eJPT Review; The Hands on Compliment to Pentest+
TL;DR Does the Internet really need another eJPT review? Probably not, but here is mine anyway. Please note that the exam format is changing soon. This is about the 20 Question version, circa May 2022.
I am not a pentester. I have worked everything from service desk to change management & procurement to junior admin to auditing. I am an unashamed Windows Guy. I have passed one other 100% hands on exam before the eJPT. I will invariably end up comparing eJPT to the other hands on exam I took, so bear with me there.
I had been meaning to write a review of eJPT since I took it in May 2022, but I got busy labbing and studying for another exam. The exam is going to version 2 sometime in summer 2022. Nevertheless it appears from INE’s site that the preparation will still be much the same as I used. The price is not changing either.
I first heard about eLearnSecurity and their eLearnSecurity Junior Penetration Tester (eJPT) certification on Reddit. That is also where I first heard about Pentester Academy’s Certified Red Team Professional (CRTP).
First off, the eJPT is an incredible deal at $200 for the exam voucher. This includes a free re-take if needed. The training is free from INE. They give you 3 days to find the answers to 20 questions. Therefore it is a low stress test, which is probably by design. It is meant to be an intro level hands on exam, sort of an OSCP for Dummies if you will.
My personal reasons for this exam
If you have skimmed even a few articles of mine then it is probably obvious that I am a ‘Windows Guy’. I suck at webapps and am mediocre at nmap, Metasploit, and BASH in general. Therefore I figured that eJPT would be a great, interesting, hands on way to learn more about those topics.
Should you take eJPT?
IMHO anyway, you should take eJPT if:
- You took CompTIA Pentest+ and you want to do a hands on complement to it
- You want to learn
- You love learning via hands on
- You love a bargain when it comes to certs
You should not take eJPT if:
- You are just trying to fluff a resume
- You are trying to hit an HR filter
eLearnSecurity in general and the eJPT certification in particular do not seem to be well known yet. Therefore this exam is more for those who just want to learn or those who want to ‘get their feet wet’ before attempting better known certifications such as OSCP.
I used INE’s free training, however I liked Try Hack Me’s (THM) Jr Penetration Tester path better overall for eJPT study. THM was great practice for another reason; they have you VPN into their lab environment using OpenVPN from your own Kali VM. INE does this as well, but not until near the end of their training. I found THM’s lab environment and VPN more seamless and user friendly overall.
Additionally THM’s training has you find the answers to questions, much like the eJPT exam itself. INE’s labs were more ‘find the flag’ focused. THM also does a better job of keeping score as you go, showing you how many days in a row you have answered questions, questions answered per day, and other ‘gamey’ ways to keep students engaged.
This was just my personal preference. THM is only $10 a month, or $7.50 a month if you sign up for a whole year. 2 months is sufficient to get through their Junior Pentester pathway, so figure $20 total for training.
However you go about studying and labbing for eJPT, you will want to be familiar with the following:
- Kali in general (how to get around in BASH, modify files, set permissions, etc)
- Nmap in general (mostly how to scan both individual targets & subnets for host discovery)
- Metasploit in general (how to search for modules, run exploits, handle reverse shells, etc)
- At least some netcat familiarity
- How to perform simple password cracking with John and/or Hashcat
- How to perform simple online brute force attacks with Hydra
- Some knowledge of common CTFy network services like ftp, telnet, etc
- Simple vulnerability scanning & familiarity with typical vulnerabilities
- Basic Linux privilege escalation
- Basic webapp scanning with tools like dirb, DirBuster, Gobuster, nikto, etc
- Passing familiarity with interception proxies like Burp Suite
Basically you will want to have some hands on time with the tools that are tested on in CompTIA’s Pentest+ exam. INE’s training and THM’s Junior Pentesting path will get you familiar enough to pass the eJPT. If you did not do THM’s Pentest+ path already then I would recommend that one as well. I did it after passing eJPT, but IMHO it would greatly benefit one as eJPT prep.
I started the exam around 09:00 on the first day of a 3 day weekend. Many others said that they finished the exam in 3–4 hours, but I am not a Linux guru and wanted to use the full 3 days if needed. eLearnSecurity provides you with instructions, an OpenVPN file for access to the exam environment, and 20 questions. You need to find the answers to at least 15 to pass.
Unlike the CRTP, you have to perform host discovery on the eJPT exam. In fact I found that this was the most important part of the exam. After all, you won’t find the answers to the questions on the systems if you can’t find the systems in the first place.
Obviously I cannot say too much about the exam, but the questions were not ‘CTFy’, which was great. You can approach the exam environment like it is a pentest, scan & enumerate everything, find all vulnerabilities, etc. However you can also use the questions to guide your approach to the environment and simply focus on finding the answers. IMHO neither approach is wrong. After all an attacker is normally after something specific.
I ended up getting 17 out of 20 correct and passed the exam with a score of 85%. I spent roughly 12 hours on the exam. I took frequent breaks and went running after I got really stuck at one point.
There is no report for eJPT, just find the answers to the questions and submit the entire thing when you are ready. They let you know your score immediately.
- Take the exam when you have 3 days off work and plan on using it all. You will probably finish in much less time, but having that much makes it a low stress event. It is meant to be hands on, educational, and fun.
- Take copious notes during the INE and THM labs. I saved mine in simple *.txt files, named by topic, such as ‘upgrading a Linux shell’ or ‘webshells’.
- Do not be ashamed to ask CW6 Google for help during the exam! Much like CRTP, eJPT is open book, open notes, open Google, hell some people even said they pulled the INE labs back up looking for something they missed in the walkthroughs. eJPT is about actually putting your hands on the keyboard and finding the answer in an environment, not rote memorization.
- INE recommends using Kali and they show you how to use specific tools, however you are not limited in what you can use. Conceivably you could take the exam from a Windows VM if you really wanted to. The exam is about understanding the concepts, not memorizing a specific tool.
- There is no IDS, SIEM, etc in the exam environment. Being sneaky does not get you extra credit. The focus is on host discovery, scanning, enumerating, finding vulnerabilities, etc. Don’t be afraid to use the intrusive nmap scripts or throw Metasploit payloads at things that you find.
- Most of all, relax and have fun! This is NOT meant to be a stressful exam.
eJPT from eLearnSecurity is an incredible deal at $200 for the exam voucher with a free re-take included just in case you need it. The training is free from INE or $10 a month from THM. You can study up for and take this exam for $220–230. The exam is 100% hands on and stresses understanding network, webapp, and OS security rather than rote memorization.
eJPT information: https://elearnsecurity.com/product/ejpt-certification/