eJPT v2 Review: Decoding the eLearn Security’s Junior Penetration Tester Certification
2023-9-25 01:55:14 Author: infosecwriteups.com(查看原文) 阅读量:5 收藏

Ilias Mavropoulos

InfoSec Write-ups

  • Wanna learn more about the world of Ethical Hacking and Penetration Testing?
  • Wanna land a job into the Red Team or wanna stand out as a Blue Teamer and explore both sides of the same coin?

The eLearnSecurity Junior Penetration Tester (eJPT) stands as the premier stepping stone. Desinged for those with minimal experience, it’s more than just a certification — it’s a complete 148-hour training bootcamp to one’s foundational grasp of penetration testing, ranging from Assessment Methodologies to Post Exploitation and Web Application Penetration Testing.

Mimicking real-world scenarios and packed with dozens of practical labs, the eJPT builds skills required for hands-on engagements and affirms the individual’s capability to become an asset in any penetration testing team. Plus, if you’re curious about its alignment with industry standards, it is very important that eJPT effectively builds proficiencies across multiple NIST roles, from Vulnerability Assessment Analyst to Exploitation Analyst, ensuring its relevance and applicability in today’s cybersecurity workspace.

imavropoulos | Twitter | Linktree

My LinkTree

Before we dive deeper into the eJPT waters, a quick pit stop about myself as an eJPT candidate so you can have an accurate perspective. Currently, I’m working as a Security Operations Center Analyst within the Global SOC team of Teleperformance USA, backed by a 6-year career in IT.

I transitioned to Cybersecurity in 2022 and in 2023 I started my MS in Cybersecurity. Since then, I’m also proud to have already achieved some highly respected security certifications: eJPTv2, Microsoft SC-200, Gold BTL1, ISC2 CC, and LPI Linux Essentials. Each of these qualifications has equipped me with unique insights and expertise, thus, as I share my perspective on eJPT, it is grounded in both academic knowledge and real-world experience.

As INE (the official training provider for eJPT) states:

The Penetration Testing Student Learning Path covers prerequisite topics introducing you to pentesting, information security, and programming. The learning path prepares you for an entry-level position within a red team, exposes you to bug bounty basics, and provides the skills and practice necessary for the eJPT certification exam.

Having gone through the whole INE course for the eJPT v2 I can confirm that the material structure is clearly laid out for a really broad audience that does not need to come necessarily from a Security related background or need to carry long years of IT experience like me. If you follow the course step by step and you complete the practical labs in order to spend time with the terminal you will be more than OK upon completion of the course.

Prerequisites:

This is an entry-level certification. A good initial understanding of Computers, Operating Systems and networking should be enough to get you going.

Intended audience:

  • People looking to transition to Cybersecurity through an Offensive security role.
  • People already working in other subsets of Cybersecurity that want to expand their knowledge and get a glimpse into how attackers are operating.
  • Anyone that is just interested in research and learning.

eJPT consists of 4 sections, 12 courses, 229 videos, 153 quizzes and 121 labs.

eJPT Overview

Let’s break those down:

Assessment Methodologies: information gathering, footprinting & scanning, enumeration, Vulnerability Assessment

Host & Networking - Auditing: auditing fundamentals

Host & Networking — Penetration Testing: system/host based attacks, network based attacks, the metasploit framework, exploitation, post-exploitation, social engineering

Web Application Penetration Testing: Introduction to the Web and HTTP Protocol.

My first experience with offensive security content and preparation for a Junior Penetration Testing certification started back at May 2023 where I leveraged open-source content to build a foundational knowledge about offensive security.

I enrolled to INE’s official content at late July, just after passing my SC-200 exam. During August, I was spending 4 hours of studying during work days and as high as 10 hours during my days off work.

Total hour estimate: 160h

Depending on your background or pre-existing experience with Linux systems, the command line and other stuff, this estimate could be significantly lower or higher for you.

With that kind of preparation, I managed to score 85% while I used 36 hours of the exam time including breaks and sleep time.

eJPT Exam Overview

Duration: 48 hours

Questions: 35*

* Note that questions are NOT theoretical and you’ll have to hack your way into the machines to respond successfully to all of them.

The eJPT Exam setting offers an in-browser lab, equipping you with a ready-to-use Kali Linux setup, complete with necessary tools, scripts, and wordlists to tackle and resolve the exam’s questions and challenges. This in-browser lab design guarantees that you can initiate, navigate, and finish the exam on any device from any spot, provided you have a consistent internet connection, eliminating the hassle of configuring your own Virtual Machines.

The Kali Linux framework provided during the test is offline; however, for research, you can rely on your host OS’s browser. Essential exploit modules and codes are readily available on this Kali Linux via both the Metasploit Framework and the Exploit Database (Exploit-DB).

NOTE: There’s no need to upload or implement any unique scripts or tools onto the in-browser Kali Linux platform you’re accessing. Everything essential for the exam is already integrated into the provided Kali Linux system.

Kali Linux Instance
  • Nmap
  • Dirb
  • Nikto
  • WPScan
  • CrackMapExec
  • The Metasploit Framework
  • Searchsploit
  • Hydra

Keep in mind that you’re allowed to use any other tool installed on the exam instance.

To be honest, initially I wasn’t intending to go for this certification as I had the preconception that this is a really expensive certification like the eWPT , eCPPT etc.

However this was not the case.

As I dug deeper into the INE website (official training provider for the certification) and explored all plans, I found out that there’s a “Fundamentals Plan” that includes the complete Learning Path for the eJPT (39$ per month).

INE Fundamentals Subscription

So, I basically paid for 2 months of theFundamentals subscription summing in a total of 78$.

Realistically, depending on how much you can put into studying, I think that anyone could be able to ingest this knowledge in a timeframe between 2–5 months.

eJPT version 2 training by INE is packed with 121 labs.

However, the best part of the labs is that they’re also pre-documented as mini write-ups in PDF files that you can save in your computer or incorporate them to your notes. This is a game changer for your note keeping part of the preparation to get certified.

Recommendation: there are a few labs that do not offer the solution/walkthrough in a pdf file ready for you to save, instead the solution is written on the webpage. Definitely devote the time to manually copy and paste the walkthrough in your notes or use a full page screenshot tool/ browser add-on that exports the walkthrough automatically into a PDF file.

Alexis Ahmed and Johs Mason have made a fantastic job as instructors, at least I really enjoyed learning from them.

Overall, this is a very well thought training material aligned with industry guidelines and NIST standards.

My exam experience was not very different from the 24 hour experience that I had with my BTL1 exam. As I have previously advised you, I also took my own advice and after completing my training at 24 of August, I devoted 5 full days into resting and stepping out of learning activities, giving time to physical activities like going for long walks in the park instead.

Being fresh on exam day is very important.

I started my 48 hour attempt at Monday morning 09:30 am by conducting information gathering and host enumeration on the target network crafting new notes about network environment.

Then I started reviewing all the questions and made notes on the machines contained in the questions and objectives so I wouldn’t waste time exploiting machines that may be out of scope.

Tip: Don’t be discouraged if you haven’t managed to gain much information or answer a lot of questions in the first day or 12 hours into the exam. Beginning my 2nd day in the exam I had only answered 16 out of the 35 questions. Get some time to rest, take a quick nap, or take a walk outside. Hopefully my 2nd day went a lot better than the first one as I managed to exploit more machines and extract valuable information from them.

Tip: If you struggle with a question use the wording of the question to your advantage. In my case there were 2 questions related with the same machine which I wasn’t able to get a foothold on. By having information extracted from other machines in the environment I was able to eliminate some answer options from these questions and maximize my chances to get additional points from these questions.

I completed the exam in 36 hours including generous breaks and sleep time, and I was able to score 85%.

eJPT v2 Certification

Taking the eJPT v2 was a solid experience.

It gave me a clear picture of what ethical hacking and penetration testing really look like. Having been in IT and now cybersecurity, I can say this certification is on point. eLearnSecurity has done a good job with it, making sure it’s not just for newbies but also for those already in the field.

The content, the real-world labs, and the exam environment all come together to give a genuine feel of the job. When I stack it up against other certifications out there, eJPT v2 holds its own, especially considering its price and how it lines up with big standards like NIST.

If you’re thinking about getting into penetration testing or just want to know more about cybersecurity, I’d say this certification is a good bet.

Whatever the case is, hope this review help you determine if this cert is for you or not, and if yes, how to effectively prepare for it. It goes without saying that you’re always welcome to reach out to me on LinkedIn if you have any questions or just want to connect!

See you in the next one!


文章来源: https://infosecwriteups.com/ejpt-v2-review-elearn-jpt-certification-423d7c940d9a?source=rss----7b722bfd1b8d---4
如有侵权请联系:admin#unsafe.sh