eJPTv2 : All You Need To Know
The eLearnSecurity Junior Penetration Tester (eJPT) is a certification issued by INE that validates that an individual has the knowledge and skills needed to fulfill a role as an entry-level penetration tester.
It covers essential penetration testing skills and concepts, including assessment methodologies and enterprise auditing with host, network and web application penetration testing.
Things You Should Know Before Taking The Exam
The exam consists of 35 questions with a passing score of 70%.
You have 48 hours to complete it.
It costs $250 for 3 months of subscription with one voucher.
Moreover, it covers four sections namely :
✦ Assessment Methodologies (Minimum score: 90%)
✦ Host and Network Pentesting (Minimum score: 70%)
✦ Web Application Pentesting (Minimum score: 60%)
✦ Host & Network Auditing (Minimum score: 80%)
To pass the exam, you must receive an overall exam score of at least 70% and must score the minimum score for each section mentioned above.
Penetration Testing Student (PTS) Learning Path
The Penetration Testing Student Learning Path covers prerequisite topics introducing you to pentesting, information security, and programming.
It is composed of 12 courses divided into 4 sections.
Section 1 (Assessment Methodologies — 24h5m)
In this section, you will learn :
- How to perform passive information gathering by using various tools such as netcraft, wafw00f, theharvester.
- How to perform active information gathering (dnsenum, dig, fierce, nmap, etc.)
- How to perform vulnerability assessment.
Section 2 (Host & Networking Auditing — 2h14m)
In this section, you will learn the core cybersecurity concepts and the basis and reasoning behind penetration testing (compliance, framework & maturity, auditing, nessus).
Section 3 (Host & Network Penetration Testing — 113h22m)
This is the most challenging and the longest section.
You must make sure that you have a good understanding of each course of this section as it’s crucial for the exam.
If a course seems unclear to you, feel free to retake it until you get a better understanding.
Note 📝: In the “Host & Network Penetration Testing: Exploitation” course, you will be required to perform two black box penetration tests (one on a Windows machine and another one on a Linux machine). These exercises are very important as they will help you understand the exploitation of frequently used services on both Windows and Linux.
Section 4 (Web Application Penetration Testing — 9h5m)
Here you will learn :
- How web protocols work
- Identify web directories (dirb, gobuster)
- Perform enumeration of websites and webapps (ZaProxy, Burp Suite, Nikto)
- Perform SQL injection and XSS attacks
- Perform brute force attacks
Exam Preparation
Preparation is the key for succeeding in almost everything. The more you practice, the better you get.
To prepare the exam, you need to take useful notes. This will help you organize your information and keep track of your progress.
Here are some note taking applications that you can use :
✦ Notion
✦ Obsidian
The choice is yours.
Taking notes is good but not enough. In addition to that, you need to revise them frequently. This is where repetition comes in. Indeed, repetition will help you memorize the information in the long run.
Doing so will ensure that you remember most of the techniques you learn.
Last but not least, take your time, there is no need to be in hurry. The most important thing is to enjoy the learning path and improve your skills, not to simply obtain the certification without adopting the hacker mindset.
When Do You Know You Are Ready ?
If you’ve been able to complete all the labs and answer all the quizzes on your own, you can consider taking the exam.
Tip💡: Choose the part of the day where you feel the most productive to take the exam. This will help you perform your best.
Things You Should Do Before Starting The Exam
Before starting the exam, make sure to read and understand the rules of engagement as well as the lab guidelines.
The rules of engagement will provide you information regarding the scope, the exam objectives as well as the recommended tools.
In the lab guidelines, you will find explanation about how to interact with the Kali-in browser which is the machine that you will use during your exam.
For your information, the Kali-in browser machine does not have access to the Internet. Furthermore, if you want to copy something from your host to the Kali-in browser machine, you need to use the shortcut Ctrl+Alt+Shift.
Useful Tips During The Exam
After reading the rules of engagement and the lab guidelines, you can start the exam.
Here are a few tips that could help you during the exam :
- 🔎 Enumeration is the key: The more you know about your target, the more successful you’ll be during the later stage of your penetration test.
- 📒 Take note of each piece of useful information you enumerate: this will undoubtedly help you have a better understanding of what you’re doing.
- 💆♂️Take a break when you get stuck; then try different approaches. But more importantly, don’t forget to query your best friend google :)
- 🔁 Feel free to answer the questions in any order: the goal is to answer as much as questions you can, not to answer all the questions.
- ⏳ Don’t rush: the time allocated to the exam is more than enough.
- ✅ Make sure to read all the questions and their respective answers before submitting your exam. Once the exam is submitted, you cannot edit it again.
- 🌟 Last but not least, do your best. The bottom line is not about completing the exam with a score of 100% but to have fun and learn as much as possible in order to improve your skills and become a better penetration tester.
Note 📝 : After submitting your exam, you will get your results within the 30 first seconds following your submission.
Joking aside, this was the 30 longest seconds of my life 😅.
Then I received my exam results and my certification \0/
Useful Ressources
Though PTSv2 courses covered perfectly what you are going to see during the exam, here are a few handy ressources that you can check as well:
🔗 Link To eJPT Certification
📚 Book
If you are keen on reading books, I do recommend you the Penetration Testing book wrote by Georgia Weidman. It reflects very well the content of the courses and provide a lot of useful information regarding pentesting.
👨💻 Github Repositories
Here are some interesting Github repositories where you will find useful notes:
🚩 TryHackMe Rooms
Let’s Wrap Up
To connect the dots, eJPTv2 is a good starting point in the passionate world of penetration testing. It provides you with the necessary knowledge and prepares you to face more advanced certifications.
If you take into consideration the points highlighted above, passing the eJPTv2 should not be a rocket science.
That being said, I wish you all the best guys, and feel free to ping me if you have any questions.
