easteregg Leprechaun
  • Patrick Collins
    • Home
    • Blog
      • eJPTv1 Certification
      • Conferences
      • Blog Home
    • Travel Photos
    • Notes
    • Graduation!
    • Projects and University Work
      • Honours Project
      • Web App Pen Test
      • All projects
    • Socials
    • About Me

    eJPTv1 Certification - My Experience & Journey

    First off, I just want to say that I know this post is probably a little too in-depth about my experience with eJPTv1. I just want to give as much detail to someone who wants to take the eJPTv1, fresh with little knowledge of this certification. Such as myself when I chose to get the cert.

      Table Of Contents

    • Previous Knowledge Before My eJPTv1 Journey
    • INE's Penetration Testing Student (PTS) Course
    • eJPTv1 Exam
      • Some Info That'll Ease Your Worries
      • Tools I Used For The Exam
      • Taking The Exam
    • Advice
    • My eJPTv1 Certificate
    eJPTv1 logo

    Previous Knowledge Before My eJPTv1 Journey


    To give you an idea of my level of knowledge/skills going into the exam...

    • I was a fourth year student studying Ethical Hacking so I had:
      • Networking/Routing knowledge.
      • Knowledge and skills of basic network & web app Penetration Testing.
      • Used almost all of the tools advised for the eJPTv1 exam (see Tools I Used For The Exam).
      • Knowledge of C++ and Python programming languages.
    • Been on TryHackMe daily for a year at top 1% rank.
    • This was my first cyber security certificate I've attempted to achieve.

    INE's Penetration Testing Student (PTS) Course


    Despite my previous knowledge, I decided to take the Penetration Testing Student course from INE which I'm glad I did. You can always learn something new and improve. The PTS course highlighted a few areas I was weak in and taught me some really cool stuff. For example, I didn't know how to get backdoors working on machines or using sqlmap manually (selecting which data to retrieve, which really helps save time).

    I made my own notes when going through the course which proved invaluable come exam day. I advise you to do the same as it'll cement your understanding and knowledge of the concepts being taught. It's also handy having all your notes being easily accessible to help you out when you get stuck. I'd highly recommend going through PTS. It's a very well layed out, comprehensive course that fully prepares you for the eJPTv1 exam.

    I briefly skimmed over the slides/videos for what I already knew and used the labs as refreshers. The black box labs were also significantly harder than the actual eJPTv1 exam so keep that in mind when you get to the end of the course. It definitely threw me off and had me a little concerned that the level of difficulty jumped tenfold. The labs after each topic is a better measure for how the exam actually is. Be confident in your abilities and take the exam.

    eJPTv1 Exam


    Some Info That'll Ease Your Worries

    Free resit! A big motivator for me taking this certification was that you are given one (1) free resit if you happen to fail the exam. This helped me not panic during the exam as I had that security blanket if I ended up failing. It also made me confident paying the amount for the certificate voucher.

    Programming is not required for the exam! If you are worried that the exam will have a programming aspect you'll be pleased to hear that the eJPTv1 exam doesn't test your programming knowledge at all. Although programming is one of paths in the PTS, it is not required to pass the eJPTv1 exam. However, it's still very important to know programming. As eventually you'll be having to read and understand exploit code, modifying exploit scripts or even creating your own down the line. You can focus on your programming knowledge later as it's not needed for the exam. So due to this and as I knew C++ and Python I honestly skipped this entire path.

    Multiple choice! The exam, while fully practical, is graded based on your answers to 20 multiple choice questions. So, the pass mark is answering 15/20 or 75% of the questions correctly. You're aiming for that 15 mark to pass the exam. It's easily graded but you will still need to conduct the penetration test to confidently select out of the options. Or you could just wing it.

    Open book & not proctored! When doing the exam you don't have to worry about a looming shadow watching your every move. You're free to sit back doing the exam as you wish and use Google/your own notes.

    It's a pretty easy exam! This is due to eJPTv1 being an entry-level cyber security certificate. Mine and a lot of other's thoughts who have taken this exam is that the eJPTv1 is a pretty easy but challenging certificate. It's no walk in the park and you will have to use all what you've learned to pass. However, it's not so hard to make you want to pull your hair out in frustration.

    Tools I Used For The Exam

    Operating System:

    • Kali Linux 2021.3

    Enumeration/Mapping:

    • nmap, fping, enum4linux, dirbuster, gobuster, smbclient, Burp Suite.

    Password Cracking:

    • John The Ripper

    Exploitation:

    • Metasploit, hydra, sqlmap, xsser.

    XSS polygots (one liners) & cheatsheets:

    • portswigger.net/web-security/cross-site-scripting/cheat-sheet#polyglot-payload-1
    • https://guides.codepath.com/websecurity/Cross-Site-Scripting#xss-using-an-html-attribute
    • https://cheatsheetseries.owasp.org/cheatsheets/XSS_Filter_Evasion_Cheat_Sheet.html

    Taking The Exam

    You need to set up your own machine to take the exam. Unlike on the PTS labs where a machine is set up to use, instead you get an openvpn configuration file to connect to your exam. So spend some time first getting all the tools you need to sit the exam. I spent some time making sure all tools were installed & updated with all my notes copied over. Finally, I went to get some mini gingerbread men 😋. I was then totally prepared to sit the exam.

    Once you purchase the certificate you may start it anytime from the certificate portal and before the voucher expires. I got ready to sit the exam on Sunday 4th of September. I started the exam at 3pm and was given a Wireshark pcap file, a letter of engagement, password & user list, and my openvpn configuration file. After carefully reading the letter, I started off with my penetration test looking at the pcap file trying to understand the network. Then I began my Enumeration. To be honest I had a very rough start. You can get lost in a rabbit hole with your thoughts if you're not careful. This is why it's best to not overthink and take a step back when you get stuck. After doing this, I made a breakthrough in the network and from then on I never had any major issues. It was smooth sailing to finding all those answers.

    I got 12 questions answered within 9 hours. The next half of my penetration test wasn't hard. It was just time consuming. I let a tool run and went to sleep, hoping for it to be done by the time I woke up. The tool finally finished when I woke up and I was able to complete another question. At this point all I needed was two answers to pass the exam.

    After double checking my findings I was fairly confident I'd answered another 2 questions correctly. 15! I knew I'd passed and did a mini celebration. I had fully compromised the entire network leaving no stone unturned. The last five were basic questions. However, for two of them I wasn't 100% confident with my answer. I took a look at the time and it was approaching 3pm with all 20 questions being answered.

    It was a strange feeling being finally finished. I had spent 24 hours straight on a penetration test so it did feel a bit weird to stop. I was incredibly hesitant on submitting my exam. I reminded myself that I was 100% confident with 18 questions and just to do it. With three packs of gingerbread men down and all 20 questions answered, I hit submit and got 19/20! 95%! Along with a lovely congratulations message.

    eJPTv1 logo

    It took me exactly 24 hours to answer all 20 questions which I thought was pretty funny to hit one full day. I finished the exam at 3pm Monday 5th September passing first time. Successfully obtaining my first cyber security certificate felt amazing. It helped prove my abilities to myself and made me even more confident in them.

    Advice

    Well that's it. My experience taking the eJPTv1. Thank you for reading! I hope this has helped and gave you some insight into this certification. Just a few final bits of advice:

    • Check the SMB configuration. Double check your set up that you're going to take the exam on can connect to shares. I ran into SMB errors and it could've impacted my exam. If you run into SMB errors as well try and troubleshoot. Adding those two lines to my configuration solved my error.
    • Sometimes the solution is the easiest path. Don't overthink or overcomplicate your process.
    • Enumerate. And If you get stuck go over your findings and enumerate some more.
    • Trust yourself during the penetration test. You got this.
    • Breaks! Make sure to take plenty of breaks to refresh your mind. Go do something to take your mind off the exam. I found I got a solution to a problem as soon as I came back from a break.
    • Enjoy the cert and have fun. It's an experience.
    • Submit the exam when all 20 questions have been answered. Even if you're not 100% sure with all of them. Remember you've got nothing to lose and everything to gain.

    If you are taking this exam yourself soon...may the luck of the Irish be with you.


    Patrick Collins' eJPTv1 Certificate
    • «
    • 1
    • 2
    • 3
    • »
    Copyright © 2022-2025 Patrick Collins
    Contact Me: Contact@paddylonglegs.site
    Background created by freepik