mzfr@home:~$

My eJPT experience

Like every Infosec enthusiast I want to do OSCP certification program but when I was reading about it I came across this ceritificate named eJPT so I decided to read about it. Lot of people recommend eJPT as the stepping stone for other bigger certificates like eCPPT or OSCP.

After reading numerous reviews and blog posts about eJPT, I decided to take it. The main reason I took this certificate was to gain some confidence for OSCP and also to improve my resume.

PTS Course

PTS(Penetration testing student) is the course that you have to purchase in order to get 1 voucher for eJPT certification. There are two course plans i.e full and elite. Full plan has have 30 hours of labs + 1 free retake where as elite plan have 60 hours of labs + 3 free retake + 3 black box pentesting.

I(actually my elder brother) payed for the full course, I bought it during the Black friday sale at the end of the november so I got a discount of around 100 USD(~ 7000 INR). In total I paid 299.25 USD(21,184.66 INR).

Even though I got the course on 11/23/2019 I didn’t start until 01/01 2020 mostly because I had my college end semester exams.

About the course

Talking about the course, elearnsecurity provide you with slides and videos, there is also an option to pay extra 100 USD to get study material in PDF format but I decided not to do that because online slides were fine though at some point I felt that they were bit slow in loading but other than that there was no issue. The study material contains specific modules that covers everything that you need to know in order to pass your eJPT exam. And it starts with the very basics of pentesting so the person who had no idea what pentesting was will also be able to study and understand.

Hera Lab

Along with Slides and videos we are also given access to 30 hours of HERA LAB (for Full version). With every module there are few labs attached so you can do hands on practice of what you just learned theoretically. Since I already had experience with setting up VPN I faced no issue in running those labs.

Since I already knew lots of stuff I was able to finish all the labs in around 2 hours that means I still have 28 hours of lab time remaining.

Due to some unforeseen reasons two of my exams were postponed and were rescheduled for 5th and 9th of january because of that I had to manage studying for eJPT along with my studies for my college exam. I decided to study only 1-2 hours a day for eJPT and with that pace I was able to complete all the slides in around 8 days. There were lot of things which I already knew but still I read about those and didn’t skipped anything but skimmed few things.

About Exam

Exam contains 20 multiple choice questions which you’ll have to answer after/while doing the pentest on the exam network. The time to complete the exam is 3 days (72 hours).

The moment you click on start certification process you’ll get a letter of engagement and some other files that you’d need during pentesting the network. It’s very important to read the letter of engagement carefully and line by line, you’d find lot of information in it. Also it gives you a brief idea of what exactly has to be done and what story line would be followed.

My exam

I started my certification process on 14 January 2020, around 3:30 PM but due to some unforeseen reasons I wasn’t able to start my pentesting of the network until 6 PM. I submitted my exam on 15th January 2020 around 10:45 AM. So in total I took 19 hours to complete my exam and I scored 18/20 with one answer completely wrong and one partially wrong.

This time includes 6 hours and 41 minutes of sleep along with 1 dinner, 1 breakfast, few unwanted and 5 let's free up my mind breaks. I think I was able to finish the exam in around 7-8 hours, which also includes the time for writing a very lengthy writeup/report I made for the pentest. It is not required to write a report inorder to clear exam but you should definitely do it just to keep track of all your findings.

In some blog posts that I read, suggested that it would be nice if I would do the pentest first and then answer the question but I think it’s upto you how you want to do it. I personally went through all the questions quickly which gave me an idea of what all might be waiting for me and then started my scans.

One thing that I would highly suggest is to take screenshot of all the 20 questions(once you answered them) and put them in a file and then below every question(screenshot) write the reason why you selected what you selected. This way you’d be easily able to verify your answers before final submission.

Suggestions

So my suggestions for the people who’d like to take eJPT exam are:

  • Don’t make pre-assumptions about the exam like when I read reviews for eJPT people were claiming to have completed the exam in 3-5 hours so I thought that I’d be easily able to do that but that wasn’t the case. I think every person have their own level of experience and understanding so don’t assume that exam would be easy and you’d be done in few hours.

  • When you start your pentest try to understand the bigger picture because there is a storyline behind the pentest you are doing, which you’ll understand if you’d read the letter of engagement properly.

  • Nothing which was not taught in the material will not come in the exam. Actually if you would do the labs properly you’ll start to see few similarities during the exam.

  • If things start to make no sense and exploit stops working and you start to lose your mind then take a break, clear your head and then get back on it.

  • Most important one is Take NETWORKS module seriously. I kind of skimmed those module which talked about networking because I felt like I know this which caused problems during exam.

  • Learn to pivot if you can’t pivot you won’t get far in your pentest. By learn to pivot I mean understand it completely even if you have to read something from outside the course just understand it properly.

NOTE: If you would like to try out a Vulnhub VM that covers pivoting then do Tempus fugit by 4ndr34z & DCAU. This would really give you an idea.

  • Last but not the least, enjoy it while it last 😊

My certificate

I was able to generate my eJPT certificate right after I submitted my answers.