Filipe dos Santos

/main

/about

/posts

My review of the INE/eLearnSecurity PTS course and eJPT certification exam

I passed the eJPT certification exam (January 2021) and in this blog post I describe my experience with the course and exam to help you decide if it is for you, however if you already decided to take it, I also share some tips for the exam that might help you during the process.

Background #

If you’re looking to break into the field of cybersecurity, chances are you’ve come across countless certifications promising to teach you the right skillset whilst increasing your chances of getting a job interview. One such certification is the eLearnSecurity/INE Junior Penetration Tester (eJPT), an entry-level certification that tests your foundational knowledge in penetration testing. Offered by INE/eLearnSecurity, this certification is designed to provide practical, hands-on experience in ethical hacking, network security, programming and vulnerability assessment.

Developing the competencies to pass the certification exam can be achieved through the Penetration Testing Student (PTS) course material, however my background in the field working in a cybersecurity role for the past 5 years, holding a BSc in Information Systems, and having passed a practical Linux certification in 2020 ( LFCS), certainly helped me prepare for the practical eJPT exam.

This review shares my personal opinions on the Penetration Testing Student (PTS) course and the eJPT exam, assessing how well they prepare candidates for real-world penetration testing and whether they’re worth the investment.

Penetration Testing Student (PTS) course #

The PTS course is INE’s official training material for the eJPT exam, and it does a solid job of covering the basics. I had high expectations for the course material after reading great reviews about it, and it delivered on those expectations. Creating an entry level course for an advanced domain such as penetration testing is not an easy task, one has to already grasp a lot of computer science foundational subjects to properly follow offensive security concepts.

INE/eLearnSecurity designed the course focusing on the real-world application of the subjects being studied. The Hera Labs is the game changer aspect of the course for me, that will certainly make me come back for other INE/eLearnSecurity courses. The majority of the theoretical bits of the PTS course are followed by a practical lab environment that one can use to practice the concepts that were just presented. This model works perfectly for me, specially when learning how to use new tools and techniques, and being able to immediately put to work what I’ve just learned in a real environment.

eJPT exam #

The course, Hera Labs and the 3 black-box assignments are more than enough to prepare one for passing the exam. My experience doing Hack The Box and TryHackMe machines certainly played a role as well. I completed the exam in about 5 hours, and although I understand each person has its own pace, I believe some of the things I did to prepare and organise my exam day were very important for the successful attempt.

  1. You will never know if you are actually ready and fully prepared to take the exam, once you finished the course material and all the Hera Labs (including the 3 black-box assignments), go for it.

  2. Start each black-box assignment exactly as you will be doing for the exam, try to recreate the same environment conditions. For myself that was defining a day where I had at least 6 hours available, and that I could follow my pre-defined routine. I did all 3 black-box assignments on different days one week before I planned to take the exam.

  3. Document everything, and I mean everything!! I use Notion for documenting Hack The Box and TryHackMe, therefore it was the tool I chose to document the PTS labs. Having well-structured notes, specially as a beginner is a must. Notion is a game changer in my opinion, as one can have a database listing all machines one has rooted for future reference, with notes, images, videos, documentation linked and much more.

  4. Let the exam questions guide your analysis. The eJPT exam is intended as an entry-level exam, therefore the questions are clearly designed to steer one into the correct direction. Following the proper penetration testing methodology will be more than enough to make you pass the exam, therefore stick to your methodology and don’t skip any steps!

  5. Have fun! The exam is quite dynamic and in my opinion correctly calibrated to be challenging while rewarding the student that took the course and is now following the material as it was intended. INE/eLearnSecurity are not here to set you up for failure, you can be sure that if you put in the work, the exam will be as fun for you as it was for me.

Final remarks #

There are some additional material that one can consume to go the extra mile, and it will also start preparing you for future certifications such as the OSCP or eCPPT. The Heath Adams course Practical Ethical Hacking is a great complement for what is taught in the PTS course, however it presents much more, and a lot of the content is not relevant for the eJPT exam, since it’s more advanced than what it is proposed in the PTS course.

Doing the “Legacy” retired box on Hack The Box will pay its dividends in the exam, therefore if you have a Hack The Box VIP subscription or it is willing to pay for one, I would recommend rooting the machine first without looking at write-ups.

Overall the course is very much worth it, and I hope you have as much as a good time I had learning and hacking!

back to top