I recently completed the eLearnSecurity Exploit Development Student (XDS) course and sat the corresponding exam, eCXD (eLearnSecurity Certified Exploit Developer), from Feb 3rd to Feb 7th of this year (2021). So here are my reviews for both the course and the exam! Exam tips are at the bottom.
Overall Course Review
I really enjoyed the course, especially the fact that the course includes topics in both Windows and Linux exploit development.
And it did give me enough theory and practice that I’m now able to independently develop exploits for a lot of vulerabilites that this course introduced me to. It’s such a great feeling when you’re able to pull random vulnerable software off Exploit DB and create your own custom exploit for it.
However, there are a lot of modules that are just a shorter rewrite of blog posts already freely available online (and the modules themselves acknowledged this fact too)!
What’s worse, sometimes (for example, in the Universal Shellcode module) the slides omit crucial explanations that the original blog post contains. The original blog post even offers cool animations and syntax-highlighted code that you can actually copy/paste (unlike the course slides). Kinda makes you wonder why they didn’t just link to the blog post and call it a day.
Also, I emailed INE support because of a lab issue that prevented me from completing it and still have not received any response (it’s been over one month as of writing). For the $1999 they’re charging, I wasn’t expecting this lack of support.
That said, I wholeheartedly agree with a comment I saw in the eLearnSecurity forums that says roughly the following: the true value of their courses lies in their convenient organization and collection of material and labs, affording you a much faster and easier learning experience than you otherwise would have learning and practicing on your own.
When I was just starting out, it’d take a lot of effort to gather a list of all the relevant topics and exploit techniques in one place, let alone set up labs yourself for every new thing that you’re learning.
So I’d still recommend this course to anyone interested in exploit development. Just remember that if you ever feel confused after studying a module, the references they link to can probably clear a few things up and might be of better educative quality.
Overall Exam Review
You have three days to complete a number of exploit development challenges (they’re all worth different percentages of your grade) and two days to produce a writeup for submission.
In preparation for the exam, I had reviewed and completed all course materials and labs twice (except for that lab I had issues with). I have to concur with every eCXD review I’ve seen so far that the exam is fairly challenging. There were plenty of new challenges in the exam that I hadn’t faced in the labs.
On Day One, I decided to go for the Linux ones first because I’m more comfortable with Linux and gdb. That turned out to be the right decision, as I was much slower on Windows because I’m forced to use graphical tools. If I had started on Windows first, my morale might not have been as high.
On Day Two, I finished all the challenges very late into the night. Yay!
On Day Three, I checked to make sure that I had all the necessary screenshots and details, and I finished my report. I used Typora and some custom theming to produce a PDF deliverable from my Markdown report.
And I just relaxed and worked on some side projects in the last two remaining days of the exam.
Tips for the exam
- Have all your favourite tools ready to go. You don’t want to be installing PEDA or pwntools on the day of your exam.
- Have all your virtual machines ready too, in case you want to test the exploit on your local machines.
- In addition to the labs, make sure you practice with outside materials too. I completed ROP Emporium, a few Pwnable.tw challenges, and practised with existing exploits on ExploitDB, and I found this extra practice immensely helpful.
- If your ROP is not working for some reason, be sure to check out the relevant documentation for whatever system or library calls you’re making. This syscall table is extremely useful (and aesthetically pleasing).
- For Linux, read the relevant man pages. For Windows, Microsoft actually offers pretty nice documentation for its APIs here.
- Remember to take screenshots along the way to document your process.
- Do take breaks! Don’t burn out early in the day.
Five days after submitting my report, I received the fateful email titled “You are now an eCXD”! I’ll be studying and taking the eLearnSecurity Web Application Penetration Tester Extreme certification next!