Get Even More Visitors To Your Blog, Upgrade To A Business Listing >>

ECSA review

I started ECSAv9 recently. Had initially signed up for another course but switched to ECSA due to course availability issues, so here is a short review.

v9 course includes lectures, hands-on lab and what EC-C calls Pen Test Challenge.
There are no printed books unlike GIAC SANS; you are given DRM protected PDF course materials.
Neither are you given VMware images for labs. Both the labs and challenges are conducted in their iLabs environment which is accessible from internet, so you can do it during class or at home. You are given 30 days to complete the labs and challenges.

The trainer will start a lecture module, you do the corresponding labs if any and start on day's challenge at the end of the day. Labs manual have step-by-step instructions with screenshots. You get to install and use tools such as Nessus, OpenVAS, ZenMap, Metasploit, sqlmap and a couple of other tools. You do get to use Metasploit a fair bit to run the exploits and get meterpreter shells.

The challenges do make the course interesting. On Day 1, you need to do host discovery and scanning of and networks. Day 2 to 4 challenges require you to compromise specific windows and Linux servers and get hashes of specified files among other tasks. There are 10 servers to compromise. EC-C provides 4 VMs for your pen testing: Windows 2012, Windows 8, Kali and Kali rolling. The VMs do not have internet connectivity and you are unable to transfer files in and out of them. They do mount an ISO of different Windows tools for you to install and use.

Different points are assigned to each challenge and the final report is 14 points; you need 70 out of 100 points to pass. I have already completed the challenges and is putting finishing touches to the report. You need to upload pen test report to EC-C within 60 days. EC-C did provide a "sample" report template to help with the documentation. Once the report is marked and a passing mark is achieved, you are then allowed to take the MCQ exam.

I find some of ECSAv9 challenges interesting and enjoyable. I was using the newer Kali rolling VM most of the time as I am comfortable with Linux, but had to switch to older Kali VM at times as some programs only work in older Kali VM. I used Windows Server VM once to run a Windows tool. You get to compromise different types of systems and applications including Linux, Windows, databases, web applications and CMS.

I know ECSA is not that well recognised, but this was a good learning experience. Let me know if you have any questions.
Now back to work and eCPPT study. :D

This post first appeared on Recent Blogs Posts - IT Certificatio, please read the originial post: here

Share the post

ECSA review


Subscribe to Recent Blogs Posts - It Certificatio

Get updates delivered right to your inbox!

Thank you for your subscription