Other Security Certifications — TechExams Community https://community.infosecinstitute.com/ Wed, 16 Jan 2019 18:34:25 +0000 en Other Security Certifications — TechExams Community eLearnSecurity - PTS pricing https://community.infosecinstitute.com/discussion/134655/elearnsecurity-pts-pricing Tue, 15 Jan 2019 20:19:17 +0000 Other Security Certifications bradl3yC 134655@/discussions eLearnSecurity - Penetration Testing Professional (eCPPT) Journey https://community.infosecinstitute.com/discussion/134126/elearnsecurity-penetration-testing-professional-ecppt-journey Mon, 12 Nov 2018 11:57:43 +0000 Other Security Certifications r3nzsec 134126@/discussions
- Passed CFR (CyberSec First Responder) - March 2018
- Passed eJPT (Junior Penetration Tester) - July 2018
- Passed eCDFP (Digital Forensics Professional) - September
- Been with Blue Team (SOC/IR) for 6 years and counting

Now my goal is to atleast finish eCPPT before the year ends or atleast before the end of January 2019 (I'm just being realistic because of too much labs covered in the course :) ) and this will serve as my journey and will keep you guys posted for every progress that I will make throughout this course.

Thank you! :)]]>
eLS THP (Threat Hunting Professional) https://community.infosecinstitute.com/discussion/132482/els-thp-threat-hunting-professional Wed, 30 May 2018 18:01:47 +0000 Other Security Certifications Mooseboost 132482@/discussions
For anyone who has done it, did you find the content worth it? I've worked through their PTS and PTP courses and though the material was good, but I have heard that some of the other courses are not as well designed. If you do hunting in your day-to-day and have done the course, do you feel it teaches real-world hunting or is it more of an academic "this isn't how we actually do it".]]>
Passed eJPT Today! https://community.infosecinstitute.com/discussion/134657/passed-ejpt-today Tue, 15 Jan 2019 21:34:56 +0000 Other Security Certifications Penguineer 134657@/discussions I started the process yesterday afternoon and finished today with a score of 100%.

Before I started the exam, I finished all the modules in the course except for the web application modules. That was a very, VERY bad idea. Pro tip for you guys: Don't skip the web app modules. I am pretty comfortable with the network attack tools and system attack tools, but I was struggling with the web attack tools during the exam. I'm absolutely disgusted at how bad I am at web app pen testing and I'll most likely enroll in eWPT in the future. Also, for some reason I thought that you had to write a report for this exam, so I wasted a few hours on writing the report. I don't know where I got that idea from.

Some tips:
Make sure you have a reliable network connection. I connected to the exam environment using an unreliable wireless connection and my connection dropped more than 3 times during the exam. Why didn't I use a reliable Ethernet connection? Because I don't have one long enough to reach the couch. :D
Make sure you do all the labs

What's Next?
Virtual Hacking Labs: I will be working on rooting those 38 boxes until my OSCP start date. My start date for the OSCP is on March 3, but I might push it back a month depending on where I'm at in VHL. Also, I'm still (lightly) studying for the CSX-P.
]]>
Iso 27001 la/li https://community.infosecinstitute.com/discussion/133908/iso-27001-la-li Wed, 17 Oct 2018 04:12:16 +0000 Other Security Certifications ragolebi 133908@/discussions I would like to as about PECB ISO 27001 LA/LI exam difficulty. I know that "difficulty" is a very generic term. Currently I am CISA ( I prepared myself 3 months), CISM (4 months preparation), OSCP, OSWP and EC Council Security Specialist. I have worked with ISO 27001 and ISO 27002 within two years. Does it is enough to try pass PECB ISO 27001 exams? What do you think? How hard is the exam?

Thanks!]]>
Splunk Certified User Exam Review https://community.infosecinstitute.com/discussion/134296/splunk-certified-user-exam-review Fri, 30 Nov 2018 20:29:08 +0000 Other Security Certifications Kiyori 134296@/discussions

I failed the first Splunk exam (SPLK-1001: Splunk Core Certified User) this afternoon.

However, I wanted to provide a review as it is fairly new. I decided to take the exam, as the end of the free fundamentals course recommended it. This was a “I don’t know what I’m getting into, but I have to do something about it” moment for me.

The exam is 60 multiple-choice questions with a 60 minute time limit. The cost for a Splunk exam voucher is $125. Register on Splunk’s website first, then use the ID they provide to you in an email to register an account on PearsonVUE.

I completed the free Splunk Fundamentals 1 course offered from Splunk two days prior to the exam. My experience with Splunk is limited to the labs in the free course, and lightly exploring the product at the office. Ok, basic information is out of the way. Here’s what I wish I knew and did:

Read the exam blueprint!

Like most certification exams, the free course was not enough to prepare for it. Do the free course, then do it again. Then do it one more time. Pay attention to small details. You will need to know which words turn which color, correct syntax, and which words are case-sensitive.

Information for each command is very important; you will need to know how to rename fields, sort fields, limit fields, etc. In addition, the exam is tricky – they may put two answers that are VERY SIMILAR – these might be clear to those who are experienced using Splunk, but can be tricky for beginners.

Booleans – learn them, review them, practice, practice, practice. Pay attention to how they are written in the search bar. Practice generating long (not necessarily complex) search strings. For example, try searching more than one index and more than one Boolean statement. Remember how algebra has an order of operations and can specify what happens first with parenthesis? Apply that to your practice searches.

You will also need to know default settings for commands, reports, searches, etc. The exam can get tricky by providing two answers which look like they are both correct – the only difference being one includes a description of default values.

I feel a lot better having sat for the exam and experiencing what it was like. Having discovered the blueprint and seeing the exam results, I can narrow down where I need to focus.

And now back to the training.


]]>
Just Passed my CCSK + other observations... https://community.infosecinstitute.com/discussion/134513/just-passed-my-ccsk-other-observations Thu, 27 Dec 2018 23:01:24 +0000 Other Security Certifications TheGrind 134513@/discussions Hi everyone,

I'm a long time lurker, first time poster. These forums have been absolutely fantastic in helping me choose which certs to pursue plus how to complete them.

Anyway, I just passed my CCSK v4 exam and have to say it was much harder than expected. I found CCSK on this forum isn't discussed as much as other more popular certs so I decided to write with regards to a few observations about the cert plus tips on how I completed it.

Firstly, my background is Cybersecurity management. I work in consultancy where I advise large enterprises on how to improve their security posture. My clients are usually the CEO, CIO and CISOs. Given everything is cloud these days I somewhat realized that CCSK was an absolute must. For a senior manager, CCSK provides a lot of weight in terms of credentials and helps participate in conversations with Executives and other senior managers.

In terms of the exam itself, as I said before, it was way harder than I expected - even with my background in cloud. The exam consists of 60 multiple choice questions and you have 90 minutes to complete it.

The exam is open book but no matter what resources you have at your fingertips this won't really help you. This is not an exam you can 'c heat' on because 1) you just don't have time to look up the answers and 2) the questions of the exam itself are worded in such a way that you won't find the answers in the materials anyway.

Cloud Security Alliance did a great job of ensuring that the questions require the candidate to really think through each potential answer. Without giving away too much, I found many of the questions reasonably lengthy with each potential answer also requiring a lot of thought. For myself personally, I found about half the questions were relatively straight forward to answer but the other half had my brain running in overdrive.

At the end of the exam you're directed to a screen which tells you if you've passed or failed. You're also told which were your strongest domains and which were your weakest. If you finish the exam early, I high recommend reviewing all your answers using the guide if you have time. I did this for several questions and in my view I believe it was the difference between a pass or fail.

In terms of how I studied, I read through the CCSK guide multiple times, including the ENISA guide. However, I also read through a lot of material that is recommended for CCSP training as well. This included the videos on Cybrary and the CCSP Official Study Guide by O'Hara and Malisow. I also found several CCSK practice exams on Udemy and in my opinion these were the closest to the real thing. There are also flashcards on Quizlet people have posted for this exam and while they're very helpful they won't give you the answers for the exam. That being said, if you can memorize all the terms and definitions provided in these flashcards you'll naturally have a huge advantage. My final point is I don't think the CCSK study guide alone is enough to pass. Others may disagree but I found the CCSP resources being able to provide alternative narratives on what was provided in the CCSK material.

In terms of difficulty, I found the questions on software security and virtualization to be the hardest. But that's just me. Others may find these easier but the questions on these topics listed answers that could easily be debated or argued. At the end of the day there is only one correct answer but when the clock was ticking I found myself panicking somewhat.

Finally, a lot of people on this forum have asked whether they should do CCSK or CCSP. As someone who has been in the industry for a long time my answer is you should aim to do both. I'm now preparing for my CCSP exam and I don't believe it's a question of doing one cert over the other. You're not going to waste your time and if it's about cost then ask your employer to cover the exam or claim the exam cost back on tax like I do. I've followed the advice of several people and started with CCSK before moving to CCSP. The reason is because CCSK can be completed with about four weeks of study but CCSP is a longer journey to prepare for as there is more material to cover. Lastly, as an employer of security professionals myself, if a candidate had either certs I would be interested in interviewing them regardless. Both certs demonstrate a deep knowledge in the field of cloud security so in my opinion one cert is not going to advantage you over the other.

Anyway, hope this helps. Happy to answer any questions also.
]]>
eLearnSecurity - IHRPv1 - Incident Handling and Reponse https://community.infosecinstitute.com/discussion/134275/elearnsecurity-ihrpv1-incident-handling-and-reponse Wed, 28 Nov 2018 15:28:31 +0000 Other Security Certifications averageguy72 134275@/discussions
Registration for the overview webinar is below.

https://www.elearnsecurity.com/resources/webinars/ihrpv1_preview
]]>
eCPPT over here, even though everyone I know is doing the OSCP https://community.infosecinstitute.com/discussion/129446/ecppt-over-here-even-though-everyone-i-know-is-doing-the-oscp Fri, 06 Oct 2017 10:26:17 +0000 Other Security Certifications supasecuritybro 129446@/discussions
I am just wondering if I am wasting time doing that or should I just move through the material and circle back.]]>
Hugely disappointed in Elearnsecurity- outdated, not working https://community.infosecinstitute.com/discussion/129286/hugely-disappointed-in-elearnsecurity-outdated-not-working Wed, 27 Sep 2017 11:03:18 +0000 Other Security Certifications ITSec_guy 129286@/discussions
Here's the story:
The CEO told me to evaluate these courses. I am not allowed to write the name, but it is a fortune 500 company based in New York and London. Our team is about 40-50 and are looking to spend our yearly training budget. They purchased it for me, so I was luckily.

Going through the courses, I have seen nothing but outdated or non-working material. Here's a summary of the report submitted to the CEO.

Complaint 1:
PTP: Buffer Overflow with XP?? WTF, is this 2002? Yes, the material is adequate, and VERY outdated. Labs not always working.

Complaint 2:
PTS: no Powershell, labs work only half the time (overall and excellent course)

Complaint 3:
ABSOLUTELY no support on their forum. Questions are ignored. I doubt they monitor it....

Complaint 4:
WAPT/WAPTx: Labs don't work correctly, 2-3 years old. (because you know that the web has not changed in that time.)

Complaint 5:
While stating lifetime access, that is not true. The labs are accessible for around a year or so.

Overall, the material is nice for fun, but if you want serious training. I suggest looking somewhere else.]]>
eLearnSecurity WAPT Journey https://community.infosecinstitute.com/discussion/127673/elearnsecurity-wapt-journey Thu, 22 Jun 2017 10:52:23 +0000 Other Security Certifications Hausec 127673@/discussions
Yes, I know, I have an active topic on my journey through OSCP. I start PWK in 3 days but my employer graciously also paid for eLearnSecurity's Web Application Penetration Tester course. I bought the "elite" version, so the documentation and certification voucher does not expire, and I have 130 hours of lab time that I can use whenever. Since they don't expire, I decided to enroll anyways, despite knowing my plate is already full with OSCP/PWK. PWK will still be my main focus over the next 3 months, and WAPT will just be something to fall back on during work when I have down time, as it's not as intensive as PWK/OSCP. I've been told from eLearnSec that it takes usually people a month from start to certification.

Just a bit of background on me first: I really don't know a whole lot about web pentesting. I know the basics of XSS, SQLi, RFI, LFI, etc. and I have a few walkthroughs on my website http://www.hausec.com for Mutillidae, but I felt like I needed formal education on it instead of just watching Webpwnized's Mutillidae Youtube series (although he does a great job!).

eLearnSecurity's format is similar to PWK. I have access to their documentation which covers several web pentesting modules as well as videos, labs, and the certification exam that I can take whenever. The modules covered are:

1. Penetration Testing Process
2. Introduction (Cookies, Session mgt)
3. Information Gathering
4. XSS
5. SQLi
6. Authentication and Authorization
7. Session Security
8. Flash Security and Attacks
9. HTML5
10. File and Resource Attacks
11. Other Attacks
12. Web Services
13. XPath


So far I've made it through the first two modules, which were very simple introduction to things like cookies, session management, same-origin policy, etc.

As far as content goes, so far, I'm pleased with it. The slides are not overly-difficult to follow, but I did notice a few typos. Nothing world-ending but if you're paying $1300 for a course, you'd expect proper grammar. The videos clear up any confusion quiet well, as the presenter is very clear and articulate in his explanations (Yes, he speaks clear English). I have not started the labs yet, but it's similar to PWK where you have to VPN in. I plan on doing that once I wrap up this next module. Overall, the presentation is very nice. You're not jumping all over their website to find videos or references or the lab guides, etc. It's all in one place that is easy to navigate. The labs have walkthroughs as well, so if you're stuck, you can ****, which is the opposite of PWK!

This thread will be updated once I get more into it and can give better feedback, but I thought it would be worth sharing as eLearnSecurity is starting to become more popular. So far so good though!]]>
eLearnSecurity WAPTv3 Journey. https://community.infosecinstitute.com/discussion/133591/elearnsecurity-waptv3-journey Sat, 08 Sep 2018 12:55:55 +0000 Other Security Certifications wd40 133591@/discussions
I am starting this thread to motivate me to finish eWPT this year, I am an IT Support guy, at my current job I don't need penetration testing knowledge, and I am forbidden from trying to use any of the things that I learn.
It is a good paying job, a good team and good company, so I don't have a real incentive to try to change jobs.

I started with pen-testing study back in 2014, what I did in the last 3+ years is listed below:
Note: I like to pay for training :)

2014-Dec-14: Bought Penetration Testing Student V2 (49.00$)
2015-Feb-27: Bought Penetration Testing Student V3 (199.00$)
2015-July-12: Passed eJPT v3 :D (0.00$)
2015-June-30: Bought Web Application Penetration Testing V2 Elite (719.40$)
2016-June-30: Bought Penetration Testing Professional v4 Elite (699.30$)
2017-June-28: eWAPT Lab expired, I bought a 60 Hours extension (249.00$)
2018-May-23: Bought Penetration Testing Professional v5 Elite upgrade (519.60$)
2018-Aug-31: Bought Web Application Penetration Testing V3 Elite upgrade (359.70$)

So in total I paid eLearnSecurity 2,795.00$ in 3 years and only have eJPT, this must change.]]>
WAPTv3 Journal https://community.infosecinstitute.com/discussion/133548/waptv3-journal Wed, 05 Sep 2018 02:26:35 +0000 Other Security Certifications Khohezion 133548@/discussions
So I bought the WAPTv3 and I'm going through it now. I know I made a thread about doing the PTPv5 as well... but I decided to stop and start the WAPTv3 when it came out instead.

There are 13 modules as listed on the website. I did the 1st Module last week where it just walks you through a Pentest (something I think the PTPv5 needs btw) and helped me understand a bit of the process pentesters go through.

I am currently on the 2nd module and it seems interesting enough. If you took the eJPT the second module is pretty much an updated version of the "Networking" section I think where it goes over Same origin Policy/HTTP Headers and what not.

I plan on updating this thread regularly so if you have any questions feel free to ask.]]>
Pentester Academy Subscription https://community.infosecinstitute.com/discussion/134375/pentester-academy-subscription Sun, 09 Dec 2018 15:18:56 +0000 Other Security Certifications EnderWiggin 134375@/discussions ]]> Immersive Labs https://community.infosecinstitute.com/discussion/132593/immersive-labs Mon, 11 Jun 2018 21:55:11 +0000 Other Security Certifications Skyyyyy2001 132593@/discussions
from the mode of access, it's quite similar to the pentester lab but the difference is that pentester lab focus on web apps only and immersive labs focus is quite a bit of everything which is quite good and unique from my perspective.

personally, no complaints from me as a student and I can use the labs for free :)]]>
Certified Security Awareness Practitioner (CSAP) https://community.infosecinstitute.com/discussion/134363/certified-security-awareness-practitioner-csap Fri, 07 Dec 2018 21:34:32 +0000 Other Security Certifications Russ5813 134363@/discussions While looking through training on InfoSec Institute, I came across this certification, which I've never heard of. I read through the course syllabus and it sounds like it could be an interesting class. I'm not worried about the marketability of the certificate itself, but I am keen on knowing more about the quality of content. Has anyone here taken this course? Did it meet or exceed your expectations, or do you feel other courses cover the material better?


]]>
Systematic Way To Utilize Security Tools https://community.infosecinstitute.com/discussion/134365/systematic-way-to-utilize-security-tools Fri, 07 Dec 2018 23:56:32 +0000 Other Security Certifications egrizzly 134365@/discussions Hi all,

At one of my client engagements they provided us with about 24 web-based opensource tools to work with to research malicious activity.  

For you experienced guys is their anywhere to find a logical sequence of steps to use in systematically engaging these listed tools to research malicious activity as opposed to just using every single tool and checking things off in a checklist? For instance I meant something like the below example scenario :

To check if a site is malicious

1. Engage tool #1 and key in IP address, If no answer found, then engage tool #A. 
2. Take info from tool #A and key into this other tool #2 to obtain better details. 
3. Take info from tool #2 and key into tool #3 to obtain the user email address.

Thanks in advance for any help, suggestions, etc.


]]>
Passed eJPT https://community.infosecinstitute.com/discussion/134332/passed-ejpt Tue, 04 Dec 2018 18:52:20 +0000 Other Security Certifications triplea 134332@/discussions
Really have learned loads on this course. After seeing some of the things you can do Ive started telling people I wouldnt even bother turning PC's on if I were you lol.

I ran through the course and labs twice and used about 27 hours in total.

Glad Ive done this one, if not for just the knowledge but another cert is nice. Im not sure I would of been able to do this one without having just done a short subnetting course and a linux Ubuntu one.

Recommended

TripleA]]>
Crisc https://community.infosecinstitute.com/discussion/133662/crisc Tue, 18 Sep 2018 11:17:50 +0000 Other Security Certifications breakfast 133662@/discussions
Please can I have some recommendations for CRISC study materials.

I have done online searches and found that below are current latest publications for CRISC but wanted to know if you folks could share and recommend any other materials.

CRISC Review Manual, 6th Edition
CRISC Review Questions, Answers and Explanations 5th Ed.
CRISC Review Questions, Answers & Explanations Database - 12 Month Subscription
CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide



Thank you,]]>
Fortinet NSE4 and over https://community.infosecinstitute.com/discussion/118817/fortinet-nse4-and-over Sat, 09 Apr 2016 04:57:36 +0000 Other Security Certifications mokaz 118817@/discussions
Does anyone have any NSE 4 and beyond experience to share?
I've got access to the partner portal and did all the trainings there already but if you guys would have any other tips i'd be taking them. Of course I also have my hands on a FortiGate VM64 which is up and running as my main UTM at the moment.

Thanks,
regards,
m.]]>
Just passed Digital Forensics Professional https://community.infosecinstitute.com/discussion/134120/just-passed-digital-forensics-professional Sun, 11 Nov 2018 14:41:19 +0000 Other Security Certifications r3nzsec 134120@/discussions


Shoutout to dimitrios, the training director of eLearnSecurity for such a fantastic customer support service. Every time I have question to him, it only took him atleast 15mins to reply and immediately helped me from lab issues up to some confusion on the exam. One of the best support I had! Thanks man! The only topics that I wanted to learn in depth is memory forensics which is not covered on this course, but hopefully they will add this module in the future updates!


I'll start my journey now to eCPPT and will take a rest for 2 days. Hope to finish eCPPT before new year!


PS. I'll make a blog soon about my journey on eJPT, eCDFP and also eCPPT once I finished it! default_smile.png Thanks ELS for this awesome experience. ]]>
Failed SOC interview https://community.infosecinstitute.com/discussion/133851/failed-soc-interview Wed, 10 Oct 2018 08:22:13 +0000 Other Security Certifications Shane2 133851@/discussions
Background on me. Coming up on the better part of 8 years as an infrastructure guy, worked my way from Tier 1 Helpdesk to Sysadmin. In the past 2 years I have attained the CEH and CCNA Cyber Ops. I got these certs honestly, however with separation of duties, the skills I learned on the Cyber Ops have certainly diminished. And with some slight burnout, my knowledge has diminished as well, as most days recently I want nothing to do with a computer when I get home. These are not excuses, I brought this failed interview on myself, kind of.

SOC role in the DC area.

Required Knowledge/Experience:
A minimum of a Security+ certification
Combination of 3 years' and information security education experience
They preferred experience in their chosen apps, however I was assured by the recruiter that they didn’t require experience, just some knowledge and a willingness to learn.

Pay is 90-100k.

The Interview: Interviewed with a director level Sec guy, and a team lead. Director asked more personality questions, trying to figure out who and what I was. Asked me to run down my resume, had a question here and there, I would guess I did very well here as I have decent soft skills, and he came across as a really nice guy.

The team lead starting asking questions, and this is where I imploded. I had prepared for basic questions. Port numbers, IDS vs IPS, pretty easy stuff that I have been asked before and looking back were way too basic. However, the questions that threw me off weren’t even difficult. “Explain the process of incident response?”. I know this, I should have been able to answer, but I stumbled on my words and froze. He tried to walk me through it, but I let the nerves get me. He then asked me to explain the CCNA Cyber Ops, and how it applies to the job. Again, I know this, but now I’m sweating, these aren’t the questions I prepared for, and I am taking these rather easy and inoffensive interview questions as daggers cutting me down. Death by a thousand (just 2 really) cuts(paper cuts). I have let panic set in, this interview is blown. I, again, stumble on my words.

The director chimes in, probably out of sheer pity, and asks more about my current position, offering an olive branch of comfort, something I can answer with confidence. He states that it looks like they probably need someone with more experience, they want someone to “Hit the ground running”, and asked me where I would fit in. I told him SOC 1, to which they both agree. However this isn’t an interview for SOC 1. I did mention that it is difficult to break into security when every entry position wants 3-5 years of hands on experience, and if a shop is following industry standard, then separation of duty is a dagger to the employee trying to transition. We shook hands, I thanked them for their time.
Both interviewers handled my implosion well. I really appreciate them for that.

Lessons Learned:

Its time to stop allowing myself to be “burned out”. A lot of it is laziness for which I am making an excuse.

Sharpen my skills on a daily or weekly basis. I did not represent my certifications well in that interview. Again, my fault.

Prepare better and in a wider scope. I will say that I was under the impression this was a role for someone with little experience, and because of that I only prepared for that. I was wrong and have no one to blame but myself.

Dust myself off, and put myself out there again. Not every interview will go well. I really want to transition to a security focused role. And I won’t get there unless I open myself up the embarrassment that I endured in this interview.

**** happens. Move on. Continue learning. Don’t be dumb.]]>
eJPT exam https://community.infosecinstitute.com/discussion/134174/ejpt-exam Thu, 15 Nov 2018 21:54:55 +0000 Other Security Certifications triplea 134174@/discussions Hi.

I've done the course and will be taking the exam in a few weeks.

Without breaking and NDA what format does the exam come in? Is it the same as the labs? Are you give a separate set of tasks any have to come back with an answer to each? Does the course cover EVERYTHING you needed to know? did anyone take the 3 days or fail?

Cheers.


]]>
eLearnSecurity eMAPT review https://community.infosecinstitute.com/discussion/129284/elearnsecurity-emapt-review Wed, 27 Sep 2017 08:31:45 +0000 Other Security Certifications ottucsak 129284@/discussions
The course is available in 3 different packages and I would recommend going for the most expensive as that's the only one that contains HTML5 and PDF. If you go with the more expensive packs, you also get exam voucher (with free retake), hands-on lab exercises with walkthroughs and several hours of training videos.

My approach was to go through the slides first from beginning to the end. These contained really deep technical knowledge about the security aspect of mobile applications, so they give you a very strong foundation for security testing. After that I watched all the videos, which were helpful, but basically contained roughly the same information that's in the slides.

By this time I had enough theoretical knowledge to start the labs. Instead of a single vulnerable mobile application like sieve or DIVA, you get several smaller applications and instructions on how to find vulnerabilities or exploit them. I preferred this approach as I had to do more legwork, than with a single app and gave me more opportunity to practice. Unfortunately, the labs don't cover the actual hardcore part of mobile application security (deobfuscation, mobile application hooking) and sometimes uses simple tools to do tasks that can be done more efficiently, but overall it's a good start for a beginner who wants to learn more about mobile security. To make sure that I can take everything they throw at me, I also trained on some vulnerable apps like sieve or DIVA.

For the exam, you have 7 days to craft a PoC that exploits the vulnerabilities found in the exam applications. The exam is only for Android, so you don't need to own an OSX or an iOS device. If you are well-prepared for the exam, you can tackle it in a few hours. For me it took less than two hours to find the exploit chain and another 3-4 hours to learn how to make an Android application that exploits the vulnerabilities. Overall, I enjoyed the exam, but I didn't break a sweat, I was expecting more red herrings and exploit routes that take you nowhere, so if you already know how to hack mobile applications, it might be a walk in the park for you.

Overall, I would recommend this course to people who want to start learning about hacking mobile apps and developers who want to write/design secure mobile applications. It gives you a strong foundation in mobile application security, but doesn't go too deep into the hacking part, so you might need to do more research depending on your interests.

Pro:
  • The only up-to-date mobile security course
  • Gives a great overview on mobile app security
  • Useful for both developers and penetration testers
  • 26 hands-on labs
Cons:
  • The exam is not really challenging
  • The videos don't add much more value
  • The cheaper packages only contain the Adobe Flash version of the course icon_cry.gif
tl;dr: Good foundation course/certification for beginner penetration testers or developers. 4/5]]>
Can you recommend me a good Advanced Reverse engineer course? https://community.infosecinstitute.com/discussion/134034/can-you-recommend-me-a-good-advanced-reverse-engineer-course Thu, 01 Nov 2018 21:14:20 +0000 Other Security Certifications algebgeo 134034@/discussions
my budget is 700$]]>
Anyone else had payment issues with eLearnSecurity (for eJPT)? https://community.infosecinstitute.com/discussion/134083/anyone-else-had-payment-issues-with-elearnsecurity-for-ejpt Wed, 07 Nov 2018 07:23:14 +0000 Other Security Certifications Cameron M 134083@/discussions
I signed up for their $400 plan for the eJPT and was really excited to get started.... but then I got an email saying that I need to send them a picture of my drivers license and a picture of the card I used to pay for it!?!? I've taken many exams, but I've NEVER had to do this before. I emailed them back saying I'm not going to do that and asked if there was any other way to verify who I am.

2 DAYS LATERthey emailed ma back saying that's their process, but as a work around if I don't want to give them that information, I need to use PayPal as my payment method. I immediately email them back and let them know that I DID use PayPal as my payment method. ANOTHER 2 DAYS LATER they emailed me back saying that they will escalate my ticket and now ANOTHER 3 DAYS LATER I still haven't received an update.

I was really excited to get started and even set aside time to start studying immediately, but I just can't win with these guys. They're so slow to respond that I swear if it wasn't for all the great reviews people have gave them on this site, I wouldn't even bother anymore. I'd love to get started and I'm in a good place to learn something new, but I don't understand what the problem is.]]>
Network+ before eJPT. https://community.infosecinstitute.com/discussion/134082/network-before-ejpt Wed, 07 Nov 2018 07:03:25 +0000 Other Security Certifications JSN 134082@/discussions
Any advice is much appreciated.]]>
Python courses/trainings for Blue teamers (DFIR/TH) https://community.infosecinstitute.com/discussion/134080/python-courses-trainings-for-blue-teamers-dfir-th Wed, 07 Nov 2018 03:59:50 +0000 Other Security Certifications u1tras 134080@/discussions Knowing one of scripting languages is necessary skill for blue teamers. The most popular is Python.
Which Python course/training can you recommend with an accent on DFIR & Threat hunting?]]>
IT Security Certification Path https://community.infosecinstitute.com/discussion/133612/it-security-certification-path Tue, 11 Sep 2018 20:09:02 +0000 Other Security Certifications JSN 133612@/discussions
This is in the particular order I'd like to pursue them.

Network+
eJPT
OSCP
[h=3][/h]
Would like some input on this track :)]]>
Help on ARES course And eCRE cert https://community.infosecinstitute.com/discussion/134042/help-on-ares-course-and-ecre-cert Fri, 02 Nov 2018 10:52:20 +0000 Other Security Certifications algebgeo 134042@/discussions
I want to take ARES course so i am asking if Did anyone take ARES course and eCRE cert? i don't care about cert value as much how much knowledge i will take from the course.

another question

Does it give the same knowledge as GREM or GREM is better?

please let me know your opinion about ARES course?]]>