Featured

eLearnSecurity ECPPTv2 review

I am writing this review to let readers know how satisfied I am to have completed the eLearnSecurity course that led me to obtain the ECPPTv2 certification.

In my opinion ECPPT is a complete course covering all the most important areas of the penetration testing. My review will not be specific, I will not list how many and which sections and how many laboratories are included in the course, this can be easily found on the eLearnSecurity website, but I will describe my impressions of the course and of the exam.

First of all I think that it is important have some basics before taking this course. I don’t think a total neophyte will be able to start from scratch with the ECPPT, understand everything and pass the exam. In my case I had already obtained the eJPT and this has been of great help to me. With this I do not mean that the eJPT is necessary to do the ECPPT, I am just saying that in my case it has helped me a lot. Said that, I now turn to my impressions of the course and the exam.

The course is really well structured and understandable, it leaves nothing to chance and it makes you understand a complex topic first explain how that branch works. For example in the section of BOFs (Buffer Overflows), before explaining how they work, it explains the fundamentals of architecture, CPU, ISA and Assembly. Subsequently it shows the functioning of some assembler debuggers and only then goes to the technical explanation of a BOF with practical examples included that you can easily reproduce on your pc. There are many labs related to the topics of the various sections of the course thanks to which you can put into practice the notions learned in the relevant chapter. I must say that not all the labs I did for the first time have managed to complete them without looking at the solution. Then, once the course was over, I started it all over again and redid the labs trying to solve them without looking at any solution. There is also an active forum, reserved for course members, in case of doubts and questions. Both eLearnSecurity instructors and other students respond in this forum. I felt really good about this too. The main things the course covers are Windows, Linux, networking, powershell, webapp, wifi, Metasploit, ruby, BOF. In each of these sections there are many other topics and various useful tools are shown. The important thing they focus on, however, is that you not only have to learn the art of hacking but also the various stages of a real professional penetration test, step by step until you get to write a real professional report for your client.

The exam, in fact, consists not only on hacking machines (it is not a capture the flag at all) but on finding all possible vulnerabilities for each victim, even the minor ones that are not needed to go ahead with the exam, and to find for each of them the solution to be proposed to the customer. During the exam I enjoyed it even if at a certain point I got stuck because I couldn’t find the right way but in the end I did it and I was very satisfied. In my opinion it is well done and fully reflects reality. I had to take several notes and make several useful screenshots to write later my report.

In conclusion, I recommend this course to all those who want to establish themselves in the world of penetration testing.

Featured

eLearnSecurity eJPT/PTS review

My first certificate is eJPT from eLearnSecurity. I got it about a year ago.

I state that i have always been fascinated by computer security and computer science in general, but being still not very practical in the field, before starting the course, i made a good  acquaintance (searching a lot on the internet) about which were the best courses to do online and which of these courses they issued a final certification.

After several researches, in the end, i focused on the eCPPT course.

I had chosen eCPPT because, as i had read in many forums, it is a course that teaches you the subject by explaining to you clearly and precisely the various steps, making you fully understand what you are doing.

Being a beginner, therefore, i decided to buy this course without wasting time with others courses that maybe took for granted a basic knowledge that i still didn’t have.  Before buying it, however, i had decided to write to eLearnSecurity to get an advice if eCPPT would have been difficult for me as a novice (and therefore if it was better to go first for eJPT) or if it could also be good for a neophyte.

They replied that it would be better to go first to eJPT and then switch to eCPPT.

Obviously this may seems like a purely marketing move, but now that i have obtained eJPT certification and i am currently studying for eCPPT i can safely say that they were right.

The eJPT course is done really well, it is easy to understand and has given me not only the basics but a really good knowledge of the foundations of penetration testing and i think that without having completed this course i would certainly have found difficulties on the eCPPT.

I had bought “Elite” version of the course and eJPT material is really well done and well organized to make you better understand the subject.

The study material is available via HTML5 or PDF files in the form of slides and there are video in which you can deepen the theory studied in the slides; finally there are a virtual labs in which you can practice what you’ve learned; you must connect via VPN (using openvpn) to connect to these labs.

You can download all course material (PDF files and videos) if you want. See the eLearnSecurity site and check the eJPT’s Syllabus to see what topic it covers.

It begins by explaining computer networks and web applications then hints at C++ and Python languages and then moves on to XSS (Cross Site Scripting) and the use of Metasploit.

Furthermore the course focuses mainly on Information Gathering/Scanning phase because, as they say, it is the most important step in a penetration test: the more data will be collected by the victim, the easier it will be to find the right attack.

Another important thing is that there is a forum dedicated to the students in which there are the instructors ready to answer to every questions about that course. I have always received answers to all my questions and other students too.

 Before taking the final exam for the certification i redid the whole course and all the labs three times, to make sure i pass it and at the end I passed it. I had a lot of fun doing the exam because I found it realistic then it satisfied me.

 The exam lasts 3 days, more than enough to finish it. You have to test a system and you must answer questions whose answers you will find going forward by hacking this system. It covers almost all the topics included in the course and if you are well prepared you can pass it in short time. I finished it in about 5 hours.   

Final impressions 

As i said eJPT is well done and i recommend it to all those who want to start taking the path of penetration testing because it gives you really well the basics knowledge from which to start to move forward and to do this job.

 It isn’t hard but it clarified me, in a very understandable way, topics that i always wanted to know how they work. Now that i’m eJPT certified, i can say that the ECPPT it’s easier for me.

Furthermore the course can easily be done by those who work, in fact i did it while i was working.

In conclusion i think that eLearnSecurity has great courses material and great instructors: i’m enjoying with them and I’m happy of my choice.

DOM XSS attack

In short, Document Object Model (DOM) is the hierarchical structure objects of an HTML document, generated by the web-browser to represent the document. The utility of DOM is to easily access the contents of the document. An example of a simple structure of a DOM is the following:

W3C defines the standards of Document Object Model. The most commonly used nodes are:

  • document_node: this is the root of the structure
  • element_node: relating to a HTML tag (e.g. <body>)
  • text_node: the text included in a node
  • comment_node: HTML comment ( <!– … –> )

Some browsers (e.g. like Firefox or Chrome) have their own tools or plugins to explore and modify DOM.

Javascript also is a tool that can access and manipulate DOM, changing HTML structure of a document.

The power of DOM-based XSS attack, therefore, is that it occurs client-side and it doesn’t involve web-server, then this type of attack is difficult to detect. It happens when a webapp includes client-side javascript that processes data in an unsafe way.

Being a client-side attack, its success depends on the browser used by the victim. Nowadays, however, almost all browsers have been updated to prevent this type of attack.

In practice, DOM-based XSS occurs when the victim opens the malicious link in which there is an argument which is executed by the script. One of the main purposes of the attack is to steal session cookies because in this case the attacker can authenticate itself as admin in the webapp.

Example of attack

In this basic example we will see how to attack a victim through an HTML static page:

http://site.com/foo.html

can pass as argument a variable in a GET request, e.g.:

http://site.com/foo.html?var=example

Attacker replaces variable “example” with his own malicious script, e.g.:

http://site.com/foo.html?var=script_malicious(code)

Then attacker sends malicious link to a victim (also performing “URL masking” for mask his code to not make it visible in the link) which opens this link with his browser.

Victim browser, after sending request to webserver via malicious link, then receive response from site.

Browser, now, builds DOM and then, when it parses HTML pages and reachs attacker’s script, runs this script.

As you can see this type of attack does not involve server.

How to avoid DOM XSS attack

The simplest method to avoid DOM-based XSS is to disable JavaScript support in the browser, so that attacks pointing to JavaScript have no effect.

In some browsers, moreover, there are special “add-on” that help us to protect ourselves from this type of attack.

Another very important thing for the defense is to never click on external and unreliable links.

whoami

I’m a penetration testing lover who is very courios on how systems work.

My credentials are EJPT and ECPPTv2 certificates from ElearnSecurity. Now I’m working on hackthebox.eu In which, to date, I gained “Guru” rank and on TryHackMe.com in which I got [0xC][GURU] rank. ​

My first computer was a Commodore Plus 4 in the 80s (when I was very young) with which, as a self-taught, I learned to use the BASIC language. Now I know Windows OS very well, I am specialized in Linux and Unix-like OS and I know Mac OS. I’m using FreeBSD, Gentoo Linux, Debian Linux, CentOS and, obviously, Kali Linux. ​

I’m able to understand and write in C, C++, Python, Perl, Php, Java, write bash-scripts and use mysql for databases queries. I also have competences in Html. I know Assembly to do BOF (Buffer OverFlows).

My intent is to learn as much as possible of all items regarding pentesting. ​

 

Design a site like this with WordPress.com
Get started