I passed the eCPPTv2 Test

I received the pass email for the eCPPTv2 test last week, just a day after submitting my report. I dedicated all 14 days to working on the test, mainly during weekends and after work hours. However, I encountered some difficulties with my Kali virtual machine and ended up performing a full upgrade during the test, which is not for the faint of heart. Writing the report proved to be the most demanding part for me, as I hadn’t previously worked on such an extensive report. My final report ended up being 85 pages long, and I had to make adjustments to ensure it was below the 10MB upload limit. Since there are many reviews available, I won’t delve into that. Instead, I will share what I believe test-takers should focus on the most.

1. Know Metasploit inside and out as well as how to pivot with Metasploit and ProxyChains. Knowing how to pivot with Chisel, Socat and other tools is also helpful.
2. You can use every tool on this exam so use them to your advantage. This is a penetration test and not a capture the flag event, so you want to find as many vulnerabilities as possible.
3. If a payload is not working stop and think why. Do not just go into “Captain throw a shell” mode.
4. Understand how to do a simple buffer overflow exploit and have a template already created for the test. I used a Windows 10 machine with Immunity Debugger already installed.
5. Research report writing techniques if you haven’t written one before taking the test. I wish I had practiced writing a sample report beforehand.
6. Take a lot of screenshots during testing. This is not hard for me as I have always documented everything while doing practice machines in OneNote.
7. Spend a lot of time on your report and make sure everything is correct. At first, I did not like doing the report. But after completing the report it gave me a fresh look on doing one. Reading through it made me proud, as it represented a timeline of the vulnerabilities I had identified and exploited.

Now that I have finally completed the test, I plan to take a couple of weeks off to participate in the Hack The Box – Cyber Apocalypse CTF 2022, which is taking place this upcoming weekend.