eJPTv2 Certification Review

I listed it as v2 because it was officially announced as a version two of the original eJPT(Version two is a dynamic exam).

For a full description of the exam: https://security.ine.com/certifications/ejpt-certification/

https://certs.ine.com/d9f0246e-5ab4-4b69-8d1a-f6d7b752ede0#gs.799sv5

Training Material and Preparation

I have always wanted to purchase and take the eJPT because i've always heard it was a good introduction to the fundamentals of penetration testing.

But before even purchasing the eJPT course material that comes with an exam voucher and a free retake, i decided to complete the Jr Penetration Tester Path on TryHackMe that taught me about:

• Pentesting Fundamentals

• Web Hacking and Burp Suite (not as important for this exam, but still great content!)

• Nmap

• Vulnerability Research / Vulnerability Assessment

• Metasploit

• Privilege Escalation

  • Windows and Linux Priv Esc

I already had the fundamentals of Networking and Web Applications from course work at my Uni, but to anyone who is just getting started, i highly recommend doing these:

• TryHackMe's Pre Security path

• TryHackMe's Complete Beginner path

• Hack The Box Academy's Introduction to Networking module

• Hack The Box Academy's Introduction to Web Application module

Note: Any other modules from Hack The Box academy would be a bit too much for this exam, i'm not saying to not do them, they're AMAZING, i am currently going through them myself to prep for the PNPT and OSCP, i'm just saying that for the difficulty of this exam it's not necessary.

But after getting the fundamentals down, i purchased access to the eJPTv2 course material for 3 months (which comes with an exam voucher and free retake) around January 24, 2023 for $250.

As a student, i would try and complete a certain percentage of the course material before a certain date to make sure i completed the course material before my 3 months were over. The 3 months ended on April 24, 2023 and i took the 48 hour exam on April 20, 2023.

Other than the modules i mentioned above, i would say the course material is all you need to pass the exam, doing TryHackMe easy/medium boxes do help in building your methodology, but in my case i didn't do any.

Exam Day

I started the exam at around 10:00 pm Thursday April 20, 2023 and ended the exam at around 5:00pm Saturday April 22, 2023.

Once i started the exam i was met with the dynamic portion of the exam, which are questions that i would have to answer based on the exam environment. A Kali linux web based box/instance is also booted up for your usage, and all the wordlists and tools you need are on there.

The first few hours consisted of just enumeration, if i got something on one box i would try to go as far as i can in terms of exploitation/post exploitation, and if i got stuck i would move onto the next box.

Thursday April 20, 2023

• 10:00pm Exam Start

• 10:00pm - 3:00am Host Enumeration and Footprinting

  • Occasional 10-15 minute breaks in between

  • walk around, stretch / , drink some water, get some fresh air( i know it's midnight lol, i just opened my bedroom window), crank up some of your favorite beats 🎶

Friday April 21, 2023

• 3:00am - 8:00am Initial Access on most of the machines

  • 10-15 minute breaks in between

  • 30 minute naps with alarm clocks

• 8:30 am - 2:00pm Sleep

• At this point i had answered a majority of the questions, so i just decided to not look at the exam and get some rest.

Saturday April 22, 2023

Being the last day i just focused on post exploitation, pivoting, and PrivEsc where needed in order to answer the last 3-4 questions.

• 10:00am-5:00pm Final Stretch

  • Occasional 10-15 minute breaks

• 5:00pm Exam Submission

• PASSED ! 🎊

Tips and Tricks

1. Get your methodology down

Scanning and Enumeration, Vulnerability Assessment, Initial Access/Exploitation, PrivEsc, Post Exploitation, Persistence and Pivoting

Note: The questions on the exam really do hint at what you are supposed to look for, so take advantage of that.

• What hosts are live in the network?

• What ports are open on them?

• Footprinting, what can i possibly do with this service?

  • What information can i pull from it

  • How can i abuse its functionality to do X....

    • Rev shell?(revshell.com, msfvenom)

  • Vulnerable web app version/service version(searchsploit, github exploits, metasploit module?)

    • exploit usage?, change hardcoded IPs?, metasploit module usage/options?

  • Directory bruteforcing?

  • Service bruteforcing?

• We got creds, what can we do with them?

• Initial Access enumeration, environmental awareness(whoami, ifconfig, netstat)

• PrivEsc vectors, automated privesc enumeration scripts

• Establish persistence

• Can we pivot?

1. Take breaks

• Drink plenty of water(or just have some snacks)

• Stretch, walk outside, touch grass

• Talk to someone, family , friends, etc.

• Take bathroom breaks

• Take long breaks, like 5-10 hour breaks to refresh your mind, sometimes overthinking can get in the way of something that is right in front of your eyes

1. Take notes and refer to course notes

• I personally used one markdown file for each IP and before i was planning on taking a break i would save my notes to my private git repo

git add ./
git commit -m "new"
git push -u origin main

• If you get stuck , refer back to the notes you took on the course, did i try this? or did i forget to do this?

• I also used tmux to switch between each IP and the browser exam environment

CTRL + B C (add a new pane)

CTRL + B , (rename pane)

CTRL + B . ( to move pane)

• Each markdown file was structured like this:

IP(BOX_NAME) == PWNED

OS:

CREDS:

NMAP SCAN RESULTS:

Footprinting

port #/tcp(Service Version)

port #/tcp(Service Version)

Initial Access/Exploitation

PrivEsc

Post Exploitation