eJPT

100% practical…

As my first Offsec certification, I’ve choose the eJPT (as planned). At the beginning, I’ve would like to use this one as a preparation for the OSCP (Offensive Security Certified Professional) as it seems to be the “Saint-Graal” in the Pentesting certification environment.

What is the eJPT?

The eLearnSecurity Junior Penetration Tester (eJPT) is a 100% practical certification on penetration testing and information security essentials. By passing the exam, a cyber security professional proves to employers they are ready for a rewarding new career.

from https://elearnsecurity.com/product/ejpt-certification/

According to eLS, by obtaining the eJPT, your skills in the following areas will be assessed and certified:

  • TCP/IP
  • IP routing
  • LAN protocols and devices
  • HTTP and web technologies
  • Essential penetration testing processes and methodologies
  • Basic vulnerability assessment of networks
  • Basic vulnerability assessment of web applications
  • Exploitation with Metasploit
  • Simple web application manual exploitation
  • Basic information gathering and reconnaissance
  • Simple scanning and profiling the target

How did I prepared?

For this exam, I used :

Useful resources :

The exam…

So, this exam was a very good experience for me. Like a real pentesters mission, they give us a Letter of Engagement which contain our scope and the exam objectives and you have 72h to complete it.

As I encountered some difficulties, I did it in 31h. I engrave it here as a keepsake :

  • I’ve spent 7h20 to understand what was expected on the routing phase…
  • Metasploit was fixed the day I took my exam and msfconsole/msfvenom couldn’t start anymore. So I didn’t use it…
  • But I eventually needed to modify the repository to handle and bypass errors when starting msfvenom.

Now what?

Today, after few month of exposure, looking for each certification pertinence on my resume regarding what knowledge is assessed, my opinion is to pursued with the eWPT (Web-App Pentester) and the eCPPT (Certified Professional Pentester) from eLearnSecurity. My opinion is that the eLearnSecurity certifications are largely undervalued today compared to the OSCP even if their popularity is growing rapidly. The OSCP benefits from this magic aura on the resume, while the knowledge assessed is very similar.

CompTIA A+

From scratch…

Welcome to the first post of this website.

This journey begin from scratch. Even if I used computers since I was a teenager, I never didn’t really dive into IT very deep. Curious by nature, with the desire to knowing how things work, I knew almost enough for taking the Core 1 of the CompTIA A+ certification.

But first thing first, what is the CompTIA A+?

CompTIA A+ certified professionals are proven problem solvers. They support today’s core technologies from security to networking to virtualization and more. CompTIA A+ is the industry standard for launching IT careers into today’s digital world.

from https://www.comptia.org/certifications/a

In my opinion, if like me, you don’t have any degrees or background in IT, this should be the first step of your journey.

Here is 9 basic skills that you will master and validate with the CompTIA A+:

HARDWARE

Identifying, using, and connecting hardware components and devices, including the broad knowledge about different devices that is now necessary to support the remote workforce

OPERATING SYSTEMS

Install and support Windows OS including command line & client support. System configuration imaging and troubleshooting for Mac OS, Chrome OS, Android and Linux OS.

SOFTWARE TROUBLESHOOTING

Troubleshoot PC and mobile device issues including common OS, malware and security issues.

NETWORKING

Explain types of networks and connections including TCP/IP, WIFI and SOHO

TROUBLESHOOTING

Troubleshoot real-world device and network issues quickly and efficiently

SECURITY

Identify and protect against security vulnerabilities for devices and their network connections

MOBILE DEVICES

Install & configure laptops and other mobile devices and support applications to ensure connectivity for end- users

VIRTUALIZATION & CLOUD COMPUTING

Compare & contrast cloud computing concepts & set up client-side virtualization

OPERATIONAL PROCEDURES

Follow best practices for safety, environmental impacts, and communication and professionalism

There is 2 exams for being certified :

CompTIA A+ – Core 1 covers mobile devices, networking technology, hardware, virtualization and cloud computing and network troubleshooting.

CompTIA A+ – Core 2 covers installing and configuring operating systems, expanded security, software troubleshooting and operational procedures.

They’re both Multiple choice questions (single and multiple response), drag and drops and performance-based questions (between 75 and 90 questions per exam) and you need to get a least 675/900 for the Core 1 and 700/900 for the Core 2 to pass.

CompTIA recommends 9 to 12 months hands-on experience in the lab or field for this exam.

How did I prepared?

For this exam, I used :

  • The CompTIA A+ Study Guide from SYBEX.
  • The Mike Meyers’ videos on Udemy.
  • ThePractice exams from Boson ExSim-Max.
  • The Practice tests from ABC E-Learning on Android.

I’ve learned a lot on my way through the CompTIA A+. And during the exams, questions were pretty straight forward. It took me about 40 min to going through.

I’ve spent 15 days to pass the Core 1 and 15 days to pass the Core 2. (I’ve treated each one independently)

What’s my Roadmap?

With the knowledge bringing by the CompTIA A+, I’m working on one hand on the CompTIA Network+ and Security+, and on the other hand on the eJPT from eLearnSecurity (Junior Pentester Certification).