Open in app

Sign in

Write

Sign in

The eJPT Success story: How I passed it (with BONUS Resources!)

Noel Varghese
5 min readSep 22, 2021

--

Well, hello there,

This article has been a long time in the making and now since I have been officially certified, it’s time to let the cat out of the bag.

In this script, I will be discussing my strategies, notes, and tips for any aspiring pentester to consider and keep in mind, before taking on the eJPT exam.

Into the pen testing world

My first few gigs at understanding the methodology of pentesting were to jump headfirst into it. Knowing the lifecycle of pen testing, in theory, was not going to help me, in performing hands-on exercises.

Duration of study — 3 months

My first foray into it was at VulnHub, where I started solving boxes, admittedly with the help of walkthroughs. Solving boxes over 3 months and understanding the techniques behind them were fundamental to my success. IT’S PERFECTLY OKAY to hit a brick wall, in a box, where you cant figure your way out. Persistence and the hunger to learn more are key.

The reason I chose VulnHub over HTB was that the boxes provided there are more beginner-friendly, where boxes are a tad bit easier. You can just download them and install them on your VMware or Oracle VirtualBox and is not unlike HTB, where you have 5 boxes to solve every week (KIND OF LIMITING, IS’NT IT?)

Now, I am not bashing TryHackMe in any way, but I don't like the feel of answering questions and stuff. You are supposed to explore when given a box to pentest and not jump from one question onto the other. Everyone is entitled to their own opinion.

What do you require, in your armory to pass the exam?

  • Python knowledge — To tweak exploits and to understand how an exploit works, to compromise a vulnerability
  • Port Knowledge-How basic ports like telnet, FTP, SMTP, etc work.
  • Hunger to play around with tools — Don't just limit yourself to Nmap (basic reconnaissance) or WPScan (exploits related to WordPress, Joomla, etc) all the time. Try experimenting with Nessus and Droopescan. Learn how to use the switches, to work with the tool.
  • Routing — Very IMPORTANT to know. It might take a few tries to get the hang of it, but with lab practice, it is perfectly doable.

Most importantly — PERSISTENCE

All good things take time, no one is born a natural pen tester,who knows everything

The holy trifecta

RESOURCES USED FOR THE EXAM:-

  • INE’S PTS Course pathway — A collective pathway of 3 courses, it is the main resource where you can learn all that you need to pass the exam. Link to course.

To further supplement your learning:-

  • Cybrary’s Offensive Pentesting Course — Great intro course to pentesting.Includes both hands-on and less theory that you need to know
  • TCM Security’s Practical Ethical Hacking course — On sale for a low price every year, the instructor Heath Adams teaches the course content wonderfully in such a way that by the end of the course, you feel all pumped up to practice all of the cool tips that you have learned, hands-on!
  • A very great resource — YOUR MISTAKES and noting down the new techniques that you recently learned from looking up a box’s writeups.
  • Microsoft’s trusty old Notepad (or any note taker app) and Screenshots— A great utility to keep your notes and tips, on the ready, for consulting anytime. Screenshots go a long way to remember a command vividly in your mind

A few tips to keep in mind:-

(P.S — Though the eJPT may be a basic cert, the following tips apply to all major pentesting certifications in general)

I keep reiterating this — TRUST ME, IT’S PERFECTLY OKAY to not know your way after being stuck in a box. What do you do then?

  • TRY IT YOURSELF — Try techniques in your notes, that can help you out of your problem hole. Stupid or intelligent, any idea, is welcome
  • Give yourself a maximum limit of 2 hours to come up with a solution to move further. If you aren't sure or don’t know how to proceed, then you get the green light to consult that box’s writeup.
  • I say this because, on a real-world pentest assignment, no one is going to guide you, to do your job. Problem-solving is a part of the job and trust yourself to come up with a solution.

For example, it’s just a matter of missing a few switches in your command, that can cause you to miss an important vulnerability, that can help you take control over the box.

  • Do not feel overwhelmed with the amount of knowledge that you consume. If you find it hard to remember, jot it down.
  • Never feel frustrated. KEEP TRUST IN YOURSELF

Strategies to consider while taking the exam:-

  • Relax, you've got 3 days to make or break the exam. Take your time to penetrate deeper into the machines given to you to root, as reconnaissance is a key tool to pass the exam
  • Take notes and screenshots. Revert to them, when you are stuck, to figure out a leeway.
  • In case anything goes wrong, you have the option to reset your lab environment. This is a good move from INE.No tensions whatsoever for the test taker
  • Eliminate your MCQ options
  • Use Metasploit, if online exploits don't work. You are free to do so

Now, we step into the fun part — The resource giveaway section

Thank you for making it to the end of this article. If you do require to validate the authenticity of my eJPT certificate, you can always hop onto my LinkedIn profile to verify the same

Connect with me on LinkedIn — https://www.linkedin.com/in/noel-varghese

Until then, I am off to explore pastures anew…

Ejpt Exam Guide
Ejpt

--

--

Noel Varghese
Noel Varghese

Written by Noel Varghese

108 Followers
2 Following

Threat Researcher at CloudSEK Security+ | eJPT | Connect with me on LinkedIn — https://www.linkedin.com/in/noel--varghese

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams