My experience with the eJPT

I started my journey into cybersecurity only after I graduated with a bachelor’s degree in Computer Science and Engineering. Strange, I know. I tried various niches of computer science, from website and application development to machine learning and computer vision, during my four years in university. But, a six-month internship soon after made me realise that I want to be in the security domain.

I dabbled in penetration testing by participating in capture-the-flag challenges during live events and on websites like HackTheBox and TryHackMe. Like everyone else interested in offensive security, I want to eventually get my OSCP, but before that, I wanted something a bit more light-hearted to put my skills to the test. That’s when I came across this wonderful certificate called the eJPT.

Now, don’t get me wrong. The eJPT is not a piece of cake. While hunting for information about this examination through the dense forests of Reddit and Twitter, I found instances of people passing off the eJPT as being “too easy”. If you are a cybersecurity professional working with complex networks and testing heavy web applications, that may be the case. But, for most of us looking for a way to test our basic penetration testing skills, this certificate is the perfect challenge.

This was my first penetration testing examination. I started preparing for it in January 2021, but I had to pause for a few months after February as I started my master’s degree in cybersecurity. Keeping up with university work while preparing for the exam was a bit too hectic for me, so I decided I would finish my preparation during the semester break. On June 14, I resumed preparing for the exam, before clearing it on June 26 2021 in four hours.

Enough about me. You are probably reading this for tips on how to pass, right? Here are a few from my experience.

• Everything you need to pass the exam is in the course material by INE, accessible for free with their starter pass. Yes, the lab time is more than sufficient. No, you don’t need to get a paid pass for the material.
• You may have read other blogs or reviews before this one, and you may have heard that the routing step is difficult and that you need to practice pivoting with external resources, or read highly technical blogs about how to pivot. That is not necessary at all to pass, and you can quote me on this. What they mean when they talk about “pivoting” in the exam is to find and access other networks from the network you are dropped into. As long as you cover the networking section of the course properly and you have completed the “Find the secret server” lab available in the same section, you’ll be fine.
• Although the programming section (Module 2 of the course) is useful, it is not necessary for the exam.
• The three black boxes you receive as a part of the material are tougher than the exam itself, so if you have a hard time with them, don’t worry about it.
• You have three days to complete the examination which consists of 20 multiple-choice questions. So relax, take your time and don’t be in a rush to submit. I know it may be overwhelming, but there’s no reason to feel so.
• You will have to create your username and password for the .ovpn file to connect to the exam environment, so you don’t have to spend time searching for credentials. You will receive instructions on how to do this after you get your voucher.
• Make sure you download the .rar file they give you when you start your exam and read the letter of engagement properly.
• Do your basic scan (enumerating ports and services) on every machine at the beginning itself. Don’t wait to finish up with a machine before starting your scan for the next one. Crucial information in other machines may be required to answer questions about a particular machine.
• The exam questions are in a jumbled order. They may not be in the same order as your findings, so read all the questions before you start answering them.
• Review all your answers before you submit them. I know this probably goes without saying, but I wanted to put it out there.

You can also check this compilation of a few resources I made during my preparation for the exam.