eCPPTv2 Study Journal: Days Two & Three

NB. This article is part of a series of articles I’m writing in an effort to fully document my journey to becoming a certified, professional pentester. Find the other articles on my profile.

Day Two

Is it day two already? It seems only yesterday that I started. I mean, it was yesterday. So today is day two. Welcome! Here’s what we learned:

We’re going to need to spend a lot of time studying the reversing sections, they’re the one thing I have no skills in yet. I’m starting to understand it more so tomorrow I’ll try my hand at actually looking at some ASM on my Kali box and see if I can make more sense of it in a practical environment.

OSINT was a really fun chapter. Nothing new except for a few tools, so I’m confident I’ll remember that and I can move on to practicing it a little in the lab, and on my own company.

Domain and IP scanning is something I’m already somewhat familiar with but it was good to get a grasp of which tools help us achieve actual results, and why we even need this information.

Day Three

Day three was my favorite day so far because I feel I actually achieved something. Here’s what we learned:

The Buffer Overflow module significantly improved my understanding of ASM and why it’s relevant. This is the first time since I started even looking at learning this stuff that I feel I have a decent understanding of how Buffer Overflow Exploits work, how they’re performed, and why they’re useful. I think I’ll train a couple of easy BOF boxes on TryHackMe and maybe HackTheBox to get some practice.

It might be useful to run a Windows VM box on my Kali machine since most of the reversing instructions are done using Immunity Debugger, on windows executables. I’m sure I could find a way to use a Linux based debugger, but I’d prefer to stick with the course instructions for now and branch out on my own later.

This studying thing is really fun but it also requires a lot of focus, which I struggle with most of the time. For now, I’m doing well and I hope I can keep this train going. I have to finish the BOF and shellcode modules first, and then move on to the topics I’m already somewhat familiar with.

I’m going to spread out these journal entries a little more because they actually take a decent amount of time to write and I need that time to relax. I’m still working while studying so I need enough relaxation.