During my graduation internship at Onvio in 2021, I wondered how I could develop myself into a certified security specialist / ethical hacker. During my study I had already been busy looking at how I could do this. However, I had no idea where to start. When I mentioned this to Onvio I immediately got an enthusiastic proposal to follow a traineeship. This traineeship would train me within 9 months to be a certified security specialist / ethical hacker by following various trainings. In this blog post you will read what the traineeship entails, how I successfully completed the traineeship and why this might be an opportunity for you!

Contents

  • eJPT (eLearnSecurity Junior Penetration Tester) – 1 month
  • eWPT (eLearnSecurity Web application Penetration Tester) – 2 months
  • eWPTX (eLearnSecurity Web application Penetration Tester eXtreme) – 2 months
  • OSCP (Offensive Security Certified Professional) – 3 months

For each training, I was given a different number of days in the week to work on it. This started with a full work week and ended with 1 day a week. The purpose of this was to allow me to work alongside the trainings and prepare for full work weeks with various pentests.

I also got my own timeframe for some exams from Onvio, to let me get used to the time pressure for the OSCP exam, but also normal pentests. eLearnSecurity itself uses a pretty long timeframe per exam, so you don’t really feel any time pressure.

Training: eJPT (1 month)

I started the first training, eJPT (eLearnSecurity Junior Penetration Tester), on August 23, 2021. This training was mainly about basic principles and knowledge, think about various ways of information gathering, reconnaissance and exploitation. The training was very much in line with the cyber security specialization that I was following at my college, which made it a lot easier. I also got the whole week to do this training, which helped in the fast progress.

So, on September 8, 2021, I started the exam. This exam simulates a pentest on a company network, which you then have to answer several multiple-choice and open questions about. From eLearnSecurity you get 3 days for this exam, Onvio gave me 1 day. This was also more than sufficient, because after a few hours I had completed the exam and I was immediately notified that I had passed. I completed the training in two weeks.

Training: eWPT (2 months)

I started the second training, eWPT (eLearnSecurity Web application Penetration Tester), on September 13, 2021. This training teaches you to perform a pentest on a web application. You will learn the most common web application vulnerabilities, how they work and how to exploit them, such as SQL injections, XSS, unrestricted file upload and more. This training also partly connected to the cyber security specialization I took at my college. As a result, I quickly made some progress and it was easier to understand some of the topics. For this training I was given full time for the first two weeks and then 2 days a week.

On October 25, 2021, I started the exam. The exam is a skills-based test that requires candidates to perform a real-world web application pentesting simulation. From eLearnSecurity you get 14 days for this exam, Onvio gave me 4 days. This proved to be sufficient as well, after 3 days I had my findings complete (for my liking) and was able to draft the report in the last day, completing the exam on time. On October 28, 2021, I had handed in my report and on November 12, 2021, I was informed that I had passed. Therefore, I completed the training in six weeks.

Training: eWPTX (2 months)

I started the third training, eWPTX (eLearnSecurity Web application Penetration Tester eXtreme), on November 22, 2021. This training teaches you to perform an advanced pentest on a web application. In doing so, you will learn advanced web application vulnerabilities, how they work and how to exploit them, such as SSRF to RCE, XXE, Java Deserialization, Template Injection and more. In addition, you will learn to understand how each vulnerability is exploited and how to bypass filters. The training was really next-level compared to the eWPT training. Fortunately, I got plenty of time to complete it. For this training I was given 2 days in the week and the last week completely.

On January 11, 2022, I started the exam. The exam is a skills-based test that requires candidates to perform a real-world web application pentesting simulation. The pentest has a scope of multiple dedicated web servers. From eLearnSecurity you get 14 days for this exam, Onvio gave me 4 days.

The exam was very difficult, you have to make sure you understand how each vulnerability is exploited and also how to bypass filters. So, you can’t just fire up a tool and expect results. After 3 days I had 27 findings, 4 of which were critical, 3 high and 12 medium rated. After reviewing everything, I was able to prepare the report on the last day, which meant I finished the exam on time. On January 14, 2022, I handed in my report and on January 31, 2022, I was informed that I had passed. Therefore, I completed the training within 2 months.

Training: OSCP (~3 months)

I started the fourth and final training to complete the traineeship, OSCP (Offensive Security Certified Professional), on January 31, 2022. OSCP is very broad and teaches in-depth knowledge about a very wide spectrum of attack surfaces, such as Active Directory, Buffer Overflows, Client-Side Attacks and more. For this training, I was given 1 day a week and the first and last week in full. In addition to these days, I spent almost every day in the labs practicing. This eventually resulted in pwning 50 of the 73 lab machines (including Dev, IT, Admin networks).

For the OSCP exam, you get 24 hours to hack as many machines as possible and then 24 hours to deliver the report. Previously, the exam consisted of 5 standalone machines, including 1 buffer overflow (25 points), 1 hard machine (25 points), 2 medium machines (both 20 points) and 1 easy machine (10 points). However, in 2022, the exam structure of the OSCP exam changed. The exam now consists of an Active Directory set (1 domain controller and 2 client machines) of 40 points – which you must fully exploit otherwise you will not receive any points – and additionally of 3 standalones, where you can obtain a maximum of 20 points per machine. To pass you need a minimum of 70 points, which would mean that I had to take at least the Active Directory set, 1 full machine and 1 machine partially.

On May 5, 2022 at 07:00 I started the exam. I started with the Active Directory set, which, despite my strong preparation, I still spent a lot of time on. A lot of time went into upgrading the local user to a local admin / domain user. Looking back, this was fairly simple, but I didn’t see it that quickly during the exam and was thinking too hard. From the domain user it was all pretty obvious and in no time I was domain admin and able to take over the DC. Once I finished the Active Directory set I started the first standalone. After some enumeration I saw pretty quickly how to handle this machine and within an hour I rooted it.

60 points, only 10 more points and I had passed. The second standalone I started with enumeration on the default ports, after which I soon gained access to the machine’s C:\ drive. From here, I started looking for “secrets” in order to create a possible entrance for myself. Eventually, I found some keys that allowed me to get on the machine and obtain the required 10 points. At this point I basically had enough points to succeed, but I still wanted to try to take over the machine completely. The privilege escalation on this machine turned out to be possible in the same way as within the Active Directory set, after which I soon had completely taken over the machine and gained the maximum points.

After 12 hours I finished the exam and immediately went to write the report. After all, I wasn’t tired yet and was eager to complete it. I documented everything during my exam, so I finished the report within 3 hours. At 22:00 I handed in my report and the next day (May 6, 2022) I was informed that I had passed. With the completion of this training, I finished my traineeship successfully.

Opportunities within Onvio

I am very grateful to Onvio for the opportunity they presented to me. The traineeship they offered me was the perfect training to become a Security Specialist / Ethical Hacker and exactly what I was looking for. Have you recently graduated or do you have the ambition to become a Security Specialist / Ethical Hacker? Then this is the perfect opportunity for you!

Contact us to discuss all possibilities regarding traineeships!