eLearnSecurity Junior Penetration Tester (eJPT)

I decided to enroll in the eJPT certification because I had made a commitment to myself that this year I would gain at least one certification in penetration testing before taking the OSCP.

Exam Format:
-> Cost : 200$ (Voucher)
-> No Proctor
-> Validity: Lifetime
-> 20 mcq’s / (15 Passing)
-> 3 days to finish the exam.
-> You will be provided a letter of engagement and a VPN pack, with which you must connect to their network and conduct a penetration test in order to respond to these questions. Take your time reading the letter word for word.

Despite a meal break, a fever, and being lost in a few machine rabbit holes, it took me about three hours to complete it with a perfect score of 20/20.

Study Resources:

1) INE Training Material (Must)
In their Penetration Testing Student Learning Path, INE offers the training materials for the eJPT. By creating an account on INE and using the starting pass, you can access the course materials for free. The training material is broken out across three courses which include:

• Penetration Testing Prerequisites
• Penetration Testing: Preliminary Skills & Programming
• Penetration Testing Basics

Each course uses presentations, videos, and lab tasks. The three Black Box Practice Pentest labs that are offered at the course’s conclusion were great fun and helped me hone my testing strategy for the test. I took thorough notes as I worked through the training materials and finished all of the offered labs.

2) Zero to Hero eJPT (Highly recommended)
https://www.youtube.com/watch?v=sWHp0WWHwXE&list=PLfWV6Qh-wJ5MDdpGIMhbokwcC5_dLclSP&ab_channel=OvergrownCarrot1Hacking

3) TryHackMe — Jr Penetration Tester Path (Very helpful)
https://tryhackme.com/path/outline/jrpenetrationtester

4) Notes (Worth reference)
https://github.com/fdicarlo/eJPT

Here are My Two Cents:

1. Finish course materials with Labs.
2. Focus on Pivoting concepts.
3. Take notes of everything. Save scan results for reference.
4. It’s a CTF format exam and eventually you will find all the flags.
5. Make sure you are acquainted with concepts like: Metasploit, Nmap, OSINT, Pivoting, Burpsuite, Pentesting lifecycle, Nessus, Web attacks (XSS, SQL injection, Directory Bruteforcing), Password attacks, Wireshark, Programming.

If you need any help or advice, feel free to connect on LinkedIn.
https://www.linkedin.com/in/topi1/