I successfully passed the eJPT (eLearnSecurity Junior Penetration Tester) certification (June 2018) and wanted to provide feedback on my experience achieving this certification.
I started by doing some homework and talking to those who were in the field. I wanted to get their feedback to determine if eJPT was a recognizable certification within the security community. Based on the feedback and additional research from different blogs, the eJPT and eCPPT (eLearnSecurity Certified Professional Penetration Tester) were recommended prior to going after the OSCP (Offensive Security Certified Professional) certification.
After I was satisfied with my research, I reached out to eLearnSecurity to sign up for the PTS (Penetration Testing Student) course. In corresponding with the eLearnSecurity team, I was provided a free invitation for the BAREBONE PTS plan. This course was one of the three plans offered for PTS.
Unfortunately, the PTS BAREBONE plan did not offer access to the 12 HERA Labs nor did it provide the ability to take the eJPT certification exam. However, I was able to reach out to the eLearnSecurity team and was offered a discounted upgrade to the PTS FULL plan for $199US.
The PTS FULL plan provided 30 hours of HERA lab time, training videos, and the eJPT certification exam with one free retake (taken within 180 days). For me, I did not see the need to upgrade to the next plan of ELITE; where one received 60 hours of HERA lab time, downloadable PDF training material, eJPT certification exam with up to three retakes, and a printed certification.
As I started working through the PTS course, there were several items that I had covered in other vendor training. I actually welcomed the overlap so that I could start committing to memory the methodology as well as becoming more familiar with the tools and applications.
For each topic, I utilized the training material as my first pass. I then followed up with the training video to further understand the training material and to clarify confusion that I may have had in reviewing the training material. Lastly, I completed the topic by utilizing the HERA Lab (if available).
As to the HERA Labs, I really enjoyed them. The lab guides provided the goal(s), recommended tools, and the step-by-step instructions for assistance. In addition, the lab usually contained a single system to help reinforce the topics covered.
In total, it took me roughly three weeks to work through the training material and the labs (nights and weekends). Along the way, I took notes on both the training material and the labs to aid me with the eJPT certification exam.
I took about a two-day break prior to starting the eJPT certification exam. Once started, I had a total of three-days to complete the exam. The exam layout was very similar to the PTS labs based on a downloadable guide as well as the requirement of an OpenVPN connection.
Without going into too much detail on the exam itself, it was based on twenty questions. However, in order to answer the questions, I had to exploit systems and gather the proper information to answer each question. The methodology and tools utilized within the PTS coursework were more than adequate to pass the exam.
I was able to complete the exam within less than six hours. Once the exam was submitted, an immediate pass or fail was presented along with how many questions were missed. In addition, I received an email that a “shiny certificate is waiting for you in the Members area.”
I thought that the three-days allotted to complete the exam was more than fair. Even though I completed my exam within day one of the allotted time, this was not the first hands on penetration test exam that I had taken and passed. So, it may take a first-time test taker more time to complete the exam.
Overall, I really enjoyed this experience and would recommend this certification for the beginner (like myself). As I continue this journey to become a penetration tester, I am appreciating the fact that the security community is driven by requiring that you prove you know the material from behind the keyboard versus taking a multiple-choice exam.