Written by Filipe dos Santos
on 

My review of the INE/eLearnSecurity PTS course and eJPT exam

I passed the eJPT exam (January 2021) and in this blog post I describe my experience with the course and exam to help you decide if it is for you, however if you already decided to take it, I also share some tips for the exam that might help you during the process.

Background

I’ve been working in a cybersecurity role for the past 5 years, mainly with application security, cryptographic protocols and incident response. I also have a BSc in Information Systems, and I passed a practical Linux certification in 2020 (LFCS), which certainly helped me prepare for the practical eJPT exam.

About the Penetration Testing Student (PTS) course

I had high expectations for the PTS course after reading great reviews about it, and the course delivered on those expectations. Creating an entry level course for an advanced topic such as penetration testing is not an easy task, considering one has to already understand a lot of concepts to even start in the penetration testing world.

INE/eLearnSecurity did a great job on designing the course, specially with the “Pre-Requisites” section, that for a lot of folks will be a refresher for concepts that are very important not just for penetration testing, but for IT in general. The “Networking” section covers all the topics that are relevant, while providing easy to understand real-world examples (for the exam make sure you properly understand the routing concepts).

The Hera Labs is the game changer aspect of the course for me, that will certainly make me come back for other INE/eLearnSecurity courses. The majority of the theoretical bits of the PTS course are followed by a practical lab environment that one can use to practice the concepts that were just presented. This model works perfectly for me, specially when learning how to use new tools and techniques, and being able to immediately put to work what I’ve just learned in a real environment.

About the exam

The course, Hera Labs and the 3 black-box assignments are more than enough to prepare one for passing the exam. My experience doing Hack The Box and TryHackMe machines certainly played a role as well. I completed the exam in about 5 hours, and although I understand each person has its own pace, I believe some of the things I did to prepare and organise my exam day were very important for the successful attempt.

  1. You will never know if you are actually ready and fully prepared to take the exam, once you finished the course material and all the Hera Labs (including the 3 black-box assignments), go for it.

  2. Start each black-box assignment exactly as you will be doing for the exam, try to recreate the same environment conditions. For myself that was defining a day where I had at least 6 hours available, and that I could follow my pre-defined routine. I did all 3 black-box assignments on different days one week before I planned to take the exam.

  3. Document everything, and I mean everything!! I use Notion for documenting Hack The Box and TryHackMe, therefore it was the tool I chose to document the PTS labs. Having well-structured notes, specially as a beginner is a must. Notion is a game changer in my opinion, as one can have a database listing all machines one has rooted for future reference, with notes, images, videos, documentation linked and much more.

  4. Let the exam questions guide your analysis. The eJPT exam is intended as an entry-level exam, therefore the questions are clearly designed to steer one into the correct direction. Following the proper penetration testing methodology will be more than enough to make you pass the exam, therefore stick to your methodology and don’t skip any steps!

  5. Have fun! The exam is quite dynamic and in my opinion correctly calibrated to be challenging while rewarding the student that took the course and is now following the material as it was intended. INE/eLearnSecurity are not here to set you up for failure, you can be sure that if you put in the work, the exam will be as fun for you as it was for me.

Final remarks

There are some additional material that one can consume to go the extra mile, and it will also start preparing you for future certifications such as the OSCP or eCPPT. The Heath Adams course Practical Ethical Hacking is a great complement for what is taught in the PTS course, however it presents much more, and a lot of the content is not relevant for the eJPT exam, since it’s more advanced than what it is proposed in the PTS course.

Doing the “Legacy” retired box on Hack The Box will pay its dividends in the exam, therefore if you have a Hack The Box VIP subscription or it is willing to pay for one, I would recommend rooting the machine first without looking at write-ups.

Overall the course is very much worth it, and I hope you have as much as a good time I had learning and hacking!