eJPT Exam Review

My friend and I are both preparing for OSCP in PWK labs since late November. We had briefly been curious whether the eJPT was worth trying and whether it would be worthwhile preparation for OSCP. I was curious (as you may gather, I am not very experienced in the security world at all) and so naturally went straight to the exam and passed in 7.5 hours without ever looking at the course material (disclaimer: I’ve had prior CS coursework so a lot of the more basic things like how to use the command line were not things I had to overcome for this endeavor).

I suppose it should’ve been obvious but I just wanted to assuage my own curiosity about what the exam would entail and whether it might provide a vaguely similar but easier version of what I could expect from OSCP exam. Also I figured if I could not pass this exam after all my efforts then I really didn’t assimilate the PWK course material well. The exam:

You have 3 days to move through a network and to answer a series of 20 questions about the network, the answers to which should reveal themselves as a byproduct of your efforts. I gather that questions are random so you may not have to compromise any machines at all to pass.

So in the high-level sense that you are “penetration testing” under a much-easier time constraint, there is that similarity to what the OSCP exam will entail and in my case there is the simulated stress of spontaneously tossing myself into an exam I did not directly prepare for in the dead of night during the work week, in the vague hope of simulating pentesting under pressure that I could expect from OSCP (It was not a hard exam so this did not work as intended but I did have a brief surprise when I had to figure out how to pivot on the network on the fly.).

Thus, I would say if you already have done some work in the PWK labs, can use some basic tools, and do light research, you will not need much time or effort to complete this exam and it is not worth your time. Save the $200 for something more rigorous. I would only suggest this course based on the exam for people with no background in security at all or who struggle greatly with basic enumeration, using the command line, and so forth. Or if you are hesitant to invest deeply in learning about penetration testing and are looking for a light introduction. Otherwise, I think you could benefit in the long run by training to a higher standard (like OSCP) from the get-go. Hope this is somehow useful for you all.