Certified Professional Penetration Tester (eCPPTv3)

Exam Structure & Logistics

• 24-hour marathon: 45 questions split between MCQs and hands-on challenges.

• Instant Gratification: Immediate pass/fail verdict after submission (no agonizing wait, at least).

• Browser-accessed Kali machine. Worked surprisingly well, though it disconnected briefly a few times.

• Progress saves if you close/reopen the tab, but stopping the lab resets everything.

• No internet access: Forget apt-get install your_favorite_tool. You’ll be copy-pasting scripts like a medieval scribe.

• Scattered questions: Questions for the same machine are spread out like breadcrumbs (Q1, Q30, Q45…). I suggest reading all the questions before proceeding, at least, that's what I did.

• One Dynamic flag: Once submitted, you can't resubmit or edit the flag, as it changes with each lab restart. Other than that, you can freely re-edit answers and navigate through the questions.

Preparation: How I (Barely) Survived

• I skipped the INE material for preparation. Instead, I followed the Certified Penetration Testing Specialist (CPTS) path from HackTheBox, completing over 50 boxes/labs from Proving Grounds and HackTheBox. This gave me enough confidence to just skim the slides and labs before diving in. Here are the HTB Academy modules that aligned with the test:

  • Network Enumeration with Nmap

  • Using the Metasploit Framework

  • Password Attacks

  • Login Brute Forcing

  • Active Directory Enumeration & Attacks

  • Linux Privilege Escalation

  • Windows Privilege Escalation

• For privilege escalation, I relied on Tib3rius’s course, which was just excellent.

• Here’s a rundown of the tools I used during the exam:

  • nmap

  • Hydra

  • WpScan

  • impacket-GetNPUsers

  • crackmapexec

  • Bloodhound

  • impacket-GetADUsers

  • impacket-psexec

  • impacket-wmiexec

• These tools were critical for enumeration, exploitation, and navigating the exam’s challenges.

The Ride

• I started the exam sleep-deprived at midday. Don’t follow my lead. By hour 15, I submitted my answers half-conscious, with a few questions left unanswered, my eyes wouldn’t stay open, and my head kept dropping onto the keyboard.

• The questions were divided equally between Active Directory, Linux, and general topics (some felt like they escaped a CompTIA exam, "Just Google it", without any real connection to the test's context).

• Non-sequential question arrangement: Questions related to the same machine were scattered (Q1, Q30, Q45…).

• Two terminals available: Do not use Lxterminal; instead, use QTerminal, which offers better color support and readability.

• Difficulty level: The Linux questions were similar to medium-rated HackTheBox boxes. I couldn’t complete all the AD questions, so I can’t fully assess that section. However, the ones I attempted were simple and straightforward.

• Question Wording and Brute-Forcing: The wording often drops hints. For example, a question like, "Which account was exposed using technique X?" tells you to use technique X. Also, brute-forcing was everywhere, I had to crack something at nearly every turn, making it a recurring theme.

Struggles

• Limited tools: The attack machine lacks some of the tools I usually rely on, as using our own machine isn't allowed.

• No internet access: Downloading additional tools isn’t possible, you’re stuck with copy-pasting simple scripts.

• Alternative exploits led to dead ends: Sometimes, I exploited a machine through a different vector, but then I couldn't answer the specific question being asked.

Advice for Future Test-Takers

• Study Active Directory Well: Active Directory is a big deal in this exam. Make sure you understand how it works, how to navigate it, and how to exploit it. It’s not just a buzzword, it’s a core skill here.

• Be Fluent with Searchsploit: You’ll need to quickly find exploits, and searchsploit is your go-to tool. Practice using it until it’s second nature.

• Privilege Escalation Techniques: Get comfortable with privilege escalation, knowing how to move from a low-privilege user to owning the system is key. Tib3rius is the OG here; their course is a fantastic resource, so check it out.

• Bruteforcing Is Your Friend: Don’t hesitate to lean on bruteforcing when needed. It can open doors (sometimes literally) during the exam.

Final Thoughts

• The videos and slides I skimmed were meh, but I didn’t dive deep, so take that with a grain of salt. I took the eCPPT certificate mainly for the magic CV letters.

• This exam feels like a middle child: practical enough, but outshined by competitors. The autograded format skips real-world reporting skills, OSCP boasts more recognition, and CPTS offers a tougher, richer learning experience. It’s a solid test, but it’s not the star of the show.

eCPPTv3 Badge