eJPT — A guide on how to pass first time.

4 min readApr 22, 2023

eLearnSecurity’s Junior Penetration Tester, or eJPT, is an entry-level practical pentesting certification. It is a 48 hour exam consisting of 35 questions based on a network(s) of a 5 or so machines you enumerate, exploit, pivot and possibly privilege escalate in order to answer the questions. I very recently passed it within 6 hours scoring 33/35.

The reason I was able to complete it quickly was down to previous experience solving CTF challenges. In this article I’ll breakdown my experience with the exam and explaining how you can prepare to ensure you pass.

My Experience

First of, lets go through the parts I found enjoyable about the exam:

48 hours for me was a lot more than I needed, however for others who have a busy work schedule, or who are very new pentesting, this should be sufficient given you’ve prepared. It allows enough time to have breaks to relax and get on with normal life before coming back to the exam.
The content was wide but shallow, covering a variety of different exploitation techniques at a basic level, with a big emphasis on enumeration. Enumeration is key in a pentetration test, and they really demonstrated that within the questions posed.
As part of the exam attempt, INE provide you with the Penetration Testing Student v2 course (which I didn’t use — more onto this later!). Having briefly looked at the course, and attempting a few labs, I can see this is thorough, detailed, covering every area (plus lots more) needed to pass with flying colours. If you are new pentesting, or have no experience with CTFs, I’d really recommend you go through all the lessons & labs.

It wasn’t all fantastic in my opinion, there are things I’d have liked to be done differently:

The exam was done in an in-browser Kali machine. I’m used to working within my own VM, which I have customised to my liking and am much more efficient in. I feel there should’ve been an alternative option to use an OpenVPN file to gain access to the network on your own machine.

How I prepared

As I mentioned I did not use the PTSv2 course provided to prepare. Personally, I’m not the type of learner that can sit and watch long PowerPoint presentations explaining content — I prefer to learn by solving a challenge or researching a topic on my own. This course has in total 145+ hours of video content and 121 labs. I did try some of the labs however, they are decent quality and provide good practice of using the in-browser Kali machine.

Instead of using the PTSv2 course, I indirectly prepared by solving CTF challenges and doing TryHackMe in my spare time for the past 6 months. Below I’ll list some THM CTF & Walkthrough challenges you can solve to provide a more interactive and fun way to learn. The majority of these boxes are free, I’ve noted the ones which aren’t however. This list will start from complete beginner -> ready to pass eJPT. If you feel you already know the basics, feel free to skip to what suits you best.

Basic Networking Fundamentals

What is networking? (Free)
Introductory Networking (Free)
Intro to LAN (Free)
Active Network Recon (Free)
Passive Network Recon (Free)
Nmap (Free)

General security & Intro to Penetration Testing

Proficiency in Linux & Windows

Exploitation

Privilege Escalation

Independent Challenges to hone skills and ensure success!

Basic Pentesting (Free)
RootMe (Free)
Simple CTF (Free)
Ignite (Free)
Startup (Free)
Blog (Free)
Erit Securus I (Free)

That is a good enough list for this article covering all the major concepts, while supplying sufficient practice. I’d also recommend, if you have the time and patience, to go through the INE PTSv2 course, then you could use these THM boxes to help supplement the studying. If you completed both sets of materials I’d almost guarantee you can pass on the first time with flying colours.

I hope you enjoyed reading this and it was a helpful guide, if you’d like anymore information or details, feel free to message me on my LinkedIn here.