Status: Complete. NOTE: I ended up not finishing this review. It stops at the midway point. Sorry about that. While the course I did felt outdated, eLearnSecurity has since updating their courses. Should I take anything from them in the future, I'll do a complete review.
Last update:Completion notice.
Format: [Intro], [Initial Impressions], [Midway Thoughts], [Certification], [Completed: Overall Review]
Notice: As per usual, I’ll update this article as I go through the course.
Company site: eLearnSecurity.com
Course Introduction & Setup
Last month I completed Penetration Testing Student v3 from eLearnSecurity and passed the certification exam (read: PTSv3 Course Review ). Since I enjoyed their course so much, I thought it only fitting to take the next step: Penetration Testing Professional.
While, the professional course promises to be more comprehensive (and costs more). For this review, I bought their top package (ELITE), which grants me 120 lab hours, no time limit for taking exam and a complete section about Metasploit (Ruby). Additionally, as an Elite member, I can download the slides and videos, which is important to me (more in a minute).
I want to quickly point out that as of this writing eLearnSecurity allows people to pay for this course in monthly payments (4 payments) if desired.
Penetration Testing Professional is broken down into the following sections:
- Web App Security
- System Security
- Network Security
- Ruby & Metasploit *(if you’re an Elite member)
- WiFi Security
- References, Videos and Labs
Just to give you an example, System Security has sections for cryptography, password cracking, buffer overflow, shellcoding, malware, and rootkit coding.
For me, the extra bump in price ($200 at the time of this writing) from Full to Elite was more than worth it. Why?
- Double the lab hours, from 60 to 120. I love lab time and I wanted to make sure I had enough hours. I do have a feeling that 60 is more than enough, but having 60 bonus hours for giggles is nice.
- Downloadable slides in PDF form. I’m really not a fan of them using Flash to deliver the training slides. For starters, I’m on Linux without Flash, so this creates immediate problems. For the PTSv3 course I took, I was forced to install it. Thankfully, I can just get the PDFs now.
- Ruby for Pentesters + Metasploit. This one was the seller for me. Recently I dove into Ruby and love it. I’ll all for more Ruby training and Metasploiot training. This section has 10 modules plus labs & scripts.
Ok, I’m pumped up and ready to take this course, so let’s jump into my initial reactions.
As I write this I’ve completed a few sections in the Web App Security space.
Overall, I’m liking what I’m seeing. The upcoming content looks to cover a wide range of topics and there are many labs and videos.
The course is setup like the PTSv3 (read that review for more info).
If I have one gripe, it’s that some of the tool information is out of date. The core of what they are teaching is valid, but some of the references are bad.
For example, in the Vulnerability Assessment section they devote a whole section talking about how to use Nikto. The problem is that this script hasn’t been updated in ages and the DB it uses is now gone. So this whole section is pointless.
While this isn’t a show stopper (since you are taught the fundamentals and it’s just the tooling you must work around), it is frustrating for someone who is short on time.
I was also a little beside myself when they were showing how to do an information gathering task with a Windows program. This is just my own personal view though. I don’t like using Windows at all.
But I don’t want to harp on that point because it’s a personal issue. Also it is up to you and me to figure out what tools will be best suited to our own needs, so something such as the two issues above are really not major. And given how fast tech moves, it’s to be expected.
In closing, my initial reactions for this course are generally positive. I’m really excited to work my way through it. There seems to be a wealth of information to be had and my guess is it will take me months (given my schedule) to work through it all.
Expect the next update for this review toward the end of June. Right now I’m 50% done with Web App Security and I’m planning on writing this section when I finish (or come close) System Security, which is the next main section.