My Journey toward eCPTX

Written by on
Hello Everyone,

m0nkeyshell is back again, I hope you all are doing well !! in this crisis situation.

Stay Home Stay Safe Wear Mask.

Before going into the details I would like to mention that I failed my 1st attempt and after a week I gave my 2nd attempt and cleared the exam.

Lesson learned from my 1st attempt.

So I have taken the elite version of PTX v1 course back in November 2017. Yes you read it correct back in 2017. After my initial glance through course material  I was scared as the concept of the attack and the methodology was totally new for me. Fast forward in 2019 I did 3 certification OSCP, CRTP & CRTE. Even so I was not enough confident to do PTX but in 2020 I completed GCB labs (exam is still pending) that gave me enough confident.

When I compare PTX vs Other Course it quit different like it more of real world attack especially it includes c2, evasion and external attack and also various way of executing the payloads which I seriously loved. 

I gave my First Exam attempt on 18th July 2020 and I was able to only get  4 machines during the exam out of 7.
During my 1st attempt I did not focused on understanding the lab instead I just attack the lab here and there which made the lab very unstable and all my shell were dying this made me so frustrated.
I just over complicated the exam but exam was pretty simple and I understood that after I failed my 1st attempt.  

Lesson learned from my 2nd attempt.

So I gave my 2nd attempt on 25th July 2020 and I was able to compromise all the machines. Interestingly my exam lab did not even crash for even once in 2nd attempt as I understood how to executed code without crashing the labs. Simple Example don't run your payload directly from your previous shell instead try to execute it as a completely in a new process. So it wont kill your current / new shell if you either of your shell die's.

Exam Labs are stable, go through the course material and you will understand what I mean because their main focus is to understand how to actually attack with carefulness means when you are in the corporate environment you won't like to impact the existing services during your assessment.

Note:- Course Material are enough to pass the exam.

Below is small comparison about different courses which I have done.
All the below three course are awesome and I would recommend that if you love to do certification like me go for all

PTX v1
CRTP
CRTE
Labs are stable
Labs are stable
Labs are stable
Dimitri gave awesome support
Support is awesome
Support is awesome
External Black box attack
Assumed Breach
Assumed Breach
Focused on Linux to AD
No Linux
No Linux
Metasploit & Power empire
Mostly Powershell
Mostly Powershell
Network Segmentation
No Network Segmentation
Network Segmentation
Various evasion Techniques
No evasion apart from AMSI
No evasion apart from AMSI
Layer 2 tunneling
No layer 2 tunneling
No layer 2 tunneling
MITM
No MITM
No MITM

I would like to thanks everyone who are always there for me 🙏🙏🙏🙏

Comments

Post a Comment

Popular posts from this blog

Process Injection - Part I

Written by on
Image
Hello All, After publishing the post about Dumping Process Memory with Custom C# Code my friend Himanshu suggested me to write a tool & a blog post about Process Injection for learning and he referenced his post about Code Injection which covers the concept about the vanilla process injection technique. It was quite interesting to learn and understand the core concepts about Process Injection techniques and as a learning path to code in c# leveraging Windows API I started writing the tool for Process Injection. What is Process Injection ? Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process. Why Process Injection ?
Read more

Introduction to Callidus

Written by on
Image
Hello All, Performing Red Team assessments are becoming challenging day by day. In mature environments we see a lot of custom tool development and new techniques are getting discovered by the community to overcome various challenges. While thinking about such challenges, I came up with the idea of creating a tool that can leverage legitimate services for establishing command & control communication channel which is likely to be whitelisted or are less monitored due to the nature of services used by the corporate environments. This is not a new technique, we have already seen similar projects that were developed to leverage legitimate services for command & control. Communication channels such as Slackor for Slack C2, DaaC2 for Discord C2 or  Domain Fronting techniques etc. In this post I will introduce you to a tool called "Callidus" which I created to learn & to improve my knowledge about developing custom toolset in C# and learning how to leverage
Read more

Exploring the Dark Side of Package Files and Storage Account Abuse

Written by on
Image
 Hello All, In this blog, we dive into the dark side of package files and Storage Account abuse within the Azure Function App service. We explore how package files can be leveraged to enhance the functionality of the Functions Apps, shedding light on the potential abuse of package files. By examining the connection between the Function App and Storage Account, we uncover how attackers can abuse the Storage Account's connection string to gain unauthorized access to the Function Apps. We will provide step-by-step insights into replacing binary files and deploying custom code, enabling attackers to take control of the Function App.  The research was jointly done by  Raunak and myself . What are Function Apps? Function Apps (Lambda in AWS) are serverless computing services provided by Azure Cloud. They allow developers to build and deploy small, functions that can be triggered by events such as simple HTTP request. Function Apps provide an environment for executing our code without th
Read more