☕
Brinkles Pentesting Notebook
  • Introduction
    • My Journey to Pentesting
    • Twitter
    • Github
  • Certification Reviews
    • OSEP Review
    • CISSP Review
    • OSCP Review
    • RTJC Review
    • RTAC Review
    • CEH Review
    • CRTO Review
    • PNPT Review
    • eWPT Review
    • eJPTv1 Review
    • CCNP Security Review
    • CCNA Review
    • CompTIA Net +, A+ Review
  • C2 and Payloads
    • Sliver C2
    • Cobalt Strike
      • BOFs and Aggressor Scripts
        • Situational Awareness BOF
        • HOLLOW BOF
        • DLL_Version_Enumeration_BOF
        • InlineExecute-Assembly BOF
        • BOF.NET
        • C2-Tool-Collection BOFs
        • Inline-Execute-PE
      • Payloads
  • Tools
    • Internal Tools
      • BloodHound
      • Certi
      • Coercer
      • CrackMapExec
      • DCSync
      • DFSCoerce
      • DonPAPI
      • WMIEXEC
      • Kerberoasting
      • Lsassy
      • mitm6
      • Pcredz
      • PowerSploit
      • PrivExchange
      • Responder / RunFinger
      • Rubeus
      • Seatbelt
      • Seth
    • Web App Pentesting
      • Payload All The Things
        • Directory traversal
          • Deep Traversal
          • More Directory Traversal Payloads
        • SAML Injection
        • XXE - XML External Entity
        • XSS - Cross Site Scripting
        • XSLT Injection
        • XPATH injection
        • Upload Insecure Files
        • SQL injection
          • MSSQL Injection
          • MYSQL Injection
          • Oracle SQL Injection
          • PostgreSQL injection
          • SQLite Injection
        • Server Side Templates Injections
        • Server-Side Request Forgery
          • Payloads Included in Server-Side Request Forgery
        • Request Smuggling
        • OAuth
        • NoSQL injection
        • LDAP injection
        • Kubernetes
        • JSON Web Token
        • HTTP Parameter Pollution
        • GraphQL injection
        • CORS Misconfiguration
        • CRLF
        • Cross-Site Request Forgery
        • CSV Injection (Formula Injection)
        • File Inclusion
          • PHPINFOlfi.py
          • uploadlfi.py
  • Network Security
    • DMVPN GRE NHRP IPsec Profiles
    • Flex VPNs
    • GET VPN with Key Server
    • IKE Site to Site w/ IPSec
    • Point to Point GRE over IPSec
    • Remote Access VPN
    • Helpful Cisco Firewall CLI Commands
Powered by GitBook
On this page
  • Introduction
  • Study Plan
  • Exam
  • Looking back at the exam
  • What this cert did for me
  • Conclusion

eJPTv1 Review

Overall, not to bad :)

This was one of the first offensive security certifications I went after. After a bunch of research, I realized this was the perfect fundamental / practical test that could get me into the offensive security world, and boy did it help.

Introduction

For context, I was currently a network and security engineer focusing on the implementation side of things. Before this exam, I held a bunch of networking certifications and had some experience in general IT as well as engineering. I also have a bachelors in Cyber security. SO, with that being said, I was not coming at this cert as an entry into IT. I had a degree, experience, and previous certs that helped me tremendously through this test. If you are coming at this test with no experience, no other certs, and currently getting a degree / no degree, it will definitely be more challenging for you than it was for me. This certification explains the fundamentals of offensive security and is a great entry into the security world. If you are going along the study plan and having trouble understanding some concepts, I highly recommend doing a few entry certs before this one such as any of the CompTIA fundamental certs like Sec + , A + , and Net +. However, I definitely believe that anyone could get this cert if they worked hard enough and spent enough time on the study material even with no prior experience.

Study Plan

I started studying for this test using the standard study modules from INE, the Penetration Testing Student course. While writing this, the eJPTv2 is coming out so it might change the whole exam, changing the recommended study plan.

The INE PTS course is plenty enough to pass this exam. I have heard of people studying extra resources like portswigger for the XSS and SQLi parts of the course and even doing some THM boxes. This is definitely not needed to pass however definitely recommended if concepts aren't clicking. This test made me realize my weak parts of knowledge were with XSS and SQLi, hence why I went for the eWPT right after the eJPT which I will write another review for in another write up. I spent about 2 months studying the PTS course before I finished it. This was on top of a busy work schedule so I believe I could have went through the material in about 2 weeks if I was not working. Also, If you don't want to fork over the money to INE, get a copy of the course modules and self study those topics separately.

TL|DR the PTS course is plenty to pass the exam.

Exam

I got about 15/20 questions answered on my first day. (Started the exam after work friday night at about 5 pm and ended about 11 pm) I took a few breaks during that time. I highly recommend this as every time I sat back down on my computer, my brain felt refreshed and remembered to try a few techniques I haven't done before. This also helps alot with getting stuck down rabit holes. Honestly, I think that is the hardest part of any practical test I have done is deciding when to move on and try something new. I woke up the next day around 7 am and didnt finish until saturday at about 12. There were only two questions I was lacking and ended up submitting the exam and guessing on the two. (At that point I knew passed and had some things I wanted to do saturday night and sunday, so I decided to submit the exam and say screw it lol) I ended up passing and got my voucher right then and there!

Looking back at the exam

Everything in the PTS course is important, study everything. If you are trying to speed rush this exam, definitely focus your time on the bigger parts (routing, SQLi, XSS, password cracking, enumeration techniques, metasploit, etc etc.) I wouldn't worry too much about the programming module. As this is important and I think everyone should go through this, if time is not an option and life is busy, you could skip that whole module and focus on modules 1 and 3 of the PTS instead. This exam helped me realize my weaknesses and I decided based off those weaknesses to focus more on web app pentesting. Even though the course was a bit outdated and the learning content was a bit dry, I would say as an entry practical offensive security cert, this is a perfect experience to go through. It truly helps you learn what you picked up from the PTS and what you struggled with. From there, you can focus on your weaknesses to sharpen your skills.

What this cert did for me

I was trying to transition into an offensive security role and this cert helped me secure a job. Now, like I said before, I was entry to pentesting / offensive security however NOT entry to the IT field. I had years of experience, a plethora of certs, and a degree w/ soft skills that truly helped secure my job. HOWEVER, the eJPT stood out as it showed I could learn the fundamentals of the field and that I wouldn't be starting my new adventure on ground zero. In my technical interview, it showed that I knew the basics of some hacking methodologies and in my opinion, was the cherry on top of securing the position.

Now, if you are a student/just getting your degree, and you want to get into the offensive security world.... this certification will probably not secure you a offensive security job. (I say probably because anything is possible, but highly unlikely) You will need other things that help you stand apart from the rest. Mine was all that was listed above, but if you can't secure a job there are other things you can do. Bug bounties, gathering CVEs, more certs, side projects, etc etc. These will help stand out more and combined with the eJPT, help you have a one up on other candidates. One of the biggest misconceptions which I think is driven mainly by colleges/degree programs/bootcamps/certs is that cyber security roles are an entry field. While there are some positions that are entry like a level 1 SOC technician, usually roles in cyber security are not entry. Most likely you will need to put in the time as a help desk analyst, sysadmin, network admin, etc. before you can jump to a pentesting role, RTO, security consultant, security engineer, etc.

TL|DR If you are getting this cert to find a job, realize that this shouldn't be the only thing you are doing to secure a position. Please read above for some advice that I have gained from other seniors above me in the fields.

Conclusion

Overall, I highly recommend this cert. With all that was said above, it did a lot for my career as well as knowledge gained. The only negatives I would have is that the course is a tad dry and the PowerPoints are pretty dated. With the new eJPTv2, I am hoping eLearn Security made the course a lot more interactive and updated some of the topics they had on the eJPTv1 :)

Come join the unofficial eLearn Security discord to hang out with others studying ELS certs!

PreviouseWPT ReviewNextCCNP Security Review

Last updated 2 years ago

LogoJoin the Unofficial INE/eLearnSecurity/PTA Server Discord Server!Discord
Page cover image