are also flashcards on Quizlet people have posted for this exam and while they're very helpful they won't give you the answers for the exam. That being said, if you can memorize all the terms and definitions provided in these flashcards you'll naturally have a huge advantage. My final point is I don't think the CCSK study guide alone is enough to pass. Others may disagree but I found the CCSP resources being able to provide alternative narratives on what was provided in the CCSK material.

In terms of difficulty, I found the questions on software security and virtualization to be the hardest. But that's just me. Others may find these easier but the questions on these topics listed answers that could easily be debated or argued. At the end of the day there is only one correct answer but when the clock was ticking I found myself panicking somewhat.

Finally, a lot of people on this forum have asked whether they should do CCSK or CCSP. As someone who has been in the industry for a long time my answer is you should aim to do both. I'm now preparing for my CCSP exam and I don't believe it's a question of doing one cert over the other. You're not going to waste your time and if it's about cost then ask your employer to cover the exam or claim the exam cost back on tax like I do. I've followed the advice of several people and started with CCSK before moving to CCSP. The reason is because CCSK can be completed with about four weeks of study but CCSP is a longer journey to prepare for as there is more material to cover. Lastly, as an employer of security professionals myself, if a candidate had either certs I would be interested in interviewing them regardless. Both certs demonstrate a deep knowledge in the field of cloud security so in my opinion one cert is not going to advantage you over the other.

Anyway, hope this helps. Happy to answer any questions also.
]]>
eCPPT over here, even though everyone I know is doing the OSCP https://community.infosecinstitute.com/discussion/129446/ecppt-over-here-even-though-everyone-i-know-is-doing-the-oscp Fri, 06 Oct 2017 10:26:17 +0000 Other Security Certifications supasecuritybro 129446@/discussions
I am just wondering if I am wasting time doing that or should I just move through the material and circle back.]]>
Hugely disappointed in Elearnsecurity- outdated, not working https://community.infosecinstitute.com/discussion/129286/hugely-disappointed-in-elearnsecurity-outdated-not-working Wed, 27 Sep 2017 11:03:18 +0000 Other Security Certifications ITSec_guy 129286@/discussions
Here's the story:
The CEO told me to evaluate these courses. I am not allowed to write the name, but it is a fortune 500 company based in New York and London. Our team is about 40-50 and are looking to spend our yearly training budget. They purchased it for me, so I was luckily.

Going through the courses, I have seen nothing but outdated or non-working material. Here's a summary of the report submitted to the CEO.

Complaint 1:
PTP: Buffer Overflow with XP?? WTF, is this 2002? Yes, the material is adequate, and VERY outdated. Labs not always working.

Complaint 2:
PTS: no Powershell, labs work only half the time (overall and excellent course)

Complaint 3:
ABSOLUTELY no support on their forum. Questions are ignored. I doubt they monitor it....

Complaint 4:
WAPT/WAPTx: Labs don't work correctly, 2-3 years old. (because you know that the web has not changed in that time.)

Complaint 5:
While stating lifetime access, that is not true. The labs are accessible for around a year or so.

Overall, the material is nice for fun, but if you want serious training. I suggest looking somewhere else.]]>
eLearnSecurity WAPTv3 Journey. https://community.infosecinstitute.com/discussion/133591/elearnsecurity-waptv3-journey Sat, 08 Sep 2018 12:55:55 +0000 Other Security Certifications wd40 133591@/discussions
I am starting this thread to motivate me to finish eWPT this year, I am an IT Support guy, at my current job I don't need penetration testing knowledge, and I am forbidden from trying to use any of the things that I learn.
It is a good paying job, a good team and good company, so I don't have a real incentive to try to change jobs.

I started with pen-testing study back in 2014, what I did in the last 3+ years is listed below:
Note: I like to pay for training :)

2014-Dec-14: Bought Penetration Testing Student V2 (49.00$)
2015-Feb-27: Bought Penetration Testing Student V3 (199.00$)
2015-July-12: Passed eJPT v3 :D (0.00$)
2015-June-30: Bought Web Application Penetration Testing V2 Elite (719.40$)
2016-June-30: Bought Penetration Testing Professional v4 Elite (699.30$)
2017-June-28: eWAPT Lab expired, I bought a 60 Hours extension (249.00$)
2018-May-23: Bought Penetration Testing Professional v5 Elite upgrade (519.60$)
2018-Aug-31: Bought Web Application Penetration Testing V3 Elite upgrade (359.70$)

So in total I paid eLearnSecurity 2,795.00$ in 3 years and only have eJPT, this must change.]]>
WAPTv3 Journal https://community.infosecinstitute.com/discussion/133548/waptv3-journal Wed, 05 Sep 2018 02:26:35 +0000 Other Security Certifications Khohezion 133548@/discussions
So I bought the WAPTv3 and I'm going through it now. I know I made a thread about doing the PTPv5 as well... but I decided to stop and start the WAPTv3 when it came out instead.

There are 13 modules as listed on the website. I did the 1st Module last week where it just walks you through a Pentest (something I think the PTPv5 needs btw) and helped me understand a bit of the process pentesters go through.

I am currently on the 2nd module and it seems interesting enough. If you took the eJPT the second module is pretty much an updated version of the "Networking" section I think where it goes over Same origin Policy/HTTP Headers and what not.

I plan on updating this thread regularly so if you have any questions feel free to ask.]]>
Pentester Academy Subscription https://community.infosecinstitute.com/discussion/134375/pentester-academy-subscription Sun, 09 Dec 2018 15:18:56 +0000 Other Security Certifications EnderWiggin 134375@/discussions ]]> Immersive Labs https://community.infosecinstitute.com/discussion/132593/immersive-labs Mon, 11 Jun 2018 21:55:11 +0000 Other Security Certifications Skyyyyy2001 132593@/discussions
from the mode of access, it's quite similar to the pentester lab but the difference is that pentester lab focus on web apps only and immersive labs focus is quite a bit of everything which is quite good and unique from my perspective.

personally, no complaints from me as a student and I can use the labs for free :)]]>
Certified Security Awareness Practitioner (CSAP) https://community.infosecinstitute.com/discussion/134363/certified-security-awareness-practitioner-csap Fri, 07 Dec 2018 21:34:32 +0000 Other Security Certifications Russ5813 134363@/discussions While looking through training on InfoSec Institute, I came across this certification, which I've never heard of. I read through the course syllabus and it sounds like it could be an interesting class. I'm not worried about the marketability of the certificate itself, but I am keen on knowing more about the quality of content. Has anyone here taken this course? Did it meet or exceed your expectations, or do you feel other courses cover the material better?


]]>
Systematic Way To Utilize Security Tools https://community.infosecinstitute.com/discussion/134365/systematic-way-to-utilize-security-tools Fri, 07 Dec 2018 23:56:32 +0000 Other Security Certifications egrizzly 134365@/discussions Hi all,

At one of my client engagements they provided us with about 24 web-based opensource tools to work with to research malicious activity.  

For you experienced guys is their anywhere to find a logical sequence of steps to use in systematically engaging these listed tools to research malicious activity as opposed to just using every single tool and checking things off in a checklist? For instance I meant something like the below example scenario :

To check if a site is malicious

1. Engage tool #1 and key in IP address, If no answer found, then engage tool #A. 
2. Take info from tool #A and key into this other tool #2 to obtain better details. 
3. Take info from tool #2 and key into tool #3 to obtain the user email address.

Thanks in advance for any help, suggestions, etc.


]]>
Passed eJPT https://community.infosecinstitute.com/discussion/134332/passed-ejpt Tue, 04 Dec 2018 18:52:20 +0000 Other Security Certifications triplea 134332@/discussions
Really have learned loads on this course. After seeing some of the things you can do Ive started telling people I wouldnt even bother turning PC's on if I were you lol.

I ran through the course and labs twice and used about 27 hours in total.

Glad Ive done this one, if not for just the knowledge but another cert is nice. Im not sure I would of been able to do this one without having just done a short subnetting course and a linux Ubuntu one.

Recommended

TripleA]]>
Crisc https://community.infosecinstitute.com/discussion/133662/crisc Tue, 18 Sep 2018 11:17:50 +0000 Other Security Certifications breakfast 133662@/discussions
Please can I have some recommendations for CRISC study materials.

I have done online searches and found that below are current latest publications for CRISC but wanted to know if you folks could share and recommend any other materials.

CRISC Review Manual, 6th Edition
CRISC Review Questions, Answers and Explanations 5th Ed.
CRISC Review Questions, Answers & Explanations Database - 12 Month Subscription
CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide



Thank you,]]>
Fortinet NSE4 and over https://community.infosecinstitute.com/discussion/118817/fortinet-nse4-and-over Sat, 09 Apr 2016 04:57:36 +0000 Other Security Certifications mokaz 118817@/discussions
Does anyone have any NSE 4 and beyond experience to share?
I've got access to the partner portal and did all the trainings there already but if you guys would have any other tips i'd be taking them. Of course I also have my hands on a FortiGate VM64 which is up and running as my main UTM at the moment.

Thanks,
regards,
m.]]>
Just passed Digital Forensics Professional https://community.infosecinstitute.com/discussion/134120/just-passed-digital-forensics-professional Sun, 11 Nov 2018 14:41:19 +0000 Other Security Certifications r3nzsec 134120@/discussions


Shoutout to dimitrios, the training director of eLearnSecurity for such a fantastic customer support service. Every time I have question to him, it only took him atleast 15mins to reply and immediately helped me from lab issues up to some confusion on the exam. One of the best support I had! Thanks man! The only topics that I wanted to learn in depth is memory forensics which is not covered on this course, but hopefully they will add this module in the future updates!


I'll start my journey now to eCPPT and will take a rest for 2 days. Hope to finish eCPPT before new year!


PS. I'll make a blog soon about my journey on eJPT, eCDFP and also eCPPT once I finished it! default_smile.png Thanks ELS for this awesome experience. ]]>