eJPT Review [ENGLISH]

I recently took the exam to obtain the eJPT. The journey of preparation and taking the test culminated in earning this certification, and I want to share my experience with you.

Disclaimer: This version of the post is written in English, but Spanish is my native language. There may be grammatical errors. I apologize in advance for any mistakes. You can find the original version in Spanish here.

What is the eJPT?

Introduction to the Certification

The eJPT or "Junior Penetration Tester," is a certification developed by INE. As its name suggests, it is a 100% practical, entry-level certification for those starting in the field of pentesting. Being an entry-level certification, its content focuses on the minimum necessary to conduct a thorough pentesting process.

However, just because its content is labeled as "basic" or "entry-level", it doesn't mean that anyone can take it and pass easily. It requires robust knowledge in several areas and the ability to develop a successful pentesting methodology.

Exam Format and Scope

To pass the exam and obtain your eJPT certificate, you must complete a 35-question multiple-choice exam, where the overall required score to pass is 70%. You are free to choose how and in what order to answer the questions during the exam.

The scope of the eJPT certification involves performing a "Black Box" penetration test on the hosts, web applications, and networks of an organization called Syntex Dynamics. Specifically, you will need to assess the DMZ network you will initially connect to and any other internal network you can reach. Initially, you will connect to the DMZ network, which contains servers and web applications susceptible to brute-force attacks and vulnerability exploitation. A crucial part of this certification is identifying internal networks, pivoting into them, identifying hosts within these networks, and gaining access to these new systems.

Remember that both the quiz and the exam lab environment will be accessible simultaneously throughout the entire exam period (48 hours).

My Experience

Preparation and Previous Knowledge

Preparation for the certification is essential to ensure success, and each of us has unique methods for learning and internalizing knowledge. I'll share my study methods, but keep in mind that you should adapt them according to your learning style. In my case, when I took the certification, I already had a year of experience working as a Pentester/Ethical Hacker, with a primary focus on Web Applications and APIs. Additionally, my cybersecurity journey began in a Blue Team, where I accumulated four years of experience in defensive cybersecurity. With that said, let’s dive into how the preparation went...

When purchasing the voucher for the certification, it included 3 months of access to the Penetration Testing Student Learning Path. In my case, I used this study plan as the main foundation of my preparation for the eJPT, later supplementing it with various videos and articles created by the community who had taken this certification.

Penetration Testing Student Learning Path

The approach I used to tackle the curriculum provided by INE Securiy was as follows:

1. Watch the lesson video and take notes (I took my notes using Notion).

2. Complete the quiz for each lesson.

3. Perform the lab associated with the lesson. At this point, I documented each action taken in the lab, creating a sort of walkthrough with the respective evidence.

This allowed me to create a kind of Notebook, which I later printed and used to review each of the topics covered by the path.

Notion Notes Structure

For me, it was important not only to focus on the theoretical content of the video but also to include and document absolutely all the actions and commands used during the labs.

Example Note: This one covers the topic 'Post-Exploitation on Windows.'

After completing the Penetration Testing Student Learning path, and in line with my learning style, I proceeded to study my notes and create a "summary" of them. I condensed more than 250 pages of content into about 40 pages, focusing mainly on the commands and tools used during a penetration test. In other words, I built my Super eJPT Cheat Sheet. While it's quite comprehensive, I’d say I only used about 10% of its content during the certification, but I believe it will be very useful in my day-to-day work 😅.

Here are some excerpts from my 'Cheat Sheet' as examples for you to base yourself on:

Summary: Specific port reconnaissance.

Summary: Privilege escalation in Linux.

Summary: Creating payloads with 'msfvenom'.

Summary: Using the 'SQLmap' tool.

The creation of this eJPT Cheat Sheet was, by far, the strongest point of my preparation for the certification. Especially because during the certification, it was the reference I could turn to whenever I felt stuck.

Additional Resources

Below, I present the list of additional resources I used to enhance my knowledge level and refine the methodology used in facing the certification:

1. Other experiences:

   1. eJPT Journey. My Experience | by M Noman Khalid

   2. 🎓 Mi EXPERIENCIA con la CERTIFICACIÓN eJPTv2 | Tips y CONSEJOS para PREPARARSE | by El Pingüino de Mario

   3. 🥇Mi EXPERIENCIA con el eJPTv2 2024 ⇒ TODO lo que necesitas saber (Recurso de examen + Cheatsheet) | by RINKU

2. eJPT simulations (very useful for a final review):

   1. Simulación de Examen CEH o EJPTv2 - Laboratorio de Máquinas Virtuales | by Cryproot

   2. SIMULACION DEL EXAMEN EJPT - PREPARACION PARA LA CERTIFICACIÓN | by Zunder

   3. 🧪Laboratorio de preparación eJPTv2 | Simulación de examen | by xerosec (A real💎 don't skip this video)

3. Other resources:

   1. eJPTv2 Notes | by PakCyberbot

   2. 👉 Cómo Hacer PIVOTING con METASPLOIT en Entornos WINDOWS - Preparación eJPTv2 | by El Pingüino de Mario

   3. Pivoting con Metasploit: route, portfwd y portproxy | by Adrián Lois

   4. Dockerlabs (Excellent site with downloadable machines to set up your own lab)

As you will see later on, many of these resources served as the foundation for building and refining the methodology I will show you in the following sections.

Methodology and Strategy Used

A fundamental aspect for success in the eJPT certification, and in Offensive Security in general, is the ability to take notes and gather evidence clearly, orderly, and concisely. In my case, I built my approach around the following pillars:

• Note-taking template: I used Notion as the primary platform to organize and record my general/specific notes for each machine. Creating summary tables allowed me to maintain an overview of the scenario.

• Network diagram template: I used draw.io to create a detailed network diagram of the environment proposed by the certification. This allowed me to visualize the network architecture clearly and understand the interactions between the machines.

This methodology enabled me to maintain a detailed and systematic record of my progress during the certification, ensuring that each step and discovery was properly documented. Next, we'll explore each of these templates, and I'll also provide a link to them so you can use them in your certification.

'Notes' Template

This template is divided into two main sections: the General section and the Specific section for each machine.

In the 'General' section, the focus is on obtaining an overview of the scenario, including initial evidence of host discovery. It also includes a summary table for a clear and quick visualization of the scenario.

Notes Template. 'General' Section.

Here's an example (not necessarily reflecting findings during certification) of how you could use the summary table:

Example of Template Use.

As you can see, the use of color labels makes it easier to visually group machines quickly. It's important to label each machine with key systems and services to identify them quickly. Subsequently, each discovered machine will have its own 'Specific' section, which is much more detailed. This section comprehensively documents everything detected on each machine.

Notes Template. 'Specific' Section.

In the 'Specific' section, we'll have space for the following sections and subsections:

• Notes: Use this section to summarize key points about the machine, including reconnaissance, exploitation method, and relevant information found.

• Reconnaissance: Document everything related to the machine's reconnaissance here: operating system, server name, enumeration of open ports and their corresponding services (including vulnerabilities in these services), found credentials, etc.

• Exploitation: Detail the process used to gain access to the machine. Document and provide evidence of this process to replicate it quickly in case of access loss.

• Post-Exploitation: This section details the enumeration conducted once access to the machine is obtained. Focus on enumerating system information, users, groups, processes, network, etc.

• Questions: Use this section to note down any questions asked about the machine. It's useful to ensure you gather all requested information without forgetting anything.

Below is the link to the 'Notes' Template:

eJPT Notes [TEMPLATE] | Notioncherry-moth-dc5 on Notion

'Network Diagram' Template

Besides the previous template, the Network Diagram will be crucial for getting an overall view of the scenario. Avoid filling it with too many specific details, as those will be recorded in your detailed notes. Instead, focus on capturing a panoramic view of the scenario.

Network Diagram Template.

Below is an example (not necessarily reflecting findings during certification) of how you might use the network diagram:

Example of Template Use.

Below is the link to the 'Network Diagram' Template:

eJPT - Network Diagram [TEMPLATE].drawioGoogle Docs

Emphasize Pivoting

In the eJPT certification, pivoting is crucial because it is a key objective. If you don't master it, you'll find yourself blocked from accessing other machines and answering important exam questions. It's essential to study and master this technique to ensure your path to certification is successful. So, practice pivoting!

Tips

Here is a list of tips that I hope will help you prepare for and execute the eJPT:

1. Stay calm! The time given to complete the certification is more than sufficient. Take active breaks, stay hydrated, eat, and take a walk if you feel stuck. It's not a race against the clock. Sometimes the path is simpler than you think.

   1. If you feel the approach you're using isn't working, maybe it's not the right one and you need to try something else.

2. Review ALL the topics listed in the eJPT content syllabus. Even if you think you completely master one, review it anyway; there's always something new to learn.

3. When enumerating a machine's ports, scan ALL the ports. This might take more time, but you'll ensure you don't miss any important ports.

4. The tools installed on the virtual machine from where you perform the tests are more than sufficient to complete the certification successfully. The eJPT documentation lists all these tools, so I recommend familiarizing yourself with them and learning how to use them.

5. Consider the following wordlists when performing brute-force attacks:

   1. /usr/share/wordlists/rockyou.txt

   2. /usr/share/metasploit-framework/data/wordlists/common_users.txt

   3. /usr/share/metasploit-framework/data/wordlists/unix_users.txt

   4. /usr/share/metasploit-framework/data/wordlists/unix_passwords.txt

   5. /usr/share/dirbuster/directory-list-2.3-[small|medium].txt

6. Enumerate EVERYTHING you can. Don't limit yourself to just answering each machine's questions; treat the exercise as if it were a penetration test in a real organizational network.

7. Document EVERYTHING. Create a folder and save screenshots of everything you run along with their results. This will allow you to review your steps if you missed something.

8. Read both the "Letter of Engagement" and the "Lab Guidelines." The first will provide you with the exam setup, scope, objectives, and recommended tools. The second will provide information on the lab setup and how to interact with the Kali Linux virtual machine from where you'll perform the tests (pay attention to the 'Keyboard Locales' if your keyboard is Spanish-speaking).

9. Trust your knowledge and don't let imposter syndrome affect you. Sometimes it feels like we're never ready because there's always something new to learn. But don't let that stop you! If you studied, you're ready. Trust yourself.

Take the leap and test your skills! The eJPT will not only help you validate your knowledge but also open doors in the pentesting world. As we say in my country... ¡Voh Dale!