I am pleased to announce that I finally ‘put up or shut-up’ and passed the eJPT exam! Presently I am a holder of the SSCP, CySA+, and now eJPT - and this by far is the certification that I care most about - it was hands on, and it gives me a sense of ‘being legitimate’ … I’ve done plenty of CTF’s at intermediate/beginner levels, but none of those come close to the sense of pride I got when I completed this exam. This felt more realistic whereas CTF’s where over simplified.
REMEMBER: THIS IS NOT A CTF! I STRUGGLED BIG TIME AT FIRST TRYING TO TREAT IT LIKE ONE.
If I had to be honest, I do not think the eJPT coursework was enough to prepare for this exam – BUT – This isn’t a drag on eLearnSecurity; the training and information was INCREDIBLE AND WELL WORTH THE MONEY (I got the course back in September before it was free, but didn’t officially study until end of March, 2021), but the biggest factor to success was the ability to grind through it… I struggled the most with this exam because I spun up a fresh Kali box just 2 weeks ago when I started doing labs, and a lot of the labs/content are based on older versions/deprecated commands, so I wasted a lot of time trying to do things accordingly before I browsed the PTS forums and realized it just wasn’t going to work for me. Additionally, there was a lot of moments where my path/command was correct, but for some reason the output just wasn’t running, and I was too stubborn to quit that it eventually worked and I would discover stuff randomly popping up. Maybe I am dummy (or just sleep deprived & actually doing it wrong, but one machine was a real headache for me with this), I don’t know, but I spent at least half of my exam ( 6 out of ~12 hours) just troubleshooting legacy commands/outputs and repeating them over-and-over until something happened.
Overall, I recommend this course to everyone - even before I certified today - and will continue to recommend.
Now for some tips:
-
You do not need to use every tool that is covered in the course work… Matter of fact, I only really read the Networking module and then I YOLO’D the rest of the exam based on instinct from working with CTF’s prior.
-
While it is easier to use tools recommended in the course, I think you can complete this by doing a bunch of manual/creative trial and error (goes back to me being a dummy / legacy issues / trying way too hard)
-
You have access to lab material during the exam. I recommend having a separate monitor open so you can reference the course work/labs. The commands / methods didn’t copy over exactly (at least for me), but it gave me an idea on where to look next when I hit a wall, and from there I got new ideas.
-
Pivoting really isn’t that bad, do not overthink it. At first I overthought it (for like 20 minutes) but then once I stopped and looked it became crystal clear.
-
If you find that you are not able to get the expected output, trouble shoot and confirm if the issue has to do with deprecated commands/tool versioning.
-
There are plenty of great syntax cheat sheets out there, or I would recommend googling some CTF walk through to get ideas and new methods of attack.
-
You can either overthink it and try to be fancy, or do it the simple way - both will get you to the same destination … I recommend going simple because my overthinking was a b***h.
-
Get a notepad and document everything you do. Thoughts, questions, findings, etc. I had my machine time out a couple times and it was frustrating/I found myself constantly going back and trying to restart because I was missing stuff treating it like a CTF instead of a Penetration Test.
-
Don’t forget that Youtube has a fast forward x2 option. It was annoying to research one little syntax and have someone give their life story before explaining what you came for.
-
Don’t quit. I’m not exactly the most technical person before attempting this (even still), I come from a Compliance background. Just remember to check your findings and research the questions that the exam asks you - if you can correlate all of that together it will open up another avenue for you to go down.
-
You do not need to do all the labs for this exam. The labs & black-box labs are easier IMO (and for some, they think the test was easier than the labs), but that goes back to me being a dummy and trying harder than I should’ve.
Please feel free to comment if there are any questions/tips you would like - I’ll share what I can within reason. If you look up my forum history, just the other day I was posting about being a dummy with Burp, so don’t stress 
. You’re going to hit a wall, but that is the fun with ethical hacking/penetration testing…
P.S - if there are some senior members reading this; any input on where I should go next? WebApp or should I do the PTP?
Original post by smithnr12321
thanks a lot for the valuable information.
Original reply by chamindarr