Thoughts on eJPT Certification

I completed the eJPTv2 certification last October during my fall study break. I started preparing in July, and was able to complete the certification exam in around 8 hours. Today, I will share with you some of my experience preparing and completing this certification.

What is eJPT?

From INE security, the company behind this certification: “eJPT is a hands-on, entry-level Red Team certification that simulates skills utilized during real-world engagements. eJPT is a hands-on, entry-level Red Team certification that simulates skills utilized during real-world engagements.”

The exam it self “is for entry-level Penetration testers that validates that the individual has the knowledge, skills, and abilities required to fulfill a role as a junior penetration tester”. So this is a beginner-level pentesting certification. It teaches you the foundamentals of the penetration testing life cycle as well as simple techniques for beginners.

Here is a more comprehensive list of topics covered by the certification.

• Information Gathering
• Enumeration (Port Scan w/ Nmap)
• Vulnerability Assessment (Nessus Scanner)
• Exploitation (Metasploit & Manual Exploitation with Exploitdb scripts)
• Wireshark traffic sniffing
• Post-Exploitation (Privilege Escalation, File transfers, Establishing Persistence & Cleaning up)
• Web-app Pentesting

The cost of the exam voucher itself is only $249. This is no chump change, but comparing to some of the prices of the other more advanced exams like CEH or OSCP, it is a drop in the ocean. For $50 more, you get one year of subscription that will give you access to the training material provided by INE, which is 156h 17m in length. It also include access to their labs that will allow you to practice what you learned during the videos. I personally chose the $299 option since I had little experience with pentesting at the time. If you feel like you have done a lot of HackTheBox or TryHackMe Challenges and is confident with your ability as a entry-level pentester, feel free to purchase only the exam voucher without the training.

The exam itself is 48 hours in length. However, you can definitely complete it within less of that time. You can feel free to take naps and comfortably during the exam. You will be given a network of machines that simulates the network of a company to hack into. The exam itself is around 30 multiple choice questions regarding to the information you can obtain by hacking into these machines. They will ask questions like “Who’s the employee of the month?” or “what’s the content of the root flag?”. Like I said in the beginning, I was able to comfortably complete the exam in 8 hours, with a nap of 2hrs and eating dinner taken into account.

Is it Worth it?

Taking into account the price and the prep time, I would say this is not a bad deal if you want a more systematic way of learning the fundamentals of penetration testing and getting started with the offensive side of cybersecurity. Like I said before, it will teach you the overall principle of the penetration testing life cycle, which is something that will not change as one continue to learn more advanced techniques against more advanced networks and defenses.

Personally, I really appreciated being able to learning about the penetration testing methodology. Before, I had no clue about where to start when it comes hacking into a computer system in the various TryHackMe challenges in the past. Now, I have a more systematic way to go about this, which made me more willing to give them a shot. Therefore, in a way, the eJPT certification accelerated my interest in offensive cybersecurity.

With that being said, this is definitely not the only way to get into pentesting. There are also less costly options available, like THM or HTB. There are also tons of videos available on YouTube. I found eJPT worked the best for myself. Plus, it is also a way to certify the skills you have learned so that you can show it to your potential employers.

Tips for Successfully Prepare for eJPT

My biggest tip would be to complete the videos and labs. While watching the videos, I would take notes, oldschool style with a pen and a notebook, while at the time try to replicate the instructions in the video on the lab section attached. Going through all of the 156 hours of video and labs would be time consuming, but I felt it was worth it in the end.

There are a couple of labs that stands out from the rest in the Exploitation portion of the training. Those are the Windows Black Box Penetration Test and Linux Black Box Penetration Test labs. These labs are actually meant to be completed independently, and then the student should watch the subsequent videos to see the solution as well as alternative ways to exploit. If you still feel anxious about your pentesting skills after going through all of the training, I highly suggest recompleting these two labs to check where you are lacking, as well as a confidence boost in general.

Conclusion

eJPT is a good beginner-level pentesting certification that aims at getting you started in the field. It teaches you the very important foundamentals of penetration testing as well as simple exploitation techniques that allows you to get started. I hope you guys find this article helpful if you are on the fence about getting this certification.