Prioritise study topics
- If you are already familiar with some of official INE curriculum, it may be good to skip ahead to topics which you feel may need more revision time invested.
- However, I feel it is still important to attempt all the labs to get a better gauge of your understanding on a specific topic.
Explore other sources of information
- There are plenty of reddit posts / online blogs (like this one) sharing mistakes and lessons learnt, and their experience may prove useful for you.
- Rather than just stick to the official labs, consider gaining some more hands on practice on HTB / THM. These resources have been extremely helpful in consolidating the attack methodologies that I have learnt from the INE curriculum.
Notetaking during preparation
- When studying for the eJPT, make sure to build a repository of notes (useful cmds, terms, gotchas that were caught during labs etc.)
- Having a cheat sheet helps a lot during the eJPT exam.
- Make sure to include lots of screenshots to complement your notes.
Enumerate, enumerate and enumerate
- I tend to get really eager to power through a potential weakness I find after some basic enumeration.
- In hindset, it caused me to backtrack several times after I ended up at a deadend.
- It is better to stay disciplined and try to enumerate thoroughly before investigating deeper into specific machines and services.
Techniques
- Building on the previous point on cheat sheets, it can be good to have a game plan (initial flow of your penetration testing / efficient notetaking tools etc.) when starting the exam.
- The game plan can be different for everyone, find one that you are comfortable with from your experience in HTB / THM machines or through the official INE labs.
Report writing (not required but useful for self)
- eJPT does not require you to submit any penetration testing reports.
- However, keeping track of all your actions and noting down interesting findings in an organised format may prove helpful when you are stuck in a rabbit hole and need to backtrack to consider potential areas that have been overlooked.
Adapt
- Given the enclosed machine environment, with no internet connectivity, make sure to adapt and make use of the exisiting tools made available to you.
- Understand what each of the tools made available to you are meant for and keep them in mind as you engage the machines.
Try other means
- If one way of gaining access does not work, see if there are other means to do so. You might be close to the answer, do not give up!
- You have enough time, read through the letter of engagement carefully and you may just have a solution staring right at your face that can solve the problem at hand.
Examples
- Find a service or technology suspicious or seemingly outdated but have no idea how to exploit it?
- Google it, maybe there will be examples online based on historical CTFs and writeups that you can gain some inspiration from.
- Refer back to demo videos if need be.
Scrutinise
- Make sure to read the question carefully before submitting the answer. Some questions do not allow your answer to be modified after.
All the best!
Want to get into Cybersecurity? Check out INE!
