eJPTv2 : My Honest Review

eJPTv2 : My Honest Review

When it comes to offensive security certifications, the same ones always stand out: CEH, OSCP, Comptia Pentest+ etc. but if there's one that has generated interest during 2022, it's eJPTv2.

I pressed the "Submit Exam" button on Wednesday July 12 and successfully passed my exam. In this article, I'll explain what you need to know and what I thought of the whole thing ๐Ÿ˜

Presentation of the eJPTv2

eLearnSecurity Junior Penetration Tester v2 is the certification that replaced the eJPTv1 a few months ago, as the latter is no longer available. According to INE (the company that acquired eLearnSecurity) eJPTv2 is designed to demonstrate that the student has validated the skills required for the position of Junior Penetration Tester.

The exam

To validate certification, you need to pass a 2-day exam, the goal is to compromise an imaginary company's machines and answer 35 target-related questions within the allotted time and there is no report to send. The student must pass each section with over 70% and receives the result of the exam when you press "submit exam". If the student fails the first attempt, another one is provided for free. So you have the right to fail the exam once. ๐Ÿค—

To take the exam, students can either: take the PTSv2 course (which, unlike PTSv1, is not free), or take it using other resources. For my part, I chose to take Penetration Testing Student v2, and I'll give my opinion on this program later in the article. Before taking the test, you'll need to read the letter of engagement which sets out the context of the test.

The PTSv2

The Penetration Tester Student v2 is HEAVY !

4 sections, 229 videos, 153 quizzes and 121 labs which make up almost 149 hours (theoretical) of learning. It's a monstrous gap between the PTSv1 and the PTSv2, the first version was way lighter.

The 4 sections are covered by Alexis Ahmad (Hackersploit on Youtube) and Josh Mason :

  • 1 : Assessment Methodologies (Mostly Josh)

  • 2 : Host & Networking Auditing (Only Josh)

  • 3 : Host & Network Penetration Testing (Only Alexis)

  • 4 : Web Application Penetration Testing (Only Josh)

As I said earlier, the PTS is not free anymore, INE has plans divided into "Fundamentals Subscriptions" :

And the "Premium Subscriptions" :

(If you want the PTSv2 don't take a premium subscription, this is pointless in this case)

My Background

The eJPTv2 is my first certification. My experience in offensive security before the eJPT was like a lot of wannabe pentesters : I was just a CTF player with no "guideline". I was often confronted with the typical case of "What do I do now ? ๐Ÿคจ" during a CTF, especially after gaining an initial foothold on a target. This is why I chose this cert, I wanted to overcome the feeling of not having logically structured knowledge.

My Opinion on...

The PTSv2

This is my opinion and a lot of people agree to say that the PTS is TOO HEAVY. I mean not heavy because there are a lot of things to learn but too heavy because the course is bloated.

The PTSv2 is not perfect, there are things I don't understand. Here's what I object to :

  • Half of the quizzes are not necessary

  • Some topics are covered twice almost WORD FOR WORD with no added value and I don't understand why

  • Josh Mason ??

Let's talk about Josh Mason a little bit. I don't want to trash talk, but something annoys me about him. I felt like Josh is the kind of person who knows A LOT of things but has trouble teaching those things, and this is very bad. Imagine paying at least $299 and being forced to listen to him at x2 speed or skipping his content to search on Google ? This is what I had to do.

I looked on Reddit to see if other people share the same opinion and this is what I found :

However, the PTS still has some advantages, such as access to Pentester Academy labs related to the eJPTv2 (which has been acquired by INE).

The Exam

As mentioned, the exam is practical. This is one of the reasons I took the eJPT as my first certification. The students have 2 days to answer the 35 questions. INE introduced "dynamic flags" to avoid cheating. In simple terms, every student has different flags to capture, which are randomly generated (this is not a CTF, all the 35 questions are not flags to find).

There are 2 networks: the DMZ and an internal network reachable only through pivoting.

I was not stressed at all; I completed the exam in 1 day. I took my time, I took breaks, everything was fine!

If there is something that I have to complain about, it's the exam results. I shouldn't have received 88%, but at least 90%, because there are things that have not been taken into account, such as port forwarding which I did. ๐Ÿฅฒ

Conclusion

In conclusion, I have mixed feelings about this certification. On one hand, I'm very happy to have taken it, but on the other hand, I felt drained by the heaviness of PTSv2. Towards the end of the course, I couldn't take it anymore; I just wanted to finish it as quickly as possible. Now, I'm going to move forward and pursue other certifications.

If, after reading all of this, you still want to take this certification, wait for my next article where I'll give you my tips and the resources you can use to succeed on your first attempt !

Feel free to send me a DM on my Instagram h0neyp0t.sec ๐Ÿ˜„

Don't settle for null, strive for #0...

ย