100% practical…

As my first Offsec certification, I’ve choose the eJPT (as planned). At the beginning, I’ve would like to use this one as a preparation for the OSCP (Offensive Security Certified Professional) as it seems to be the “Saint-Graal” in the Pentesting certification environment.

What is the eJPT?

The eLearnSecurity Junior Penetration Tester (eJPT) is a 100% practical certification on penetration testing and information security essentials. By passing the exam, a cyber security professional proves to employers they are ready for a rewarding new career.

from https://elearnsecurity.com/product/ejpt-certification/

According to eLS, by obtaining the eJPT, your skills in the following areas will be assessed and certified:

  • TCP/IP
  • IP routing
  • LAN protocols and devices
  • HTTP and web technologies
  • Essential penetration testing processes and methodologies
  • Basic vulnerability assessment of networks
  • Basic vulnerability assessment of web applications
  • Exploitation with Metasploit
  • Simple web application manual exploitation
  • Basic information gathering and reconnaissance
  • Simple scanning and profiling the target

How did I prepared?

For this exam, I used :

Useful resources :

The exam…

So, this exam was a very good experience for me. Like a real pentesters mission, they give us a Letter of Engagement which contain our scope and the exam objectives and you have 72h to complete it.

As I encountered some difficulties, I did it in 31h. I engrave it here as a keepsake :

  • I’ve spent 7h20 to understand what was expected on the routing phase…
  • Metasploit was fixed the day I took my exam and msfconsole/msfvenom couldn’t start anymore. So I didn’t use it…
  • But I eventually needed to modify the repository to handle and bypass errors when starting msfvenom.

Now what?

Today, after few month of exposure, looking for each certification pertinence on my resume regarding what knowledge is assessed, my opinion is to pursued with the eWPT (Web-App Pentester) and the eCPPT (Certified Professional Pentester) from eLearnSecurity. My opinion is that the eLearnSecurity certifications are largely undervalued today compared to the OSCP even if their popularity is growing rapidly. The OSCP benefits from this magic aura on the resume, while the knowledge assessed is very similar.

Leave a Reply

Your email address will not be published. Required fields are marked *