eLearnSecurity Junior Penetration Tester Review
Introduction
The eLearnSecurity Junior Penetration Tester (eJPT) penetration testing practical certification provided by eLearnSecurity, a cyber security company that develops cyber security courses that are delivered electronically and that allow students to obtain corresponding certifications.
I decided to sign up for this certification a couple of years before obtaining my OSCP certification as a lot of people recommended this course as a start.
The Course
The course material includes both slides and videos that walk you through various penetration testing techniques included in the course that you will be able to practice in the labs. The main difference between this kind of course and the OSCP is that everything you will find in the exam is taught in the course, so although there is no hand-holding for the student, there are no surprises either.
These are the main areas covered in the course material:
- TCP/IP
- IP routing
- LAN protocols and devices
- HTTP and web technologies
- Essential penetration testing processes and methodologies
- Basic vulnerability assessment of networks
- Basic vulnerability assessment of web applications
- Exploitation with Metasploit
- Simple web application manual exploitation
- Basic information gathering and reconnaissance
- Simple scanning and profiling the target
I found the material easy to follow and very thorough. Make sure you take plenty of notes, especially if it’s the first time you use some of these techniques.
The Labs
The course provides you with virtual labs that you can connect to via a VPN connection to practice your skills, similar to what you would find on Virtual Hacking Labs, Proving Grounds and so on.
The labs were really useful to practice what you learned in the course material, as they had exercises that covered pretty much all of the areas covered in the slides and videos.
Your approach in the labs shouldn’t be like in Hack the Box and other CTF platforms, you should try to learn all of the concepts involved in the penetration testing process and find as many vulnerabilities as you can.
The Exam
The certification exam has 20 multiple-choice questions which will test your ability exploiting machines or finding certain pieces of information in the exam environment, you need to answer at least 15 correctly to pass. I really liked this structure of exam, as the questions are enough to test your skills and this way they don’t need anyone to manually review your report and your results can be issued almost immediately.
You have 72 hours available to complete your exam and if you followed the course material and did your homework this should be plenty of time. Make sure to follow a methodology and enumerate everything you can.
When you start your exam, you will be provided with files you will need during the exam and a letter of engagement. Make sure to read this a couple of times as it contains useful information about your exam.
Pros
- At $299 USD (at the time when I bought it) it is very affordable. There are different plans that include certain features but I would recommend getting the full plan, which included 30 hours of lab time, the course material, one exam voucher and one retake voucher.
- A certificate is issued to you which you can display on your resume or Linkedin profile.
- A dedicated lab environment that is not shared with others.
- It teaches a lot of networking and security fundamental concepts.
- There is a student forum available where you can discuss the course or the lab with other students.
- A handy “Training Paths” can be found in the members area that suggests the next certifications to go for after achieving the eJPT.
Cons
- Some of the lab machines were somewhat outdated and/or some attacks did not work due to issues in Kali and its repositories.
- Some of the tools or techniques shown in the course material, at the time when I signed up for it, were outdated.
- No badge available on Acclaim, unlike most other learning platforms.
- This certification (and other eLearn security ones) still isn’t very well known in the industry so it won’t look as shiny as say OSCP on your resume, but if you are more interested in learning, this will be great for you.
My Exam
I was able to complete my exam in about 5 hours, I took plenty of breaks in between and moved to something else when I was stuck, so not to fall in a rabbit hole. I answered 18 of the questions correctly which was more than enough to pass and after almost immediately I received the email below:
Conclusion
This is definitely a great option when planning to take the OSCP certification exam and starting to prepare for it with little penetration testing experience under your belt.
Although this course won’t cover everything that is required for the OSCP exam it will surely help you get in the right mindset and teach all of the basic concepts of penetration testing.