eJPT in My Point of View

I am writing a post after about a year since I have been busy with studies and work. Nowadays a lot is going on in our country and people are having a very hard time. Apart from all that, I managed to crack eLearnSecurity Junior Penetration Tester examination, which is an entry level certification in cybersecurity industry.

On 3rd July I faced the most peculiar exam in my life. From kindergarten to university, I just had to read some lessons, memorize them and write the exam papers. Realistically speaking, it was so boring and stressful.

eJPT examination turned my exam experience upside down. I am going to talk about how.

I am currently a 4th year undergraduate at SLIIT specializing in cybersecurity and SOC analyst at CryptoGen Pvt Ltd. By the time of writing this, I have one year work experience as a SOC analyst and I have been engaging in red team activities too. Apart from that, I am a die-hard fan of TryHackMe and HackTheBox. Since I have a great devotion for red teaming, I decided to give myself a challenge. That is when I bought the eJPT exam voucher.

INE provides all the study materials and eLearnSecurity provided the examination. By the time I was studying, “Penetration Testing Student” learning path was free including all the labs. If I am being realistic, it was a great learning experience except for the reading of slides. I am not a fan of reading lengthy texts. But I did it anyway and I could grasp the heart of penetration testing methodology. Labs and videos were awesome. Labs were browser-based and I could gain hands-on practice of what to expect in the exam with these labs. I highly recommend anyone to go for these labs first before attempting the exam, and have good notes. In my opinion, all the content required for the exam is covered in INE Penetration Testing Student learning path. However, you have to remember that learning path is only a guidance. You can’t expect all the content as it is for the exam.

Knowing that I have 3 days to complete the exam, I clicked “Begin Certification Process”, and I was first confused after seeing the questions. However, following the methodology taught in the course and staying focused gave me a win. As you may already know, exam is a practical one where you have to perform a pentest for a small company and answer the questions based on your findings.

First of all, it is very important to read and clearly understand the provided letter of engagement and PCAP file. I spent about 10 hours for the exam, and most of the time was spent on figuring out indirectly connected networks. That’s right! you have to pivot through the network to answer most of the questions. If you are not familiar with routing and pivoting do not attempt the exam. Exam is not like a CTF where you are given a machine and hack everything! This is a real life pen testing engagement where you are directly connected to a company network and performing recon , vulnerability assessment and exploitation. I had to spent a long time because I neglected the pcap file, and I was just being happy with exploiting multiple machines in the directly connected network. Just remember that popping reverse shells is not the case in this examination. You have to have a clear understanding about the company’s network architecture and desire to dig deeper in the network, and find any and all flaws in the entire system that can be leveraged by an attacker to carry out a successful attack. Although I thought the exam to be easy based on my CTF experience, it was not that much easy, but it was a whole new experience.

My golden tip — ENUMERATE! and don’t overthink.

Enumeration is the key for success. The exam is never about exploiting a vulnerability and escalating privileges. It is about exploiting one machine and compromising many other machines. For that to work, you have to find as much as information you can. Follow the penetration testing methodology and you will be done in no time.

We can’t say the word “FUN” for an examination. But I am saying that I clearly had “FUN” facing this exam, mainly because of the practical aspect of the examination. This was the first time I faced such exam, and I loved it. So, if you are into penetration testing and a beginner like me, this is the certification for you.

If you are looking forward to take eJPT and need more tips and tricks, or if you have already taken the exam and eager to talk about it, connect me via LinkedIn, and let’s have a chat.