My eJPT experience :
The elearning certifications are growing in terms of popularity and as such I enrolled myself in the eJPT certification as I promised myself that this year I should get atleast one professional certification so as to slowly move into OSCP.
A quick background about me, I am a third year computer science student from India. I literally started my journey from scratch in cyber security from november 2018 . I am not a very regular CTF player in vulnhub and Hack The Box , but have solved a number of machines (Of course with a little bit of hints and what not). So my review is not exactly from a total noob’s perspective to be honest.
After reading numerous reviews and blog posts about eJPT , I decided to take it , taking a break from my OSCP preparation which I am planning to give next year. Honestly, I took it just so my resume would look good. I was originally planning to take the CEH around September 2019, but after clearing a few CEH mock tests with ease and looking at the content , I felt that the amount of money I would invest to give the CEH would not arm me with any new knowledge. No offense, no doubt it is one of the top certifications, but for now , I wanted to just learn so I opted the eJPT instead because at the least , it would give me an idea of working with online labs , like one I could expect in OSCP, although I have worked in HTB labs anyway, so doesn’t make much of a difference.
If you must know, for the exam you have two course plans i.e. full and elite.I payed for the full course on 19th August , 2019. I had to wait for two days for them to confirm the payment and provide me the course because I had submitted the wrong credit card. The guys from elearnsecurity were really nice so it was fine. It cost me 400 dollars.
Even though I got the course on 19th , I didn’t dive into the course material till 24th because I had my exams till 24th and I got the course so that it would give me a good reason to be excited for my exams to end!
Now about the course:-Firstly, I felt elearnsecurity have made a fantastic course plan fully complete with really beautiful slides and videos which compliment with the material. Kudos to them for handing out such professional material! Since I got the full course plan , so I had to use flash player to read the material and didn’t have a downloadable pdf. I had a noticed a lot of people were complaining about it but to be honest, I never faced a single issue and everything was perfect for me.
Now about the labs:-The labs were perfect to be honest. Since the internet isn’t that fast in my hostel , so I was afraid that I might not be able to utilize the labs that well, a recurring issue with htb for me. But the labs were good and I never faced a single issue with them as well!. One problem I think some people might face is that the instructions to set up the hera lab were a little unclear .Since I had experience with htb, so I was able to set it up easily because the instructions in htb were very clear and easy. It’s just something I felt , but anyway that’s the only thing I felt a little awry.
Time I took to complete the course and difficulty:-In most blog posts about eJPT, people wrote that they took around 2–3 weeks to fully prepare for the exam. Being a part time CTF player and adding to the fact that I was familiar with 99% of the course material, it took me around two full days of reading to go through the entire content (labs,videos,slides).It’s nothing to brag about, it was full two days of reading from morning to night to complete. Also the slides and material were very addictive to be honest like once you start, you won’t feel like stopping. Needless to say , I even a learnt a few tricks which were invaluable.Overall , it was two days well spent learning about different tools and methodologies .
The exam:- This is probably the part which most people must be waiting for. So here’s the deal with the exam, you’ll hear a lot of people saying that the exam is damn easy and easy to pass which I agree . However, it’s not that easy to get full marks in this exam. So the exam format is like this :-
-20 multiple choice questions with one or more than one.
-In order to answer these questions, you’ll be given a letter of engagement and a VPN pack with which you’ll have to connect to their network and perform a penetration test. Read the letter very carefully word for word.
The time to complete the exam is three days or 72 hours. I took me around three and a half hours to complete it with a perfect score of 20/20 , that is despite a dinner break , a high temperature and falling into a few rabbit holes with the machines. But the exam setting was so cool, something which I was already missing the moment my exam got over. Nevertheless , it was awesome:)
Few points about the exam which you should take care and not make the mistakes I made:-
-I have a very bad habit of rushing into things and getting excited about something if it’s a timed event. In that adrenaline , I ran into a silly problem early on , after which I took a step back to take a look at what was I not able to see only to find the answer staring back at me in the letter of engagement. Really felt stupid for a long time.
-Nothing which was not taught in the material will not come in the exam and if you’re having a connection error , the service which you’re trying to attack is not the one , keep that in mind.
-Keep a calm head, the answer will probably the first thing which you had thought of but dismissed it thinking that it would have been too easy. This is where my CTF mentality was creating a problem for me in clouding my judgement.
-Read all the questions before starting your penetration test because this gives you what to expect in the exam , like for example, if you see questions about XSS, you know there’s going to be a web server in the subnet which you have to attack. Also don’t waste your time in useless heavy nmap scans, the basic scan will suffice.
-Enjoy it because the moment you press submit, you’re really gonna miss it:)
Tips for people who want to enroll into it:-
-If you have basic knowledge, just take it, you’re really gonna enjoy it
-If you are a CTF player like me preparing for OSCP but you just wanna kill some time or add it to your resume , only then take it.
-If you are already a penetration tester, then no point in taking it.
I would like to thank elearnsecurity for this short but awesome experience. I still have around 23 hours of lab time which I plan to use it for demonstration purposes for my college workshops:)
Hope you found this writeup helpful!