Foreword
I'm writing this article right after I passed my eJPT exam, so everything is still fresh in my mind, however, do not contact me asking for help during the exam or to ask about specific questions pertaining to the eJPT :)
eJPT Format
Before discussing how you can prepare, let's look at what the eJPT assesses.
The eJPT is a hands-on, open-book practical penetration testing exam composed of 35 questions that can only be answered by "hacking" into machines.
The passing threshold is 70%, and you will be assessed on the following topics:-
- Host & network auditing
- Assessment methodologies
- Host & network penetration testing
- Web application penetration testing
Preparing for the eJPT
My personal method
Prior to taking the eJPT exam, I had amassed experience with penetration testing on TryHackMe and Hack The Box, which got me up to a comfortable level with penetration testing where I could tackle boxes and gain at least an initial foothold.
Now, the eJPT is most definitely not a CTF style exam, yes there will be certain questions which ask for a "flag", but approaching this exam as a CTF is a sure way to fail, or at the very least get stuck.
After getting up to a comfortable level with CTFs, I went through INE's Penetration Testing Student course which is 148 hours long. I'll admit to skipping some videos but that's because I had enough experience with some of the taught concepts to feel comfortable enough to jump straight to the labs.
My advice
If you're just getting started, I'd also recommend you get started on TryHackMe, more specifically with their learning paths. There's a ton of free material and boxes there to get you up to a foundational level.
Once you feel comfortable approaching boxes without too much reliance on writeups, you can start going through INE's Penetration Testing Student course.
During the course, I'd recommend doing the following:-
- Notes, notes, notes! Take notes, write down methodologies, commands and their most used switches, and common vulnerabilities in services
- Do all of the labs, and then do them again without looking at solutions or referring to the videos
- Go back to the labs or TryHackMe machines, and try solving them only relying on your notes
The amount of times I mentioned notes doesn't do justice to how important they are, your notes are the safety net that you'll fall back on when things are unclear, so make sure they're comprehensible, searchable and succinct.
For note taking, I personally used Obsidian, however many alternatives exist and you should find a note taking tool that you're comfortable with.
The PTS course
During the course, you'll learn all of the skills needed to pass the eJPT (assuming you have some sort of basic background with pentesting).
But in addition, the course teaches some skills that are not needed for the exam, this is because the training aims to encompass the foundations of penetration testing, so don't skip these sections!
Additional resources I used
During the exam
When exam time comes, you simply need to follow your methodology and your notes.
Start by reading through all of the questions as they may not be in order, and they might just nudge you in the right direction.
There are no weird puzzles or riddles to solve, the exam is pretty straight forward and resembles a real engagement, enumerate, identify vulnerabilities, exploit, escalate privileges and repeat.
You won't have to script anything from scratch, or download any tools or repositories. The exam environment is in-browser, and you have all the tools and wordlists you'll need.
Post-exam
After you've passed, I'd recommend going back to your notes and adding anything new you've learned to them, remember: this might come in handy down the line in CTFs or your career.