Thoughts on the eJPT cert

I was on my way out the door for a multi-month hiking trip when I realized my eLearnSecurity Junior Penetration Tester (eJPT) voucher would expire before I returned. Guess what that means -- a quick attempt at the exam!

Welp, I passed...so let me share some thoughts on this one.

First, I loved it. Like literally, loved it. Everything about this exam was fun. Now, I'm an educator so my idea of fun compared to yours might differ -- but seriously this is one fun exam. From the scenario presented to the exam questions to the lab environment itself, everything was cleanly designed and well structured. Go into this thing expecting to have some fun and you will.

Second, I have quite a few years experience paired with extensive education and dozens of related certifications -- so my viewpoint is from that perspective. Keep that in mind as you read my notes. While I attempted to "think" like a beginner...I'm still seeing this exam from my own jaded view.

THE EXAM

The exam itself is just a series of 20 multiple choice questions. All of these questions are based on information and details you discover within the lab environment. While, you could in theory take a guess, you'd likely get every question wrong if you don't do the work to find the information. You can move back and forth within the questions and answer them in whatever order you please. It's easy to tell which ones you've answered as well, so going back to one you've missed is super simple.

You can use the questions to guide your actions in the lab environment. But I recommend instead following your pentesting methodology, and then answering the questions at the end. Why? Because having a methodical approach to a pentesting engagement is incredibly important. This is a chance to perfect your technique, take solid notes, and practice for the real deal. If you miss something in your approach...it's easy to jump back in, pwn the machine again, and grab the details you missed. You'll also learn to add some steps into your process for the future.

When you're in the thick of it, doing recon, mapping, discovery, and exploitation -- don't forget to take breaks and allow yourself time to think. You have tons of available time, seriously tons. You can look things up, try different tools, go back and forth between systems, and just in general take your time. 

When I pressed the submit button on my exam, the system showed I had launched the lab environment 8.5 hours earlier. During that time, I walked my dogs, ate dinner with my family, took two mentorship calls, watered my garden, and pwned every box and answered every question. I even had to do "research" in the middle for a particular process I was having trouble with. So, seriously -- you have time!

1) This isn't a beginner to IT/Security cert...build your foundation:

• Basic Computer Skills: open files, run programs, command line, network settings
• Networking: TCP/IP Model, IPv4, Subnetting, DNS, DHCP, NAT, Ports and Services
• Linux Skills: command line, distros, bash, ssh, openvpn, permissions, accounts
• Packet Analysis: Wireshark, tshark, TcpDump, sniffers, protocol analyzers
• Virtualization: WMware or VirtualBox
• Security Concepts: PKI, Kerberos, SSL/TLS, IDS/IPS, Firewalls
• Notes: You must have some sort of notetaking and organization process

2) Do the Penetration Testing Student (PTS) course on INE