eJPT exam

Naruto985Naruto985 Posts: 66Member ■■□□□□□□□□
Hello guys.
I joined for eJPT and till now it's going fine. I feel it's much better than CEH in terms of practical exposure. But not to complain, the training center where I went for CEH gave us some hands on experience on labs especially nmap, metasploit, nessus, openVAS and few more basics.
Just few quick question about eJPT exam who have completed it.
1. The labs provided by Hera labs, is it sufficient for exam or do we need to explore more outside the Hera lab for eJPT?
2. Do we need to explore beyond what's given in Hera labs for XSS and SQLi?
3. How to go about the eJPT exam any tips.

Thanks

Comments

  • tedjamestedjames Scruffy-looking nerfherdr Posts: 881Member ■■■■□□□□□□
    The labs should be sufficient. For many people, they are. For me, they were except for a couple of things. I really had trouble with Metasploit, so I had to do some extra research on my own on YouTube and other sites to gain the understanding that I needed. Networking is not my strong suit, either, but I made it through.

    You're supposed to be able to make it through the test with the tools you learn in the labs. Like I said, I had trouble with Metasploit. I found Armitage, which is essentially a graphical version of Metasploit, and that made a big difference for me. They want you to think on your feet. You won't get penalized for using your creativity and working outside of the parameters they give you.

    The programing sections in the training are more like bonus training and will not be on the test.

    This test is completely open book/internet, so use everything you can find. You have 72 hours straight in which to take the test, though I've heard of some people finishing it in as little as 3-6 hours. It just depends on your skill level.

    There are lots of posts here already about the course and exam, so look around. You'll find a ton of useful tips.
  • Naruto985Naruto985 Posts: 66Member ■■□□□□□□□□
    Thanks a lot tedjames. I will go through the material again and practice Hera labs all lab at one go. Will make a note of command format. I am bit weak in programming :) it is not my cup of tea. Also will go through the post related to eJPT.
  • tripleatriplea Senior Member UKPosts: 166Member ■■■□□□□□□□
    @tedjames

    did you do the 30 hour full course or the 60 hour elite please?
  • MooseboostMooseboost Posts: 764Member ■■■■□□□□□□
    The training modules provided as part of the course for the eJPT will be enough for you to pass it. For XSS and SQLi you will need not need to explore outside, though some additional reading would not hurt you by any means. There is no practical programming tested in the exam, so I wouldn't worry about that since you will not be required to hand code anything.

    That exam does a good job of testing most of the material taught by the course, so I would recommend being comfortable in the labs. All-in-all, it is a good course and a good exam. You are given ample time for the test and a free retake if you fail (assuming it is the same way as when I took it) so I wouldn't overly stress it. If you are comfortable in the labs, you will likely pass.
    2018 Certification Goals: OSCE
    Blog: https://hackfox.net
  • tedjamestedjames Scruffy-looking nerfherdr Posts: 881Member ■■■■□□□□□□
    triplea wrote: »
    @tedjames

    did you do the 30 hour full course or the 60 hour elite please?

    I had the Elite course with 60 hours of labs. I used most of that time, too, all but about 12 hours. I went through all of the labs 2-3 times each. The Elite comes with 3 (I think) retakes. I didn't finish the first time, so I retook it the following weekend.

    Some people said that they used 10-12 hours of lab time and took the test. Some said that they took the test after about two weeks of study. It depends on your current skill and knowledge levels.

    Essentially, you'll learn the tools in individual lessons, and the exam will force to use the tools together to meet your end goal. It's really amazing when you realize this during the test. You might have to use Nessus to discover a vulnerability and then use Metasploit to exploit it, which is what you would do on the job, anyway.
  • tripleatriplea Senior Member UKPosts: 166Member ■■■□□□□□□□
    Cheers for that. Think I'll pay the extra and go for the elite.
  • harshakoka@gmail.com[email protected] Posts: 4Registered Users ■□□□□□□□□□
    I bought the elite 2 days ago, got access to the course immediately without any verification needed, some said they needed to send some kind of proofs. I have decided to read through the course pdfs first then do video and lab together. I am currently reading the Network part.
  • Naruto985Naruto985 Posts: 66Member ■■□□□□□□□□
    Thanks mooseboost :)
  • Naruto985Naruto985 Posts: 66Member ■■□□□□□□□□
    @[email protected].com, I guess the PDF given and the labs are more than sufficient. I went through the lab. Almost at the last chapter. Haven't touched programming but will go through a bit next week. Practice the lab and make a note of the tools and commands and it will come handy during exam. I want to give exam at earliest. But will redo the lab again as in my elite pack, still 55 hours are left. So will practice two or three more times to be familiar with the process. About reference books, I guess you can go through for extra knowledge. But for exam it may be not required. Some reference books are huge and it takes time to go through them :) good luck with exam :) also go through the suggestion above about the exam given by tedjames and mooseboost and also dig in the forum too for more reviews.
  • tedjamestedjames Scruffy-looking nerfherdr Posts: 881Member ■■■■□□□□□□
    Naruto985 wrote: »
    Thanks a lot tedjames. I will go through the material again and practice Hera labs all lab at one go. Will make a note of command format. I am bit weak in programming :) it is not my cup of tea. Also will go through the post related to eJPT.

    I actually made a note of every command I used during the labs and used it as a quick reference guide during the test. For example, I wrote down every nmap command that I used and included the function for each. In addition to helping me on the exam, it also gives me a quick and easy reference on the job. Don't worry about trying to learn everything that a tool can do. You can add to your personal quick reference as you go. Learn what you need to get the job done.
  • Naruto985Naruto985 Posts: 66Member ■■□□□□□□□□
    Thanks again for the tips tedjames. I will do the same. Just a question how long will elearnsecurity take to announce the result?
  • tedjamestedjames Scruffy-looking nerfherdr Posts: 881Member ■■■■□□□□□□
    Naruto985 wrote: »
    Thanks again for the tips tedjames. I will do the same. Just a question how long will elearnsecurity take to announce the result?

    The minute you hit Submit, you'll know. Well, maybe the second or third minute... It's a multiple choice exam based on the results of the penetration test that you will conduct. You won't be able to guess on any of the answers, since they require having run the tools to discover vulnerabilities, accomplish exploits, etc.
  • Naruto985Naruto985 Posts: 66Member ■■□□□□□□□□
    @tedjames thanks. I have worked on lab for second time. Made notes of the command both from the book and from the lab manual and also video. I registered to hack.me which is maintained by elearnsecurity. Tried one small I mean really basic of xss, succeeded in enthusiasm tried one more and damn I got stuck for an hour. My fear is am I ready for the exam just with the knowledge of lab and the manual they have provided? Should I explore more on xss in dvwa?
    If my lab exercise and manual is sufficient for exam, I would like to give it early. Post exam need to join RHCsA just to get touch of Linux environment but may not take exam. And also learn a bit on php MySQL and python. Please guide me :) as I want to become a OSCP and OSCE :) I am pretty new to security field.

    Regards :)
  • ahmedsayed188ahmedsayed188 Posts: 5Member ■□□□□□□□□□
    Naruto985 wrote: »
    Hello guys.
    I joined for eJPT and till now it's going fine. I feel it's much better than CEH in terms of practical exposure. But not to complain, the training center where I went for CEH gave us some hands on experience on labs especially nmap, metasploit, nessus, openVAS and few more basics.
    Just few quick question about eJPT exam who have completed it.
    1. The labs provided by Hera labs, is it sufficient for exam or do we need to explore more outside the Hera lab for eJPT?
    2. Do we need to explore beyond what's given in Hera labs for XSS and SQLi?
    3. How to go about the eJPT exam any tips.

    Thanks

    Dear Naruto

    I'm Already ejpt Certified and here is the Answer for the Questions you asked :

    1- yes it's more than enough and i'm sure that if you do the Labs more than one time without any missing objectives you will pass the Exam .
    2- the Lab is Enough but if you need to Prof the Concepts on your mind more you have to Try some resources Such as " https://xss-game.appspot.com/ " just for prof the concept.
    3- i finished the exam in 6 Hrs and my advice to you repeat the labs more than 1 time relax the exam is easy but need to focus on the requests behind the questions , make sure that you sleep well before exam you need to be focus on every part of the questions as from the question you will know what techniques you will use to answer it .

    Best of Luck ..
  • tedjamestedjames Scruffy-looking nerfherdr Posts: 881Member ■■■■□□□□□□
    Naruto985 wrote: »
    @tedjames thanks. I have worked on lab for second time. Made notes of the command both from the book and from the lab manual and also video. I registered to hack.me which is maintained by elearnsecurity. Tried one small I mean really basic of xss, succeeded in enthusiasm tried one more and damn I got stuck for an hour. My fear is am I ready for the exam just with the knowledge of lab and the manual they have provided? Should I explore more on xss in dvwa?
    If my lab exercise and manual is sufficient for exam, I would like to give it early. Post exam need to join RHCsA just to get touch of Linux environment but may not take exam. And also learn a bit on php MySQL and python. Please guide me :) as I want to become a OSCP and OSCE :) I am pretty new to security field.

    Regards :)

    You should get everything you need from the training. I did spend extra time on some of the labs but with other sources. I installed bWAPP and played with that outside of the ELS labs, and that helped. Also, you're going to keep learning after you pass the exam, so you might as well reinforce everything you're learning for eJPT.
  • Naruto985Naruto985 Posts: 66Member ■■□□□□□□□□
    Thanks ahmedsayed188 and tedjames :) yes I will play around with more vulnerable machine.
  • Naruto985Naruto985 Posts: 66Member ■■□□□□□□□□
    Guys :) I am taking my eJPT exam this week. Any tips. I worked on the Hera labs four times. Does every question has a different scenario or is it like one scenario and you need to solve it one by one to answer the question.

    Thanks :)
  • tedjamestedjames Scruffy-looking nerfherdr Posts: 881Member ■■■■□□□□□□
    Naruto985 wrote: »
    Guys :) I am taking my eJPT exam this week. Any tips. I worked on the Hera labs four times. Does every question has a different scenario or is it like one scenario and you need to solve it one by one to answer the question.

    Thanks :)

    The questions pertain to the information that you discover while conducting your penetration test. You get the questions (multiple choice) in advance, but there's no way that you can guess based on what you know, like most certification exams. You won't be able to conduct your penetration test if you don't know the tools and then know what to do with the data that you collect while running the tools. This is 100% hands-on.
  • Naruto985Naruto985 Posts: 66Member ■■□□□□□□□□
    Thanks tedjames for the info. I will sure share my experience about my exam soon. Thanks again for giving guidance from time to time.
  • tedjamestedjames Scruffy-looking nerfherdr Posts: 881Member ■■■■□□□□□□
    By the way, it's best (at least it was for me) to answer the questions as you go. Some people took the entire time (like me) to take the test, so it was easier for me not to have to go back and dig through my test results. Besides, when you conduct a real-life penetration test, you'll need to take notes and screen shots all during the test so you can prove your findings to your client.
Sign In or Register to comment.