Wow. Where do I even begin? I knew about TheCyberMentor (TCM) when he was still involved with VetSec. He started VetSec and eventually moved on to do bigger and better things. I purchased his Practical Ethical Hacker (PEH) course on Udemy when it was initially released. I finally had time to go through it.

This course was absolutely amazing. It covered the basics and then built upon those with beginner and intermediate level topics and techniques. TCM is a fabulous instructor. He is coherent, knowledgeable, and really breaks down topics in an easily digestible format so anyone can understand them.

Highlights

This course is ~23 hours or so and covers a number of topics, but there are a few things that I found especially interesting that I wanted to highlight.

Note-keeping

Right from the beginning, TCM covers note-keeping and why it is important to do so. Not many courses cover this and if they do, it isn’t done well. TCM covers what he uses to take notes and how to install all of it.

Intro to Python

Granted, this isn’t a in-depth programming/scripting course, but TCM does a wonderful job of covering Python and why it is important to pentesting/security. He teaches by building upon a script and going through each step in the process. This is a great way to learn and helps drive home the importance of building a foundation of knowledge.

Information Gathering

The amount of stress TCM puts on information gathering is great to see. Time and time again he says how important it is to gather as much information on the target(s) as possible. It can’t be overstated why this is extremely important and catches a lot of people off guard when they are first getting into pentesting.

Mid-course Capstone

I was not expecting this at all in this course, especially not halfway through. TCM does a walkthrough of various HackTheBox machines that test your problem solving and ingenuity while still being at a beginner level. This was an excellent way to learn the thought process and mindset that is needed to analyze a target server. I know that these are CTFs and aren’t realistic, but getting that process down is super important if you want to be successful in pentesting. If you really want to learn, try the box before watching TCM’s walkthrough. It not only builds confidence in yourself, but points out the areas you need to improve on.

Active Directory

The amount of Active Directory (AD) material in this course is staggering. There are some courses that go through AD testing, but many of them are disjointed and all over the place. TCM organizes the topic in an easily digestible format that creates an excellent environment to learn. Also, the AD lab build is great even after the course is over!

Report Writing

This is the part of the pentesting job that no one really emphasizes, but is the only part that is consistent across the field. TCM provides a sample report and goes through an actual report that was done for a client (sanitized of course). I found this piece the most interesting, since I have never completed an entire pentest report before.

Final Thoughts

This course is extremely well done. It is also reasonably priced! I’m sorry for repeating myself, but TCM is a fabulous instructor. He is engaging, knowledgeable, and really wants his students to learn his material. He wants feedback on the course and has a great community and Discord that is willing to help anyone that either doesn’t understand the material or is having technical issues.

References

Practical Ethical Hacker Course | Heath “TheCyberMentor” Adams | HackTheBox | TCM Discord

If you are a Veteran, consider joining VetSec.