For all those people who are wondering about: “eWPT or eWPTX?”
What does Google say? Link to heading
Nothing that helped me at all. I must say that on eWPT certification there are a lot of reviews out there, whereas on eWPTX not so many (I’m talking about version 2). However, trying to analyze the problem from an objective point of view, it turns out that eWPTX wins. Furthermore, there is a big thing to consider, the syllabus of the new version of eWPTX (the v2), has six modules (10-15) more than the old one (eWPTXv1) which undoubtedly has raised the level, in terms of validity, of the contents and certification itself. Sure they might sound difficult but they are as difficult as they are important to a Pentester.
Exam Preparation Link to heading
Well, I will not talk about the course of this certification because I didn’t buy any of the bundles offered by eLearnSecurity. What about the study? I spent three months on PentesterLab PRO and I did as many exercises as possible related to the exam topics.
Few exercises from PentesterLab (https://pentesterlab.com/)
But now, let’s talk about the exam.
The Exam Link to heading
I started the exam on 9 August. The first two days went great, but then I got stuck for almost three days; I found the problem, then I continued but still with difficulty. On the last day left (at 04.00 am), before the end of the time lab (at 10.00 am), I reached an important objective so, I spent the last hours reviewing all the evidence and collecting the missing ones. In the following days, I sent the report.
Result? Fail!
Honestly, I expected this result.
The certification requires mandatory objectives to be achieved, I got some of those requirements of course, but apparently still not enough to pass the exam. I was missing something.
However, 22 days after the submission I received the feedback. You face retake with less anxiety, you already know the environment, you just have to go deep and try to solve what you left at the first attempt to complete all the objectives.
After two days of the retake exam, I had everything I needed. On the fourth day, I spent it testing all the vulnerabilities again and developing exploits as automated as possible, to provide them as an attachment to the PoC reported. After a few hours from the report submission I got this:
Conclusions Link to heading
As often happens, there are pros and cons.
| Pros | Cons |
|---|---|
| You learn a lot during the exam itself. | Despite what is said, there are some extremely CTF-like steps |
| The time available is a lot (if you take days off - mandatory) | Often you don’t understand if everything is working as it should or if the lab is having some kind of problems |
To conclude, I can say that, despite everything, it was a difficult but profitable experience. This certification, like many other hands-on certifications, is extremely useful because they push you to go beyond your possibilities and the limits imposed by yourself.
If you’re a “lazy” pentester guy/girl, you can’t afford it here. There is a need to write a bit of code.