Hello everyone, I’m here to review the eJPT (eLearnSecurity Junior Penetration Tester) certification. I will cover my entire timeline, from the purchase of the voucher until the passing of the exam and I will give my honest opinion about the entire course (course material, labs and exam).
If you’re reading this, you might be considering getting the certificate yourself and you’re probably wondering if the certificate is worth it. Like it says in the name, this is a Junior certificate. Experienced people might want to consider going for the advanced version of this course (eCPPT). For the juniors reading this, do I think it’s worth it? I do and I’ll explain by sketching my own situation.
- I obtained my master’s degree in Applied Science and Engineering: Computer Science on September 2018
- I’ve only followed 1 security course during that 5-year period
- My thesis was about web application security
My knowledge about penetration testing was very limited when I started the course. I’ve played around with John the Ripper, Wireshark, Burp Suite and watched some Ippsec videos about HackTheBox. This is all very basic. However, I have an extensive programming/IT background, which helped quite a lot for this certificate. My opinion about the difficulty will be discussed at the end of this post.
I bought the Full Penetration Testing Student (PTS) plan, which prepares you for the exam. This gives you access to all the pdf’s (non-downloadable) and 30 hours of lab time. In my opinion this is MORE than enough time, even when you’re unexperienced. The voucher to take the exam is valid for 6 months.
When I started preparing for the exam, I immediately set a date to take it (I need that pressure to study well). Most of the time that I spent was while in the office in between clients (I work as a Cybersecurity Consultant) or at home. To give a rough estimation: I spent about 2 hours a day for one month on the preparation. This includes:
- Reading every chapter
- Making notes to share with colleagues
- Taking the labs (twice)
I’d say that 50% of the course material was new to me at that time. While studying for the course, I also did some machines on HackTheBox to practice a bit more (you don’t need extra practice to pass). In hindsight, the exam is way easier than the boxes I’ve done.
The course material contains a lot of slides (about 1800+), which demotivated me more than once. Taking notes helps, so I’d advise anyone to do the same! The slides also contain links to video’s (only available from the Full plan), which are very useful and show how certain tools are used. I took all the 12 labs twice and spent about 5.30h on it. This shows that 30 hours is more than enough, even if you want/need to go a bit slower. I enjoyed the labs more than the study material and it complements the study material well.
The exam contains 20 multiple choice questions. To give you an idea about the questions, some examples:
- What’s the password of user “DJ Khaled”?
- What’s in the file “test.txt”?
You get 3 days to complete the exam and you can pause/resume at any given time. I solved it in 5 hours and passed with 17/20 (you need 15 to pass). I submitted when I was absolutely sure that I had at least 15 correct answers. I was doubting about 4 questions but submitted anyway. I’d say you don’t need the 3 days if you’re well prepared. You can use all the notes you want, check the course material and the labs while taking the exam.
The exam itself was more difficult than the labs. The labs are pretty straightforward in my opinion but for the exam you need to understand the course. For example, you need to know when to look for a null session or when you can use Metasploit, while in the labs you just have to perform what they say (exploiting a particular vulnerability per lab). I felt confident when I started the exam but had some stress in the first hours because I struggled with a lot of questions. Keeping calm and remembering what I had learned was the key to succeeding.
For beginning penetration testers like myself, I’d definitely recommend following this course and getting the certificate. It gives you a good understanding of how to perform a penetration test. I would say that most of the things I’ve learned since then is built on the foundation of this certificate. I would rate it 9/10, losing a point for having so many slides lol. I wouldn’t really recommend this certificate if you already have pentesting experience. Although, if you just want an extra certificate, you can always by an exam voucher and get the certificate without the course material and the labs.
The overall difficulty is not that high if you are properly motived and committed to spend the right amount of time. I don’t believe you need a technical background to pass, but you might encounter some difficulties. If you really want it, just try harder.
I believe this is a must-have for anyone wanting to start a career in penetration testing but doesn’t have much/any experience. I wish you all good luck and happy hacking!