eJPTv2 Review

Introduction

This is my review of the eJPTv2 certification offered by INE. Initially, I purchased the voucher for the exam, version V1, without including the training. Later, I was able to exchange it for the V2 version with INE, a process that went smoothly and without complications or costs.

I decided not to participate in the training offered by INE, a choice based on my pre-existing experience in the field. This experience led me to believe that I already had the necessary knowledge to take the eJPT exam without the need for additional preparation.

To be considered successful in the exam, it is necessary to achieve a minimum of 70% correct answers. The result is calculated and displayed on the screen immediately after submitting the answers, which provides a clear and immediate view of the performance achieved.

INE no longer supports the V1 version of this exam, so you can now only purchase the new version.

Price

Link to buy: https://checkout.ine.com/?product_selected=ejptv2_funda_quarterly

INE offers a package that includes an exam voucher and three months of access to its educational platform for $249. This package is ideal for those seeking structured training along with the opportunity to get certified.

A valuable tip for potential candidates is to consider waiting for promotions. INE often offers discounts on exam vouchers and subscriptions, which can lead to significant savings.Based on my experience and observations of INE’s pricing practices, I recommend that those interested in obtaining INE certifications keep an eye out for these promotional opportunities. The quality of the training material and the efficiency of the exam process make the investment worthwhile, especially if you can take advantage of these discounts.

My experience with INE’s certification included a transition in how the company offers its products. When I purchased the voucher for the eJPT v1 exam, I chose not to include the training course. This option was available on INE’s old website, allowing the separate purchase of just the exam voucher.

However, it’s important to highlight a significant change for those currently considering this certification. On INE’s website, the option to purchase only the exam voucher without the associated training seems to no longer be available. This may represent a change in study strategy and budget for candidates, especially for those who, like me, feel confident in their pre-existing skills and prefer not to acquire additional training.

Therefore, for future candidates, I recommend a detailed evaluation of the options available on INE’s current website. Additionally, as mentioned earlier, stay alert for promotions offered by INE, as they may include significant discounts on the training and voucher package.

For more information, contact INE support: support@ine.com

Who It’s For

The eJPT is a certification for individuals with a basic understanding of networks, systems, and an interest in penetration testing. Anyone can attempt the certification exam; however, it is designed for:

  • Systems Administrators***
  • IT Project Managers
  • Information Security Officers
  • Security Engineers/Analysts
  • DevOps/ Software Developers
  • Managed Service Providers (MSPs)
  • Manage Security Service Providers (MSSPs)

Despite these recommendations, anyone can take the exam as there are no mandatory prerequisites. Moreover, if your knowledge of the subject is minimal, it is highly recommended that you prepare for this exam using the INE’s Penetration Testing Learning Path.

Content

The eJPT assesses and certifies an individual’s skills in Assessment Methodologies (25%), Host and Networking Auditing (25%), Host and Network Penetration Testing (35%), and Web Application Penetration Testing (15%). The following objectives are tested:

1. Assessment Methodologies

1. Locate endpoints on a network
2. Identify vulnerabilities in services
3. Identify operating system of a target
4. Identify open ports and services on a target
5. Extract company information from public sources
6. Gather technical information from public sources
7. Gather email addresses from public sources
8. Evaluate information and criticality or impact of vulnerabilities

2. Host & Network Auditing

1. Transfer files to and from target
2. Enumerate system information on target
3. Compile information from files on target
4. Gather user account information on target
5. Gather hash/password information from target
6. Enumerate network information from files on target

3. Host & Network Penetration Testing

1. Conduct hash cracking
2. Identify and modify exploits
3. Conduct brute-force password attacks
4. Conduct exploitation with metasploit
5. Demonstrate pivoting by adding a route
6. Demonstrate pivoting by port forwarding

4. Web Application Penetration Testing

1. Conduct webapp reconnaissance
2. Conduct brute-force login attack
3. Locate hidden file and directories
4. Identify vulnerabilities in webapps

The certification exam follows a Capture The Flag (CTF) style. If you are familiar with platforms like TryHackMe and Hack The Box, you’ll have a preliminary idea of what to expect in the exam.

As it’s a practical exam, candidates have 48 hours to complete it, and the responses are multiple-choice. This format gives you a certain advantage when answering.

Some questions will require a flag, while others will ask about open ports on hosts, vulnerable services, and questions related to exploiting the host. There’s no need to submit a report after the exam; you just have to answer the questions and complete the test.

How to Study

I need to divide this topic into two sections: how to study for the exam if you are a beginner, and how to study for the exam if you already work in the field of cybersecurity or have extensive experience with CTFs.

Beginner

If your knowledge in Cyber Security is very limited, I advise taking the course offered by INE itself (Penetration Testing Learning Path). They provide a comprehensive preparation for this certification, covering all the topics related to the exam. By completing the entire course and the labs, you will be prepared for this certification, as all the exam content is included in the course.

Security Professional

If you are a professional in the field and already have knowledge in penetration testing, or are experienced in hacking machines on platforms like TryHackMe or Hack the Box, this certification will likely not present many challenges. Therefore, I believe it can be undertaken without extensive preparation, as was the case for me.

Tips

Cheat Sheet

Check out my Cheat Sheet for eJPTV2 certification: eJPT Cheat Sheet

Labs

I’m providing a list of machines that I believe can help beginners practice and allow experienced individuals to test their knowledge before attempting the exam.

This is just my recommendation, based on my opinion and knowledge. Take your notes and prepare for the exam.

TryhackMe

TryHackMe | Basic Pentesting

TryHackMe | Ice

TryHackMe | Brooklyn Nine Nine

TryHackMe | Anonymous

TryHackMe | Easy Peasy

TryHackMe | GoldenEye

TryHackMe | HA Joker CTF

TryHackMe | Source

TryHackMe | Poster

TryHackMe | Wordpress: CVE-2021-29447

TryHackMe | Blog

TryHackMe | RootMe

Hack the Box

Hack The Box

Hack The Box

Hack The Box

Hack The Box

Hack The Box

Hack The Box

Materials from Content Creators

There is a lot of content from cyber security professionals over the internet to help you study to eJPT.

https://drive.google.com/file/d/1bfZH7ZluaX5nmBx1Dcof43IN0PfHwChG/view?usp=sharing

https://github.com/edoardottt/eJPT-notes

eJPT/cheat-sheet.md at main · JasonTurley/eJPT

eJPT-Cheatsheet/eJPT Cheatsheet.md at main · atinfosec/eJPT-Cheatsheet

https://github.com/d3m0n4l3x/eJPT

How to Pass the eJPT

My Journey to Pass eJPT (eLearnsecurity)

Steps

1. Purchase a certification exam voucher

Purchase an exam voucher to start the certification process. Login to the certification area to manage the exam and any other materials related to the certification process.

2. Begin the certification process

Regular vouchers expire after 180 days from purchase. Before the certification voucher expires (180 days from purchase), complete the initial exam attempt and if desired, the complimentary re-take that is provided with the voucher’s purchase. Both attempts must be submitted before the certification voucher expires. The expiration date will always be available in the certification area, and reminder emails are sent to ensure the voucher is taken advantage of.

3. Take your exam

Follow the certification instructions and complete the exam within the allotted time. If technical issues are encountered at any time during the exam, please email support@ine.com for assistance.

4. Receive your results

Results are on an auto-graded system. This means results will be delivered within a few hours after completing the exam. The eJPT score report will show performance metrics in each section of the exam, allowing reflection on mastery of each exam objective. All passing score credentials will be valid for three years from the date they were awarded.

Worth it?

The eJPT certification stands out as a valuable option, especially for those at the beginning of their journey in the field of cybersecurity. It diverges from the traditional question-and-answer model of other certifications by offering a practical introduction to the world of penetration testing, covering essential concepts and providing hands-on experience. With an approach that prioritizes practical learning, this certification is an excellent gateway into the field of cybersecurity, equipping candidates with the knowledge and skills necessary to take their first steps in a pentesting career.

If you are a professional with limited experience or no specific prior knowledge in cybersecurity, I firmly believe that the training offered for this certification is worth the effort. The training provides a solid foundation of essential knowledge and practical skills to get started in the field.

Moreover, I highly recommend the eJPT for professionals working in related fields, such as infrastructure and networking, who are considering a transition to cybersecurity. It serves as an effective bridge, translating and expanding the skills already acquired into the cybersecurity domain.

The practical approach of eJPT allows professionals to not only learn theoretically but also apply practical knowledge, thus becoming more prepared for the challenges and demands of the cybersecurity field. Therefore, for those looking to transition careers or start in the world of cybersecurity, the eJPT certification emerges as a strategic and valuable choice.

I personally favor practical certifications like those from INE, OffSec, and TCM Security, so if I had to recommend an entry-level certification for Information Security, I would steer away from theoretical certifications, and eJPT would definitely be on my list of recommendations.

If you already have significant experience and are seeking challenges that match your level of expertise, the eJPT may seem less challenging. As an entry-level certification, it is designed to establish foundational knowledge but may not offer much advancement for those who are already well-established in the field.

For experienced professionals, I would recommend considering more advanced certifications like the eCPPT (Certified Professional Penetration Tester) or the PNPT (Professional Network Penetration Tester). These certifications provide a higher level of challenge and are in line with the needs of professionals looking to deepen and demonstrate advanced cybersecurity skills.

In summary, while the eJPT certification is an excellent starting point for beginners or professionals from related fields transitioning into cybersecurity, experienced professionals might find more value in pursuing certifications that offer more complex and in-depth challenges.