eLearnSecurity Junior Penetration Tester (eJPTv1)
eLearnSecurity Junior Penetration Tester (eJPTv1)
Difficulty: Easy
Pricing: $400.00
Course Content
In order to pass this exam I took the ‘Penetration Testing Student’-learning path on ine.com. The path is structured to cover 4 tracks:
- Prerequisites
- Preliminary Skills & Programming
- Penetration Testing Basics
- eJPT Exam Preparation
I was mainly focused on the 3rd one, as the other skills seemed a bit too basic for me. The course material is giving you a very high-level overview of the different techniques related to penetration testing, like
- Fingerprinting
- Network enumeration
- Vulnerability scanning
- Web-enumeration & exploitation
- Metasploit
- Basic Wireshark and/or reading a PCAP file
- Etc.
Throughout the material, there are 3 Black-box Penetration tests, and I recommend doing these before attempting the exam.
Exam
The exam experience was super fun and actually easier than I expected it to be. You get to explore various techniques to exploit the network, and it’s ideal to learn about pivoting, as the course material does not cover that.
The time frame for the exam is 3 days, and you access the exam through snaplabs, where you will get your course materials and an OpenVPN file.
The exam is a multiple-choice test of 20 questions, and you will have to use your hands-on activities to cover the questions.
I actually managed to crash one of the servers that I was trying to exploit, and while doing that I didn’t realize that I actually crashed it. So I wasted many hours trying to exploit it in various ways before actually restarting the lab, and then my first exploit worked - yay…
I think I spent a total of 4 hours on the exam, and after that, I was confident that I had enough correct answers to pass the exam.
Overall Conclusion
I think this is a very nice entry certification for people entering penetration testing, as you will get hands-on experience with a variety of tools and techniques that are often used in real-life engagements. However, if you are more experienced, I would rather suggest going for the CRTO, as this is more focused on exploiting Microsoft Enterprise environments, which is very typical to see on a pentest.
