eJPT Journey (2021)
si20
Member Posts: 543 ■■■■■□□□□□
I was around 1/4 through studying Network+ when my employer said they've got some funding for me to do the eJPT. It appears that the course itself is free, and you just pay for the exam. Awesome! But sadly this means my Network+ studying is now postponed - although I *have* to get it done this year... so...that being said....
I've done the OSWP, OSCP, WAPT v3, Sec+ and Pentest+ - looking at the eJPT, it doesn't look overly taxing. I think I should be able to attain this cert without too many bumps in the road. I've had a look at the course content and I've done a lot of it before, but there's some stuff I've never personally done e.g DNS exfil.
Looking forward to sharing my progress with you all here (will update around once per week, so feel free to bookmark this thread).
If you've got any suggestions let me know!
Thanks
Comments
-
Elitis Member Posts: 50 ■■■□□□□□□□If you've done OSWP and OSCP already, just take the exam already. It isn't a very difficult exam and the multi-choice portion of it is in itself a hint towards the answers.
-
UnixGuy Mod Posts: 4,570 ModWell I had a lot of fun doing eJPT but it was my first intro to Pentesting. If you want to pass the exam, make sure to do all the labs in the course and understand themeJPT will be very basic for you as it is an introduction to Pentesting. eCPPT is on par with your skill and experience
-
SteveLavoie Member Posts: 1,133 ■■■■■■■■■□I did eJPT a few month ago.. If you have did OSCP.. then eJPT will be a walk in the park. I would have value to your resume as you have OSCP and other security certification.. But if someone if footing the bill, just do it.
-
si20 Member Posts: 543 ■■■■■□□□□□Thanks for the posts all! I did my OSCP in 2016, so it’s 5 years ago - automatically you’d assume I’d be 5 years better than the OSCP but…. Fact is I’m not. Due to not getting into pentesting immediately, and when I did get into pentesting it was mostly low-quality severity bugs I found, aside from the odd stores XSS in enterprise applications, I never got to do red team stuff.
So what I’m saying is that my knowledge never really improved after the OSCP in the hacking space as I was doing web app stuff.When I saw that the eJPT had some black box tests I give them a go and actually found them quite challenging. I’m hopeful and fairly confident I’ll pass it. But I’m actually due to make a move back into the digital forensics world and leave pentesting as a hobby only.
pentesting is great fun for me as a hobby on tryhackme, vulnhub etc but when you do it 8 hours per day, 5 days per week and then need to study up on your weekends, I think I burnt out.
but yes my employer is footing the bill for the exam thankfully! -
SteveLavoie Member Posts: 1,133 ■■■■■■■■■□I did the eJPT recently, I would confirm that the exam difficulty is similar from the Black Box test.
-
si20 Member Posts: 543 ■■■■■□□□□□Quick update: passed the eJPT with 18/20. I didn't study the entire course - I skipped the entire programming section because you don't need to write any code for the exam - and didn't cover every single tool - because I remembered most of the tools from the OSCP. I can't mention which 2 questions I think I got wrong, but I don't think the course materials actually covered them (or if they did, maybe I totally missed it).
There is one other element of the exam relating to routers that the course material doesn't cover very well at all. I actually thought I was going to fail in the first 30-45 mins of starting the exam. I was reading through the INE material during the exam (it's open book) and they didn't cover the very thing you need to do at the beginning of the exam...
I had to really get my thinking cap on. From then onwards, it wasn't too bad. I'd agree with SteveLavoie, the exam is similar in difficulty to the black box tests - easier in one way and harder in another. What really slowed me down was the amount of machines on the network - some didn't seem to have any business being there. I didn't attack every single box and still managed to get 18/20, which makes me think that some boxes are there to trip you up and slow your progress - similar to a real life pentest.
I plan to go back and study the programming section in future. But next up I've got the Network+ to return to.
Thanks all! -
SteveLavoie Member Posts: 1,133 ■■■■■■■■■□And there are some "rabbit hole" IP too.. I took about 10h to do the exam, but I spent probably 5 on something that wasnt really useful. It is a nice hands-on exam, and I would recommend it to everyone that start into offensive security.