A few weeks ago I signed up for eLearnsecurity’s(eLS) Penetration Testing Student(PTP) course along with vouchers for the eLS Junior Penetration Tester(eJTP) certification exam. This was all due to the overwhelmingly positive responses I was seeing throughout the security community surrounding the eLS certs.
But could the training and certification experience be THAT good? I liked what I was hearing about it and the ‘Elite’ package for eJPT was only $500 for a practical pentesting certification with dedicated labs, 3 retake vouchers, etc; how could I say no?
Well, I’ve since completed the PTS course and passed the eJPT exam and I have to say, this was the most fun I’ve had studying for and taking a certification exam! If you’re looking to begin your journey into ethical hacking/penetration testing, then I would HIGHLY recommend the eJPT.
That being said, I have been asked about this training and exam more than any other, so I figured I’d address some frequently asked questions.
“What are the questions like on the exam?”
This is a question I asked myself before starting the exam. I knew that there were going to be 20 questions, but I wasn’t sure how they were going to be incorporated into a “practical” exam.
The good news was, for me, the questions were what made me love this exam so much. They made it like a digital scavenger hunt for hackers. Now don’t take that to mean this was like a CTF. There were no crazy logic puzzles, unrealistic stego challenges, or any of the other many ‘tricks’ you see in CTFs. Let me be clear this is an exam, not a game. But it was still fun because it was testing me by asking questions that could only be answered by someone with ‘inside’ knowledge of the network. I think the point of this exam is to test you on the material covered in the course and your ability to apply it and NOT to try to trick you or give you an exam that’s testing you on how well you take a test.
Around 5 hours into the exam, I had accrued enough points to pass, but there were a couple of items that I hadn’t figured out yet, so I just stayed in because it was fun to try and figure it out.
That leads us to the next question I heard a lot…time.
“How did you manage the time?”
These ‘time’ questions popped up a bit, so let me address that real quick. I think that if you feel ready for the exam, that is that you understand the material in the courseware and can complete the exercises, then the 72hrs they give you shouldn’t be an issue. In fact, after about an hour into the exam, I realized that eLS removed the time pressure from me by giving me so much of it! This allowed me to relax and really take my time.
Now does that mean that no one will ever need that much time? I wouldn’t say that, and it’s totally OK if you do. That doesn’t mean you’re not a good pentester or anything like that. To me, it just means that eLS tries to make sure you have enough time to be successful.
“I’m new to programming. How much programming was required in the exam?”
I understand why this question came up. The courseware has a Programming section which is a primer for C++, Python, and Bash and could be taken to mean that you’d be tested on programming. Hopefully, I can clear this up a bit for you.
You do not NEED to know any programming PER-SE to be successful on the eJPT.
I used a lot of programming in my exam.
eLS doesn’t restrict you in your exam methodology, tools, tactics, etc. This means you can build and use your tools if you like; and I did. I tend to forget to do tertiary tasks or to get sucked into going down rabbit-trails. To avoid making these missteps, I created my own automation tool for scanning and enumeration, so I would be more efficient and effective during that phase of my test. This wasn’t REQUIRED to pass the exam, but it sure helped me a lot.
My opinion is that programming is a very useful skill for just about any IT vertical, and especially so for ethical hacking; not absolutely NECESSARY, but very useful indeed. This being said, I’m really happy to see that eLS added it as a part of their PTS course and it was really well done.
Well, there you have it. I highly recommend this certification if you’re looking to get into Penetration Testing/Ethical Hacking as it really does a phenomenal job of exposing you to the kind of skills you’ll need to be effective in that space.
If you’re looking for supplemental training, you should check out my “Hands-On Hacking” series where I’ll show you how to practically utilize your pentesting skills against vulnerable systems to help you build an effective hacking methodology.