I’ve recently passed my eJPT exam and wanted to share my experiences with eLearnSecurity and INE. I hope this review will be useful to anyone who is considering taking the eJPT course/exam.
eJPT is an entry-level course for junior penetration testers. It covers basic networking (TCP/IP, routing/switch, firewalls etc.), some programming in C++ and Python, basic information gathering and reconnaissance, tools for target scanning and profiling, and basic vulnerability assessment of networks and web apps. I won’t go into details because the syllabus is publicly available.
All the training materials and labs are provided by INE. These resources are free of charge if you sign up for INE’s Starter Pass. If you go for the exam, you need to purchase an exam voucher from eLearnSecurity for 200 US dollars.
Most of the course content is presented on slides, but there are also a few training videos. Notice that you can only download a few select files that are associated with certain slides or videos. You can’t download the slides or videos.
The content is beginner-friendly and has plenty of examples on how to use different tools with the right switches. I definitely learned a thing or two about nmap and how to speed up my scans by using the right flags. One downside is that some of the materials are slightly outdated. For example, some slides introduce the Burp Suite ‘s spider feature, which is no longer part of the free Burp Suite Community Edition. You can still download an older version with that feature, but I didn’t like the idea of installing outdated software and simply skipped these slides.
What really makes this course stand out are the labs. Unlike other networking or security courses, the eJPT gives you the opportunity to practice what you learn in a dedicated virtual environment. You simply click a button to start or stop the lab. After downloading an OVPN file you connect to the VPN. The lab description includes several goals you have to achieve. This is great for beginners who may not be ready yet to use different tools in a black-box penetration test.
At the end of the course, you are presented with 3 black-box labs that allow you to follow the penetration testing process in its entirety. These labs are much more challenging than the other labs and some require basic pivoting. In fact, I would say that these 3 black-box labs are even more difficult than the exam lab.
The black-box labs are amazing. One thing that really annoyed me, though, was that my VPN connection dropped after 90 minutes. INE claims that labs are automatically stopped after 90 minutes of inactivity. I made sure to actively use the labs and leave the INE lab page open the whole time, but I still experienced connection resets. I was afraid this would also be an issue during my exam, but fortunately everything worked out fine.
You have 72 hours to conduct a black-box penetration test on a corporate network. In order to pass the exam, you need to complete a quiz that includes 20 questions. You need to correctly answer 15 questions or more to pass your exam.
The eJPT covers everything you need to pass the exam. There is no need to do boxes on HTB, TryHackMe or similar platforms. Just focus on the things you learned in the course and you’ll do great. (Make sure you understand basic routing/switching!)
Some of you may wonder how difficult eJPT labs are compared to HTB machines. Most eJPT labs are guided exercises, so it is difficult to compare these with HTB machines. The black-box labs on the other hand are certainly fun, but relatively straightforward. I would probably place them in HTB’s Easy category.
One thing to keep in mind, though, is that the labs are not simply about popping shells and getting user or root access. The goal is to follow the penetration testing process in its entirety and discover as many vulnerabilities as possible. The training materials make it very clear that these labs are not CTF challenges, so you shouldn’t consider them as such.
- High-quality content
- Beginner-friendly labs
- Basic pivoting is covered
- Free access to all slides, videos, and labs
- Reasonably priced exam (200 US dollars)
- Fun exam, not as stressful and exhausting as other exams
- Slightly outdated tools are shown
- Occasional problems with VPN connection (perhaps the fault was on my end, though, I ‘m not 100% sure about this)
- Not suited to bypass HR, other certs like the OSCP are going to be much more helpful in that regard