Published on

eJPT

Authors

Introduction

When I first heard about the eJPT, I was doing research on the OSCP and came across it. Other people in the community recommended the eJPT as a stepping stone towards harder certificates like the OSCP. After reading different blog posts and talking to some experts in the cyber security field, I decided to take it.

The main reason I wanted to take this exam was to get some extra points on my resume. I also feel like I gained some confidence to take harder penetration testing exams after completing this one.

Enough about why I decided to take the eJPT, let's talk about how I passed my eJPT in under 2 weeks.

Main Resource

https://my.ine.com/

INE Security has a Cyber Security Learning Path for any Penetration Testing Student. It prepares you for the eJPT, requries about 38h 13m of effort and has 3 black box practice pentests. Best tip: TAKE NOTES. For every slide, I would note down information about what I am either reviewing or learning about. Notes are essential because this test is open notebook obviously.

First Module: Penetration Testing Prerequisites

In this module, it is very network heavy. You go over wireshark, traffic sniffing, the OSI model, routing, protocols, etc. You get the idea. This entire section took me about 4-5 days to complete, doing a handful of hours daily. I really recommend making sure you understand the content here because a big part of the eJPT is understanding networking. The labs in this section are very well written and very good to complete.

Second Module: Penetration Testing: Preliminary Skills & Programming

Personally, I very vaguely looked over this section. A friend of mine told me that this section is pretty much completely useless to the eJPT, and after completing the exam, I can agree. Sure, there is great info in here for learning or reviewing programming, but none of it is used in the exam. So save yourself some time if you are studying directly and only for the eJPT and skip this part.

Third Module: Penetration Testing Basics

The last module is just as important as the first; very important. Everything in the foundation of penetration testing whether its something as simple as an nmap scan, to exploiting a web application, is in this module. I recommend taking extensive notes on this part as well, just like I said to in the first module. This section took me a couple days longer than the first module just because of the labs. The labs were really good experience for the eJPT and I felt like I was able to bring over some of the things I did to exploit the black box machines, into the exam.

Taking the actual exam

Let's get to the juicy part. When I felt like I was ready to take this exam, I had a lot of anxiety to hit the start button. Sitting there with my VM open, tools in my toolbox, I was ready. I don't want to go too deep into what exactly happened, but it took me a rough estimate of 8 hours to complete the exam. Best tip I can give: TAKE NOTES. Just like conducting any other penetration test, having notes to look back on is essential. Many times I had to retrace my footsteps, and having those notes helped me tremendously. It was defintely a rollercoaster of emotions, from being super excited when knowing I answered a question correctly- to sitting there slumped in my chair stairing at my terminal.

Conclusion

Overall, the exam was a fun learning experience and I'm really happy I took it, especially since I passed! I feel like it really gave me some experience on how other certificate exams are going to be when I take them in the future. This is my first certificate in the cyber security realm and I plan to get many more, especially in the penetration testing area. Thank you for reading my blog post, and I hope I was able to shine some light to my fellow hackers.

  • Additional resources *