eJPT Exam Review!! (Best Entry-level Pentesting Exam?)
My website/blog now live! talkelley3.com
My Channel: / bigbrosecurity
The Certification
According to eLearnSecurity’s website the skills you will be assessed on include
TCP/IP
IP routing
LAN protocols and devices
HTTP and web technologies
Essential penetration testing processes and methodologies
Basic vulnerability assessment of networks
Basic vulnerability assessment of web applications
Exploitation with Metasploit
Simple web application manual exploitation
Basic information gathering and reconnaissance
Simple scanning and profiling the target
While the recommended skills are listed as
Deep understanding of networking concepts
Simple manual web application security assessment and exploitation
Basic vulnerability assessment of networks
Using Metasploit for performing simple attacks
Web application manual exploitation through attack vectors
Ability to perform protocol analysis of a traffic capture
Understanding of information gathering techniques
Understanding of the penetration testing process
This exam has a 3 day long time limit, is entirely remote and non-proctored, which is super nice because you can just leave your desk and return back to it whenever you want. The exam format consists of a 20-question, multiple-choice exam and a multi-network lab. There is also a downloadable .RAR which contains all the information you will need to begin this exam. It contains the assessment-scope for the BlackBox Penetration Test. You’ll also have a .ovpn file which will allow you to remotely connect to the BlackBox environment.
The biggest lesson I learned during this exam, and something I believe every penetration tester needs to learn, is to not let yourself get hyper-focused on compromising one machine, but if after 30 minutes to 1 hour you can’t seem to compromise the machine, take a step back and look at all the information you have for the entire environment, and move on to another machine. Sometimes, it’s even best to just leave, providing you have time left, and go workout or something that is non-computer related to help clear your mind. Oftentimes, when you do this, you’ll have a fresh perspective coming back to said machine which could lead you to exploiting the machine rather quickly compared to if you stayed to try and exploit it during the initial session.
The Course
The courseware in the original one-time-purchase variant is quite good. It consists of instructional videos, courseware slides, in a web and pdf format, and lab environments for almost every core tool or concept provided within the course. These Hera labs are crucial to the success in taking this exam using only the course to pass this certification.
The INE version of training gets you access to their entire library of training, for any certification, for $750 a year. It contains the same training as the original one-time-purchase variant of the course, unless they decide to update it, in which case it can only improve.
My Reccomendations
If you are new to Cyber Security and Ethical Hacking, I believe that this is an amazing first certification to study for and obtain. It will let you gauge how much you like this field, and if it proves to be something you are interested in then I would highly recommend using the rest of your one year subscription to study for and take the eCPPT before moving on to the OSCP or eCPTX exam. This exam is infinitely better than the CEH and I would definitely recommend you take this exam instead unless you need the CEH for the DOD 8570 classification, in which case I would look for an alternative exam like the Pentest+.
4 авг 2024