My review of PTSv2 (Penetration Tester Student v2) course & eJPTv2 Exam

My review of PTSv2 (Penetration Tester Student v2) course & eJPTv2 Exam

Few weeks ago, I passed the eJPTv2 exam. I’m pleased to describe you this awesome journey !

I really enjoyed this one and writing this post is the only way I could find to explain you in detail all my thoughts regarding the eJPTv2 exam and the PTSv2 course .

This exam a realistic hands-on exam for 48 hours. The way it's designed is really fun.

Even entry-level hacking certifications require you have some solid knowledges on various IT domains (networking, systems, scripting / Programming, Web technologies, etc … )...Hacking is a special stuff. Let’s start with the blueprint presented by INE/elearning Security :

The Blueprint

This certification is divided into four sections :

• Assessment Methodologies (You must score at least 90%)
• Host and Network Pentesting (You must score at least 70%)
• Web Application Pentesting (You must score at least 60%)
• Host & Network Auditing (You must score at least 80%)

In order to pass, you must receive an overall exam score of at least 70% and must score the minimum score in each section.

You will find more information here : https://ine.com/learning/certifications/internal/elearnsecurity-junior-penetration-tester-cert

My impressions / What I have learned ?

This exam show me that I'm not good enough at Web hacking yet lool !! I really struggled with web App section. It literally drove me crazy !!!! But one thing I learn in hacking, everything you had ever learn in IT is important (I.E : Programming, networking, systems admin etc...)

Let's me give you few examples ... I had more experience in networks security when I started hacking, and i can tell you that my networking experience help me a lot for pivoting tasks and doing enumeration on networks. The same way when I had to modify some exploits written in python.

If you come from software development or system administration world, let's me tell you ... every technical skills will help.

The course

I have never learned that much in hacking before i start the version 2 of PTS course of INE / elearning security. It's obviously worth : 144 hours, 120 labs, 154 quizzes. By the way, many thank to Alexis & Mason. They set up a dedicated lab almost for every technique or tool you learn in the course.

The exam & the course are designed to make you practice as much as possible (and I love that). It gives you all the skills and techniques needed to pass the exam. The exam is not difficul, however do not expect to face the same vulnerabilities as those in the course : vsftpd 2.3.4 RCE or Ethernalblue lol.

This course is designed for anyone who want to start his journey in offensive security.

The exam

It took me about 14 hours out of 48 to clear the exam. So I had also enough time to eat, sleep do other stuffs lol...

Theses 14 hours are described below :

• Day 1 - Saturday : I started at 12 P.M and finished at 11 P.M. When I go to sleep, I had access to 3 machines and answered 20 questions out of 35. My main issue at that moment was the web server … I spend almost 5 hours on this machine and didn’t find a way to get access to this web server. Sooo i went to sleep..
• Day 2 - Sunday : I started at 12 P.M and finished at 3 P.M. The second day, i finally found a way to get a shell to the web server and find a way to pivote to the internal networks !! At that moment I literally celebrated !!!! Once I had access to all machines, I took about 30 minutes to go through all the questions before submitting.

NB : The eJPT is dynamic exam. Each student will have different questions and lab.

My Advices

For those who are interesting in this certification :

• Do not approach this exam as CTF, it's not : it simulates an actual penetration testing scenario.
• Tools are not the most important things in hacking : make sure you understand what you do
• The INE's course is really enough to pass the exam : do not rush to finish the course, take your time to understand every technique.
• Make a structured cheatsheet : if you're in offensive security, and you haven't a cheat sheet ... you are a genius (tell me how you do). Note taking is one of the most important things in your hacking. Personally, I use notion for my note taking. It’s a cloud based application available for Windows MacOS, & mobile device etc… You can review your note while using your phone. (you can view the application below). For more informations : https://www.notion.so/

• You will never know when you will be ready for the exam : practice a lot ... review your cheat sheet and the day you feel confident enough ... pass the exam
• Never forget that ENUMERATION is the key : If you find nothing, enumerate again. A youtuber, I follow, said : "do not try harder, enumerate harder"
• last but not least : my friend ... take time to enumerate, enumerate !!

Useful links

The content of some of the people I followed before taking this exam :

• John Hammond [ https://www.youtube.com/@_JohnHammond ]
• David Bombal [ https://www.youtube.com/@davidbombal ]
• Tadi [ https://www.youtube.com/@tadii ]
• Medium [ https://medium.com/@maisamnoyan/my-ejptv2-experience-and-how-i-passed-it-3149ab23d349 ]
• Medium [ https://ashifly.medium.com/ejptv2-things-no-one-told-you-about-3b5ddb493cc6 ]
• Medium [ https://medium.com/tag/ejpt ]

I hope this article will help you in your eJPTv2 journey.

Aliou FALL / Cyber Security Consultant | Hashtag Security |

Learn / Share / Repeat