My eJPT thread

Shane2Shane2 Posts: 65Member ■■■□□□□□□□
Good Morning,

Today I start the eJPT, and I noticed while looking for information on this particular exam/course, there was not much detail in this forum. I'm rather new to pentesting, so I felt I needed to ramp up to the eCPPT and OSCP. I finished my CEH the first week of April, and while I understand that cert doesn't have the best reputation, I am DoD, and I actually felt it was a good intro to Offensive Security. I would recommend it to someone just starting out.

So I will document my eJPT studies, and provide something I wish I had access to now. I hope to complete it in a month, and afterwards I will probably move on to the SLAE in preparation for the OSCP.

My background is infrastructure support. I have 2 years of Helpdesk and I'm on my 4th year of sysadmin roles. The sysadmin role is peppered with some security duties as well (HBSS, and some IAM stuff). I hold the Sec+ and the CEHv9.

I will try to update everyday, but I will at least give periodical updates on my progress in terms of skills learned.

Cheers!

Comments

  • saragurusaraguru Posts: 46Member ■■□□□□□□□□
    Shane2 wrote: »
    Good Morning,

    Today I start the eJPT, and I noticed while looking for information on this particular exam/course, there was not much detail in this forum. I'm rather new to pentesting, so I felt I needed to ramp up to the eCPPT and OSCP. I finished my CEH the first week of April, and while I understand that cert doesn't have the best reputation, I am DoD, and I actually felt it was a good intro to Offensive Security. I would recommend it to someone just starting out.

    So I will document my eJPT studies, and provide something I wish I had access to now. I hope to complete it in a month, and afterwards I will probably move on to the SLAE in preparation for the OSCP.

    My background is infrastructure support. I have 2 years of Helpdesk and I'm on my 4th year of sysadmin roles. The sysadmin role is peppered with some security duties as well (HBSS, and some IAM stuff). I hold the Sec+ and the CEHv9.

    I will try to update everyday, but I will at least give periodical updates on my progress in terms of skills learned.

    Cheers!

    Hi Shane2,

    I would like to point out something regarding SLAE. I have heard that people take SLAE before signing up for OSCE and not OSCP. I think SLAE involves lot of assembly stuffs, BoF,ROP etc.. and though OSCP has a section dedicated for buffer overflow I don't think SLAE is needed for OSCP.
  • jamesleecolemanjamesleecoleman Posts: 1,899Member ■■■■■□□□□□
    Hi Shane2,

    What kind of detail were you looking for? A few of us took the eJPT around the same time and others within 3 months of each other. There is some good detail on this form about the certification without giving away exam details.
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • airzeroairzero Posts: 126Member
    eJPT is a great follow on to CEH. But like saraguru said, SLAE is more for prep to OSCE as it goes deeper into exploit development. The PWK course will teach you all you need to know about assembly and development to get through the exam. I don't hold OSCP but Have done the course and 90 days of lab time and can say that eJPT is definitely a good primer and all you need to jump straight into OSCP. Good luck man, hope to hear of your progress.
  • Shane2Shane2 Posts: 65Member ■■■□□□□□□□
    saraguru wrote: »
    Hi Shane2,

    I would like to point out something regarding SLAE. I have heard that people take SLAE before signing up for OSCE and not OSCP. I think SLAE involves lot of assembly stuffs, BoF,ROP etc.. and though OSCP has a section dedicated for buffer overflow I don't think SLAE is needed for OSCP.

    I will definitely take another look when I finish the eJPT.

    Im interested in Malware Analysis, so the SLAE is on my radar.

    Thanks for the info.
  • Shane2Shane2 Posts: 65Member ■■■□□□□□□□
    Hi Shane2,

    What kind of detail were you looking for? A few of us took the eJPT around the same time and others within 3 months of each other. There is some good detail on this form about the certification without giving away exam details.

    Honestly, I see a ton of OSCP threads and I just wanted to add a eJPT thread. I know in researching it I didn't see many of them. Just tryibg to add to the knowledge base that is techexams.
  • Shane2Shane2 Posts: 65Member ■■■□□□□□□□
    airzero wrote: »
    eJPT is a great follow on to CEH. But like saraguru said, SLAE is more for prep to OSCE as it goes deeper into exploit development. The PWK course will teach you all you need to know about assembly and development to get through the exam. I don't hold OSCP but Have done the course and 90 days of lab time and can say that eJPT is definitely a good primer and all you need to jump straight into OSCP. Good luck man, hope to hear of your progress.

    Once I am finished with the eJPT I will take another look. Im excited to see what I get out of this course.

    Hopefully I'll be writing an OSCP thread in a few months.

    Thanks.
  • jamesleecolemanjamesleecoleman Posts: 1,899Member ■■■■■□□□□□
    Shane2 wrote: »
    Honestly, I see a ton of OSCP threads and I just wanted to add a eJPT thread. I know in researching it I didn't see many of them. Just tryibg to add to the knowledge base that is techexams.

    Heyy thats cool and I appreciate that. eJPT is a great intro course and test where people have complete the course in some months and the test in a very short time. I think 3 hours was the fastest time. It took me about a year to do the course because I didn't understand a lot of stuff and then I focused on it. The test was very very easy but I got held up on it for a mistake that I did. I didn't think something was working correctly so it put me behind by a few hours. It took me the full time to complete the test and I was late to work as well lol but hey I got the pass.

    The test is easy if you've taken notes, practiced the labs and found similar tools to use that do the same thing. For example, hydra and ncrack or nmap and hping3 to help with making sure that you're not missing something or if you are seeing a difference of output, then maybe pursue that difference.
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • Captain_DeadpoolCaptain_Deadpool Posts: 53Member ■■□□□□□□□□
    Shane2,

    Congrats on getting C|EH. Even though its reputation doesn't hold weight like some other certs, it is a great way to re-read info and get a understanding of everything. I finished the eJPT a few weeks ago, and getting it done in a month is very doable. I did it in 19 days(ish), and i have a family, fulltime job, and im a fulltime grad student (InfoSec) student. So depending on your workload outside of work, you deff could prob get it done sooner.

    I look forward to seeing your journey in obtaining the certification. It a very fun credential to study for.
  • Shane2Shane2 Posts: 65Member ■■■□□□□□□□
    Shane2,

    Congrats on getting C|EH. Even though its reputation doesn't hold weight like some other certs, it is a great way to re-read info and get a understanding of everything. I finished the eJPT a few weeks ago, and getting it done in a month is very doable. I did it in 19 days(ish), and i have a family, fulltime job, and im a fulltime grad student (InfoSec) student. So depending on your workload outside of work, you deff could prob get it done sooner.

    I look forward to seeing your journey in obtaining the certification. It a very fun credential to study for.

    Thanks man, I'm looking forward to it.
  • Shane2Shane2 Posts: 65Member ■■■□□□□□□□
    I started going through the material yesterday. Right now it is just a bunch of recap for me, however if you were just starting out and this was your first cert, it is really good information.

    Network basics, TCP/IP, OSI. One of the things it is going over which I do need more work on is subnetting and CIDR. Went over plaintext and encrypted communication, and utilized Wireshark.

    My plan is to go over slides and videos for 1 to 2 hours everyday at work, then go home and do the labs.

    So far, so good. I like the presentation.

    I downloaded the latest Kali image, and will be using VM Workstation.
  • chazb0tchazb0t Posts: 42Member ■■□□□□□□□□
    Enjoy the course it's a blast, I have zero background and experience and am going the same route as you, eJPT > eCPPT > OSCP > SLAE > OSCE.

    Started PWK/OSCP last Saturday 4/29.
  • Captain_DeadpoolCaptain_Deadpool Posts: 53Member ■■□□□□□□□□
    Those labs are going to be your bread and butter.

    I would give myself a 30 minute limit for each lab, and if i couldnt figure it out in that amount of time, i would go through the walkthrough... then give it a couple days and go through the lab again without the walktrough and rely on what i knew and google. Make sure you understand the tools and how certain commands work (C|EH taught you that im sure).
    i caught myself falling into the trap of memorizing and not learning! i cut that out real quick lol.
  • Shane2Shane2 Posts: 65Member ■■■□□□□□□□
    chazb0t wrote: »
    Enjoy the course it's a blast, I have zero background and experience and am going the same route as you, eJPT > eCPPT > OSCP > SLAE > OSCE.

    Started PWK/OSCP last Saturday 4/29.


    Good luck buddy, I'm definitely following your thread.
  • Shane2Shane2 Posts: 65Member ■■■□□□□□□□
    Those labs are going to be your bread and butter.

    I would give myself a 30 minute limit for each lab, and if i couldnt figure it out in that amount of time, i would go through the walkthrough... then give it a couple days and go through the lab again without the walktrough and rely on what i knew and google. Make sure you understand the tools and how certain commands work (C|EH taught you that im sure).
    i caught myself falling into the trap of memorizing and not learning! i cut that out real quick lol.


    Yeah, I bought the Elite package, and I plan on taking my time to really understand.

    I have previously attempted some Vulnhub VMs, and while I had some success, I feel I needed just a little bit of direction. Hoping to pick up as much knowledge as I can from this course.
  • Shane2Shane2 Posts: 65Member ■■■□□□□□□□
    I have been swamped at work, and my evenings for Thursday and Friday are booked solid.

    But I just finished the Burp Suite module and I'm looking forward to the labs this weekend.

    Burp is a tool I have heard a lot about but I have yet to use it. I'm really looking forward to getting familiar with it.

    Probably won't post anything tomorrow, but I plan on spending a good 5 hours on the course on Saturday, so I should have a post up Sat or Sunday.

    Cheers!
  • nebula105nebula105 Posts: 60Member ■■■□□□□□□□
    Shane2 wrote: »
    I have been swamped at work, and my evenings for Thursday and Friday are booked solid.

    But I just finished the Burp Suite module and I'm looking forward to the labs this weekend.

    Burp is a tool I have heard a lot about but I have yet to use it. I'm really looking forward to getting familiar with it.

    Probably won't post anything tomorrow, but I plan on spending a good 5 hours on the course on Saturday, so I should have a post up Sat or Sunday.

    Cheers!

    If I recall correctly, the eJPT focuses on the Target and Proxy tabs in Burp Suite almost exclusively. Maybe the Spider tab as well.

    Do play around with the Repeater function as well! Really useful for testing out repeated SQL injections via HTTP requests :)

    Oh and do play around with the Spider function! I can't remember if it was emphasized in the course, but it's really, really helpful!

    And also, don't limit yourself to just Burp Suite, you can abuse the labs with OWASP Zed Attack Proxy too!icon_lol.gif

    Disclaimer:

    I'm no pro at pentesting, and I must admit I've used the Repeater tab for some trial and error :)
Sign In or Register to comment.