eJPT Review

I’ve recently passed my eJPT exam and wanted to share my experiences with eLearnSecurity and INE. I hope this review will be useful to anyone who is considering taking the eJPT course/exam.

What Is eJPT?

eJPT is an entry-level course for junior penetration testers. It covers basic networking (TCP/IP, routing/switch, firewalls etc.), some programming in C++ and Python, basic information gathering and reconnaissance, tools for target scanning and profiling, and basic vulnerability assessment of networks and web apps. I won’t go into details because the syllabus is publicly available.
All the training materials and labs are provided by INE. These resources are free of charge if you sign up for INE’s Starter Pass. If you go for the exam, you need to purchase an exam voucher from eLearnSecurity for 200 US dollars.

Training Materials and Labs

Most of the course content is presented on slides, but there are also a few training videos. Notice that you can only download a few select files that are associated with certain slides or videos. You can’t download the slides or videos.

The content is beginner-friendly and has plenty of examples on how to use different tools with the right switches. I definitely learned a thing or two about nmap and how to speed up my scans by using the right flags. One downside is that some of the materials are slightly outdated. For example, some slides introduce the Burp Suite ‘s spider feature, which is no longer part of the free Burp Suite Community Edition. You can still download an older version with that feature, but I didn’t like the idea of installing outdated software and simply skipped these slides.

What really makes this course stand out are the labs. Unlike other networking or security courses, the eJPT gives you the opportunity to practice what you learn in a dedicated virtual environment. You simply click a button to start or stop the lab. After downloading an OVPN file you connect to the VPN. The lab description includes several goals you have to achieve. This is great for beginners who may not be ready yet to use different tools in a black-box penetration test.

At the end of the course, you are presented with 3 black-box labs that allow you to follow the penetration testing process in its entirety. These labs are much more challenging than the other labs and some require basic pivoting. In fact, I would say that these 3 black-box labs are even more difficult than the exam lab.

The black-box labs are amazing. One thing that really annoyed me, though, was that my VPN connection dropped after 90 minutes. INE claims that labs are automatically stopped after 90 minutes of inactivity. I made sure to actively use the labs and leave the INE lab page open the whole time, but I still experienced connection resets. I was afraid this would also be an issue during my exam, but fortunately everything worked out fine.

Exam

You have 72 hours to conduct a black-box penetration test on a corporate network. In order to pass the exam, you need to complete a quiz that includes 20 questions. You need to correctly answer 15 questions or more to pass your exam.
The eJPT covers everything you need to pass the exam. There is no need to do boxes on HTB, TryHackMe or similar platforms. Just focus on the things you learned in the course and you’ll do great. (Make sure you understand basic routing/switching!)

eJPT labs vs. HTB machines

Some of you may wonder how difficult eJPT labs are compared to HTB machines. Most eJPT labs are guided exercises, so it is difficult to compare these with HTB machines. The black-box labs on the other hand are certainly fun, but relatively straightforward. I would probably place them in HTB’s Easy category.

One thing to keep in mind, though, is that the labs are not simply about popping shells and getting user or root access. The goal is to follow the penetration testing process in its entirety and discover as many vulnerabilities as possible. The training materials make it very clear that these labs are not CTF challenges, so you shouldn’t consider them as such.

Conclusion

Pros

  • High-quality content
  • Beginner-friendly labs
  • Basic pivoting is covered
  • Free access to all slides, videos, and labs
  • Reasonably priced exam (200 US dollars)
  • Fun exam, not as stressful and exhausting as other exams

Cons

  • Slightly outdated tools are shown
  • Occasional problems with VPN connection (perhaps the fault was on my end, though, I ‘m not 100% sure about this)
  • Not suited to bypass HR, other certs like the OSCP are going to be much more helpful in that regard

Awesome write up - thank you for sharing this.

The eLearnSecurity stuff is generally really good from what I’ve seen - but I agree it can become dated (this is true with most courses though).

If you ever do any of their other courses, I’d definitely love to see what you think of it them (and you’ve made me want to do the EJPT now!)

Thanks for the detailed review. Seems like the course (and exam) are still the same quality-wise (I really enjoyed it, when I took my exam 5 years ago).

(Make sure you understand basic routing/switching!)

Also seems like the exam is still the same (or at least the start of it) :smiley:

One thing to keep in mind, though, is that the labs are not simply about popping shells and getting user or root access.

That’s what I really loved about their labs. They aren’t making you find “that one very specific vulnerability, while having hot-patched all the other ones that are inside a certain software” (like a certain other training company :smiley: ). But simply: Find and (where possible) exploit all the vulns.

Not suited to bypass HR, other certs like the OSCP are going to be much more helpful in that regard

Not sure about that one. Especially, when you don’t just add eJPT to your vita, but also write the full name. At that point, HR will at least see that it’s a pentest-related certification.

@TazWake said:
(and you’ve made me want to do the EJPT now!)

Well, the course itself is still free (it’s available in INE’s Starter Pass ).
The certification/exam can then be purchased for $200 from the eLearnSecurity website: eJPT Certification - INE Security (a tad bit confusing, but well, whatever floats their boat :smiley: )

If you ever do any of their other courses, I’d definitely love to see what you think of it them (and you’ve made me want to do the EJPT now!)

@TazWake Thanks for your feedback :smile: I’d love to do more eLearnSecurity courses. The problem is that eLearnSecurity has recently changed its pricing model due to its cooperation with INE. As a result, it’s no longer possible to buy individual courses. I’d have to buy an INE subscription for $2,000 to get access to all of their courses (both red team and blue team stuff). I’m not sure if I’m willing to pay that kind of money any time soon. Either way, their content is great and I ‘ve seen lots of positive reviews for their more advanced courses.

@tkSEC said:

If you ever do any of their other courses, I’d definitely love to see what you think of it them (and you’ve made me want to do the EJPT now!)

@TazWake Thanks for your feedback :smile: I’d love to do more eLearnSecurity courses. The problem is that eLearnSecurity has recently changed its pricing model due to its cooperation with INE. As a result, it’s no longer possible to buy individual courses. I’d have to buy an INE subscription for $2,000 to get access to all of their courses (both red team and blue team stuff).

Yeah - totally get that! I never meant to imply you should spend money, and certainly if it is self funded you need to be 100000% sure it is worthwhile.

Sorry for any confusion.

I’m not sure if I’m willing to pay that kind of money any time soon.

Agreed.

Either way, their content is great and I ‘ve seen lots of positive reviews for their more advanced courses.

Awesome.

Thank you so much for the amazing write-up, You have made me finalize my decision on spending 200$ for the exam voucher and go for eJPT, really appreciate your detailed explanation and clarification on certain areas

@deepansh0xB My pleasure :slight_smile: I hope you enjoy the course as much as I did.

Really thanks for the write up mate

You can’t download the slides or videos… or you shouldn’t?.. also, very cheap cert <3

@3N1CM4 I wasn’t able to download the slides or videos when I did the course in late 2020.