eJPT materials and studying methods

TheFORCETheFORCE Member Posts: 2,297 ■■■■■■■■□□
I have decided to register for the eJPT exam and get a bit familiar with the pen testing world and fill gaps in term of knowledge or methods being used. So I have a few questions before I start this.

First of all, how would you rate the eJPT vs the CEH? Eventually I would like to take the CEH too so would you recommend eJPT first and then CEH? Or CEH first and then eJPT. So far I'm leaning towards eJPT. Any recommendations?

Second question is, are slides and videos in the Full PTSv3 enough to pass the exam? Thanks to xxxkaliboyxxx I got a taste for it from the free PTSv3 training but that only had 4 modules available and most of it I was already familiar with not sure if the other modules will be similar or more in depth.
Third, I have not done any practical exams yet which a lot of theae pen testing certifications focus on, so what should I expect? Will the 30 hours of lab be enough to attempt the exam?

My reason for the exam is not to change my path but to get a bit more familiar with the pen testing process and the knowledge from it the cert is 2nd at this point but would be good to pass it the 1st try. So, how focused do you need to be in terms of dedicating time and effort to pass this? Did you use other material besides the ones being offered? Appreciate the feedback.

Comments

  • jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
    Alright so the eJPT is a great starting course and exam. Everything that you need to pass is in the course so just practice a lot and take notes. I would suggest that you go with the Elite plan just in case.

    People have passed the exam in 5 hours or less. Some people like myself took the whole time to do the exam. The exam isn't difficult, you just have to know what you're doing. I got hung up on one thing that I was doing wrong and after that, everything was back to normal.
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • lucky0977lucky0977 Member Posts: 218 ■■■■□□□□□□
    TBH, I spent a lot of time rewatching the videos and slides and should've spent more time in the labs. Everything you need to pass the exam will come from the time you spend in the labs. 30 hours will be sufficient.
    It would be hard to compare the CEH to the eJPT because the first requires you to memorize facts from reading over and over again and the latter requires repetition of the actual commands. I personally enjoyed the learning experience from the eJPT over CEH but you may get differing responses.
    Bachelor of Science: Computer Science | Hawaii Pacific University
    CISSP | CISM | CISA | CASP | SSCP | Sec+ | Net+ | A+
  • TheFORCETheFORCE Member Posts: 2,297 ■■■■■■■■□□
    Is the actual test format similar to the labs? Trying to understand how they tell you what the objective is. Do they tell you for example... list the open ports on this machine? Or list the targets in this IP range? And then you just run your tools and answer the question by giving the results? How does it work?
  • lucky0977lucky0977 Member Posts: 218 ■■■■□□□□□□
    Whatever you learn in the labs will most likely be utilized on the exam. You'll perform a blackbox test and you'll have to answer multiple choice questions based on what you find when you exploit the systems. There will be an instruction guide that comes with the exam that also tells you what tools are appropriate to pass.
    Bachelor of Science: Computer Science | Hawaii Pacific University
    CISSP | CISM | CISA | CASP | SSCP | Sec+ | Net+ | A+
  • BlackBeretBlackBeret Member Posts: 683 ■■■■■□□□□□
    The test was exactly like the labs when I took it. It was right after they upgraded to the current version, but IIRC you VPN in to the test network and were given a target range, maybe 5 IP's.

    You'll have a multiple choice test with something like "What are the user account names on the target at 192.168.5.5", "What are the hashed passwords in the database on target 192.168.5.2", etc. etc. You can infer from the questions that on .5 you'll need to gain full access and will likely find a service that's easily exploitable and leads to a system shell, on .2 you need to **** a SQL database, so there's probably a SQL injection vulnerability that you'll use to collect all of the information. If you have your lab guide handy with the commands used for that attack type, you'll likely be able to use the same steps with few modifications for the test.

    The PTS is an excellent entry level program with a very small, but well done, scope. Don't over think it and you'll be okay.
  • TheFORCETheFORCE Member Posts: 2,297 ■■■■■■■■□□
    I see ok. How fast after the payment do you get access to the material and the labs?
  • chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    TheFORCE wrote: »
    First of all, how would you rate the eJPT vs the CEH? Eventually I would like to take the CEH too so would you recommend eJPT first and then CEH? Or CEH first and then eJPT. So far I'm leaning towards eJPT. Any recommendations?

    You cannot take the CEH unless you fulfill either of the two necessary requirements.

    1. ELIGIBILITY CRITERIA

    The CEH, CHFI v8, and ECSA v9 programs all require proof of 2 years of information security experience as validated through the application process unless the candidate attends official training.
    https://cert.eccouncil.org/application-process-eligibility.html#ceh


    Go with eLearnSecurity then if you are smart, you will get the CEH for the recuiter/hr attraction.
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    For people who have done the course, do you think a week is enough time? I have a fair amount of experience on the subject and wanted to knock it out before grad school starts again.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • TheFORCETheFORCE Member Posts: 2,297 ■■■■■■■■□□
    the_Grinch wrote: »
    For people who have done the course, do you think a week is enough time? I have a fair amount of experience on the subject and wanted to knock it out before grad school starts again.

    Going over the slides now, had completed the pre-skills slides earlier, doing the C++ slides now and then python slides. C++ is a refresher since my major was computer science in college and it feels like a breeze so far. Not sure if it will be the same for python but so far so good. Will do the slides and videos first and then take some time on the labs. I signed up for the Elite version because of the 3 free re-takes and the fact that the voucher doesn't expire.

    If you have experience with nmap and wireshark that should take through most of the course, they go over the use of burb suite and other tools in the Kali arsenal so if you are familiar with that too, you should be able to at least go over the slides, videos and labs fairly easy, not sure if a week is enough but its possible if you put 2 hours a day. Did 50 slides in 30 minutes in the C++ module and that includes writing the small programs. Will spend more time on the usage of the tools since i'd like to get better on those.
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    Excellent! Might have to focus on the programming stuff so probably a bit more than a week. Thanks for the info!
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • nebula105nebula105 Member Posts: 60 ■■■□□□□□□□
    the_Grinch wrote: »
    Excellent! Might have to focus on the programming stuff so probably a bit more than a week. Thanks for the info!

    If you're looking to clear this in a week, the programming stuff is optional for the exam; it's not used at all and purely for knowledge / future preparation.

    Still though, 1 week is a bit of a rush; unless you're already familiar with the topics in the eJPT (minus the programming parts).
  • jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
    Alright, I would like to add that you should also practice with more than one tool just in case. I believe that its the password cracking lab where a tool doesn't work 100% correctly but it's used in the course.
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • UnixGuyUnixGuy Mod Posts: 4,564 Mod
    1) The programming section is not on the exam so you don't need to study it AT ALL.

    2) eJPT is MUCH better than CEH. you will actually learn and use the tools so you will gain actual skills.

    3) Read the lab description, and then use the slides and videos.

    4) If you can do the all the labs 3 times from beginning to end, then you're ready to do the exam and pass. The Labs are the material; and everything in the labs is also in the course material so if there is something in the labs that you get stuck with you can reference the material.

    5) One of the best courses I've done so far, 100% practical and you gain useful skills. Learn everything in the material because you will be building on that knowledge once you start studying for eCPPT or OSCP.
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Check out my YouTube channel: https://youtu.be/DRJic8vCodE 


  • UnixGuyUnixGuy Mod Posts: 4,564 Mod
    the_Grinch wrote: »
    Excellent! Might have to focus on the programming stuff so probably a bit more than a week. Thanks for the info!



    The programming stuff isn't part of the exam so you don't have to study it.

    I honestly see no point in cramming it for a week. If you have a week to kill then studying and doing those labs in a week can be a good time investment; you might be able to pass the exam too if you already know the topics. If you spend a week studying this hardcore you will definitely gain some knowledge that's for sure.
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Check out my YouTube channel: https://youtu.be/DRJic8vCodE 


  • TheFORCETheFORCE Member Posts: 2,297 ■■■■■■■■□□
    That's what my plan is too, to get comfortable with the labs and then got for the exam.

    Do the labs include the attacker and target machine also or is the attacker machine my own machine when connecting through the VPN?

    Just want to make sure i have everything prepared prior to the labs and if i will need any tools installed on my own machine if it's going to be the attacker machine.
  • xxxkaliboyxxxxxxkaliboyxxx Member Posts: 466
    Sorry to hear that the invite was only 4 modules, there was never any indication that it was only a limited invite. A rant for another time.

    I used the eJPT to study for my C|EH. I can say that the topics you study in the C|EH is what you actually do hands on in the eLearnSecurity labs; Really helps out.

    It took me about 10 hours to complete the eJPT exam with a stomach virus and a headache that wouldn't quit. I came from a no experience in pentesting background. I could see someone that has experience knocking it out in a couple hours.

    I used only about 6 hours of my lab time, I still have 24. I wouldn't get the elite package for the eJPT because it is just a multiple choice question exam and you can knockout the slides and videos in a few weeks easily, 6 months is more than enough time.

    The hands on training lab is the same as the exam, pass the labs and you pass the exam.
    Studying: GPEN
    Reading
    : SANS SEC560
    Upcoming Exam: GPEN
  • UnixGuyUnixGuy Mod Posts: 4,564 Mod
    TheFORCE wrote: »
    That's what my plan is too, to get comfortable with the labs and then got for the exam.

    Do the labs include the attacker and target machine also or is the attacker machine my own machine when connecting through the VPN?

    Just want to make sure i have everything prepared prior to the labs and if i will need any tools installed on my own machine if it's going to be the attacker machine.


    Don't sweat, the instructions are super clear and you will get what you need. The attacker machine (as I remember) is yours through VPN.

    They will guide you through the VPN and everything you need. Once you start the course you will get all the information you need.

    When you do the course you will need to prepare a Kali linux VM, which you will use for studying; it will have all the tools you need. Once you do all the labs you will know what tools are needed and you will have ready setup in your studying machine so you will use the same machine to do the exam through VPN
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Check out my YouTube channel: https://youtu.be/DRJic8vCodE 


Sign In or Register to comment.