what is ejpt certification?
I passed my exam, maybe a month ago but I am a little late in posting my blog. Pardon me for that. Now let’s get to the blog!! 😀
eJPT (eLearnSecurity Junior Penetration Tester) is an entry level exam with a fee of $200. Now talking about the exam, you get ample amount of time to give the exam (i.e.; 3 Days/72 Hours). In this time, you have to scan the network, look for machines present in it. And then getting a foothold then enumerating it for answering 20 questions. It can include anything from attacking web application on the machine to simply getting basic info about the machine by typing simple commands (e.g., ifconfig, netstat etc.).
For this I would like to thank Josh Mason, Cyber Supply Drop and Vinayak Agrawal. It was one fine day, Vinayak told me about the eJPT giveaway for eJPT on LinkedIn by Josh Mason AND Cyber Supply Drop. He had already done the certification, and I had my eyes on the certificate itself and then this giveaway came. That time I thought that let’s participate in it even if I don’t win the voucher, I will still finish the PTS pathway. I was already doing Tryhackme and HackTheBox hence, I knew most of the topics and was familiar with the tools used for them and manual ways to do it if required. With this I started the PTS path and started doing all the labs and if had doubt look at the study material for the same topic. I finished it in 4–5 days with all the labs. And now the writing part came into play and I started writing everything I learnt and gave a basic overview through my blog. When I was done with the blog in 1–2 days, I just checked it for one last time for spellings and grammar. Then I posted the blog on medium and then wrote a post about it tagging Josh Mason and Cyber Supply Drop. After this, I just had to wait for the results. When the results came, I was very shocked that I actually won a giveaway which I just wrote because one friend asked me to take part in it.
Now in 1–2-day Josh Mason gave me my free exam voucher, after that I had 1/2 year of time to give the exam. But with time, I was getting impatient and nervous about the exam. So, I looked through the PTS path again and read some blogs on eJPT. Next day it was my holiday and I thought why not give my exam today only, and then I started my exam in the evening.
After getting into my exam, I gave first 5–6 answers, they were quite easy but after this I was looking at my Nmap scan and couldn’t find much surface to attack and then I did the Nmap scan again and again to find at least something new.
After 30 min of Nmap I thought of resetting my machine. Even after this I was getting the same results and I started panicking a little. One hell of an awful experience it was, but after some deep breaths I concentrated on the OS detection part and versions and started to look something for the services I found earlier and after trying some of the Metasploit’s modules.
I finally came across something that worked and after that I solved 10–14 questions and I was quite happy about it now then there was one more tricky machine on the network which had hidden server running. Thanks to PTS path I knew what to do and after that I got all the info I needed from the machine and the server running I now did 18–19 questions. And this took me 4–4.5 hours roughly after getting most of the answers I just tried my luck on 1–2 questions and submitted my answer sheet and was very happy to see that I passed with 18/20 score.
After this I downloaded the certificate, told my friends about it. And was very happy to finally get my first ever certificate in Cyber Security Domain. As this was the start of my journey for a better future.
Web Application is commonly found part of any organization’s infrastructure and often is exposed publicly and accessible by the world. Due to this, an attacker usually considers attacking the web applications in order to gain an initial foothold into the organization’s network. From my personal experience being a Pentester & Bug Bounty Hunter, you will see Web Applications everywhere and most of the organizations want their exposed infrastructure to be secure & robust. Hence, Web Application Penetration Testing is one of the core skills when it comes to Pentesting & Bug Bounty.
I recently attempted for eLearnSecurity’s eLearnSecurity Web application Penetration Tester eXtreme (eWPTXv2) certification which is a real-life scenario-based exam based on practical black box penetration test.
How is the eJPT unique to each user?
The eJPT is considered a dynamic exam. Dynamic exams include a subset of questions that will change each time the exam is attempted, making each user’s testing experience unique. We believe that this hands-on, dynamic learning experience will allow you to simulate a variety of real-world experiences you will have in the field, making you a strong candidate for various positions across the industry!
Learn more about dynamic flags and what to expect on the eJPT by reviewing our eJPT Letter of Engagement and eJPT Lab Guidelines.
Does the eJPT align with NIST standards?
The eLearnSecurity Jr. Penetration Tester exam (eJPT) validates that the individual has the knowledge and skills required to fulfill a role as an entry-level penetration tester. This certification covers Assessment Methodologies and Enterprise Auditing with Host, Network, and Web Application Penetration Testing.
Course: eJPT(eLearnSecurity Junior Penetration Tester)
https://elearnsecurity.com/product/ejpt-certification/
Cost: 200$(exam voucher)
Duration of exam: 72 Hours(3 days)
payment options: Paypal/credit card
Material(Lab,video,PDF): follow below steps
Steps: Register on ine.com(you will get starter pass with eJPT course material included)
goto this link: https://my.ine.com/CyberSecurity/learning-paths/a223968e-3a74-45ed-884d-2d16760b8bbd/penetration-testing-student (eJPT course material)
Introduction:
The eLearnSecurity Junior Penetration Tester (eJPT) is a 100% practical certification on penetration testing and information security essentials. Bypassing the exam, a cybersecurity professional proves to employers they are ready for a rewarding new career.
Prerequisites: Nothing (their material is enough even non-technical people can understand easily)
Outcome:
Exam Format:
Important Topics( from course material):
OS: Kali Linux or any ubuntu based(eg. popOS)
Tools(for the main exam):
OpenVPN, Nmap, Nessus, fping, dirt buster, burp suite, john the ripper, hashcat, Metasploit, hydra, Nmap automaton(https://github.com/21y4d/nmapAutomator), Wireshark, sublist3r, Netcat, dirb, enum4linux, samrdump, smbclient
Command cheatsheet:
https://kentosec.com/2019/08/04/how-to-pass-the-ejpt/
Notes:
https://github.com/tr0nucf/My-Tools/blob/master/eJPT%20Notes.txt
eJPT Resources(External Resources):
I made a one-word document that consists of all the best resources for dedicated topics that will prepare you for eJPT exam. and most important thing I have included some rooms from TryHackMe which is very helpful in the preparation of eJPT. so don't forget to checkout.
A few days ago I created a poll on Linkedin for eJPT V/S CEH exam. and most of the people voted for eJPT so decided to make this blog.
Tips for the exam:
Final thoughts:
after taking eJPT certification one thing I can say it is one of the best exams I ever attended. and highly recommend it to every beginner who wants to start their journey in cybersecurity.
Follow me on below social media:
Linkedin: https://www.linkedin.com/in/th3cyb3rc0p/
Twitter: https://twitter.com/th3cyb3rc0p
Instagram: https://www.instagram.com/th3cyb3rc0p/
If you like this write-up give clap.
