EC-Council Brings A New Range Of Real World Challenges

December 6, 2017 Josh Tomkiel

EC-Council brings a new range of real world challenges that will not only test your Pen-testing skills but guarantees you an experience that is not built for the weak hearted.

The LPT (Master) is different than any other certification on the market today.  As a candidate, you are given access to a Kali Linux instance, provided a scope, and tasked with completing 3 challenges.  You have 6 hours to complete at least 1 of the 3 challenges to be allowed to advance to the next level (3 levels in total).  Out of the 9 total challenges (3 on each level) you need to complete at least 5 to pass.  The entire time you will be monitored through your webcam by a proctor to verify that you are the individual compromising the hosts with no outside assistance.  Finally, you will need to create a report documenting your steps taken to exploit each host.

Passing the LPT (Master) establishes that you have sufficient depth with Kali Linux and know how to use the various tools available within the distribution to enumerate hosts, identify misconfigurations and vulnerabilities, as well as how to exploit them.  The techniques required to pass the challenges within each of the levels are the same that our teams use every day when performing a network or web application pen test.  This also means that you need experience to pass this exam.

My favorite part of the exam was level 3.

Read more:

About the Author

Josh Tomkiel

Josh Tomkiel is a Senior Manager and Penetration Tester based in Philadelphia, PA with over 10 years of experience within the Information Technology field. Josh has a deep background in all facets of penetration testing and works closely with Schellman's other service lines to ensure penetration testing requirements are met. Additionally, Josh leads the Schellman's Red Team service offering, which provides an in-depth security assessment focusing on different tactics, techniques, and procedures (TTPs) for clients with mature security programs.

More Content by Josh Tomkiel
Previous Video
Cloud Apps - Penetration Testing for Providers  and Customers
Cloud Apps - Penetration Testing for Providers and Customers

Please, join Matt Wilgus and Josh Tomkiel from Schellman's Threat and Vulnerability Assessment team, as the...

Next Article
Clarifying the FedRAMP Penetration Test Requirements
Clarifying the FedRAMP Penetration Test Requirements

As a Third Party Assessment Organization (3PAO), Schellman regularly conducts FedRAMP assessment...