Conquering the eJPTv2 Exam: My Journey

Tips for passing INE’s Junior Penetration Tester (eJPTv2) Certification Exam

Greetings, fellow Cyber Mavericks!

I have recently passed the Junior Penetration Tester (eJPTv2) certification exam by INE and I would like to give back to my cybersecurity community by sharing my experience and some tips to help you on your journey.

In this article, I’ll be exploring the eJPTv2, a certification which I believe is valuable for aspiring penetration testers. From my personal experiences to practical tips, this piece aims to assist those preparing for the exam

This article is the first of a 3-part series focused on the eJPTv2 exam.

• Part 2: My Top 12 Tips for Mastering the eJPTv2 Exam
• Part 3: Resources for Mastering the eJPTv2 Exam

Exam Overview — (OSINT!)

INE’s eJPTv2 Certification Exam

INE describes eJPTv2 as a “hands-on, entry-level penetration testing certification that simulates skills utilized during real-world engagements.”

This practical exam mirrors real-world scenarios, validating candidates’ application of skills acquired in the Penetration Testing Student (PTSv2) course by INE. The exam comprises 35 questions, including multiple choice questions (MCQ), dynamic flags, and fill-in-the-blank questions.

Success hinges on effectively enumerating, hacking the DMZ network, pivoting to the Internal network, and obtaining administrative access to machines.

Do not expect a typical Multiple Choice Questions (MCQ) exam — here, you must “pwn” your way to a “Pass”!

The following domains are assessed:

• Assessment Methodologies (25%)
• Host and Networking Auditing (25%)
• Host and Network Penetration Testing (35%)
• Web Application Penetration Testing (15%)

Course Info at a glance

For more details, refer to INE’s website: eJPTv2 Certification

Who is this exam suitable for?

The eJPTv2 serves as a great stepping stone for individuals aspiring to pursue intermediate or advanced Ethical Hacking certifications, like TCM’s Practical Network Penetration Tester (PNPT) or OffSec’s Offensive Security Certified Professional (OSCP).

It is particularly beneficial for those with a background in IT or cybersecurity, although not mandatory; having basic security, Linux, and networking knowledge is highly beneficial.

Many individuals opt for this certification as their first in cybersecurity, compensating for any gaps by gaining practice and skills through guided platforms like TryHackMe.

This certification is instrumental for individuals aspiring to become penetration testers. It is also very suitable for individuals aiming to become adept defenders (Blue Teamers) or well-rounded cybersecurity professionals, equipping them with insights into both offensive and defensive strategies in the dynamic cyber landscape.

Why did I choose eJPTv2?

With a cybersecurity background, primarily in defensive roles, I’ve been passionate about and consistently leaned towards developing offensive security skills.

To pursue a career in Ethical Hacking or Red Teaming, I engaged in various activities, including obtaining theoretical security certifications, working on home lab projects, participating in CTF challenges, and conducting internal pentests for my previous employer.

Recently transitioning to a full-time Penetration Tester role, I sought to assess my knowledge and identify any gaps. Opting for eJPTv2, I found it to be a solid foundational step for advanced certifications like PNPT and OSCP.

Choosing eJPTv2 as my first practical certification was driven by its comprehensive coverage. The knowledgeable trainer, Alexis Ahmed, provided additional insights and diverse approaches to familiar tasks, making the course a valuable experience that self-study paths might not necessarily cover.

My Preparation for Battle — (Recon!)

Good Recon is half the battle

My Background

Let me share my background to shed light on how I approached exam preparation. With a solid 16 years of experience in IT and Cybersecurity (Blue Team), I’ve gained various certifications in Linux, networking, and cybersecurity. This experience forms the foundation of my knowledge.

Last year (2023) marked a pivotal shift in my career toward Penetration Testing. Since embracing this new path, I’ve actively participated on platforms such as TryHackMe and HackTheBox, and recently, I’ve ventured into CTFs.

My Initial Prep

My preparations consisted of:

• The official Penetration Testing Student (PTSv2) Course from INE
  A 156-hour-long course with over 239 videos and 121 hands-on Labs.
  As you probably have read on every forum and blog, this course is more than enough to prepare you for the exam. If you lack some foundations in networking, Linux or how websites work, you need to supplement that with additional material from sites such as TryHackMe.
• Thorough notes for each video and each lab
  Although the course comes with slides, they are not as comprehensive as the video so I took extensive notes. I prefer to use online note-taking apps such as Notion. I can study and read my notes from any device. Other apps such as OneNote and Obsidian are also good tools to use for your course and lab note-taking.
• My own compiled eJPTv2 cheatsheet
  This is the single most critical weapon you need before going into battle. Do not underestimate this. I have not completed a comprehensive cheatsheet and although I had to go back to my notes, other people’s cheatsheets and Google from time to time, I have saved a ton of time by having my cheatsheet ready.
• Previous eJPT Black box walkthroughs
  As the new version of the course no longer has the black boxes
  (1,2 and 3) where you can test your preparedness, I have resorted to watching eJPTv1 black box video walkthroughs. They were still helpful and you can find plenty of them on YouTube.
• eJPTv2 Zero to Hero YouTube series by overgrowncarrot1
  This resource has proven invaluable to me during my exam preparation. Unlike other sources, it addresses the absence of Black box labs in eJPTv2. Ryan Yager, guides you through building your own black box labs and walks you through attacking this network of VMs as if it were the real exam. His friendly Discord community, dedicated to certifications like eJPTv2, further enhances your learning journey. I highly recommend this one.
• Practice on as many vulnerable virtual machines as possible:
  VulnHub boot2root images, vulnerable Metasploitable VM’s and TryHackMe machines such as Ice, Blaster, Ignite, Relevant, Blog, Steel Mountain, Basic Pentesting etc.

For the full list of all the TryHackMe rooms, vulnerable VM’s and additional resources I have used, please see my article: Arming for Success: Resources for Mastering the eJPTv2 Exam

Exam Day Experience — (Exploit!)

Exam Day: Show Time!

The exam can be started at any point whenever you are ready.
Once you push the button and start your exam, you will have exactly 48 hours to complete the exam and submit your answers.

Bear in mind that the exam voucher expires in 6 months once you have redeemed it. If you fail, a free re-take is offered which must be taken within 14 days of your first attempt.

So the day has come. Coffee mug ready, snacks ready, button pushed and away we go! Pwn’ed in 60 seconds … Just kidding!

The biggest mistake you can make here is to treat this exam as a CTF.
I heard that tip so often on every forum and blog but you will only understand it halfway through the exam. You were conditioned to
“fetch the flag” asap and beat the ticking clock.

That is the wrong mentality to go into battle with for any practical ethical hacking exam. I had therefore zero interest in rushing the process and sprinting through compromising machines.

It should be a fun educational marathon you should enjoy.

The biggest mistake you can make here is to treat this exam as a CTF.

In fact, I have spent more than half of the first day on meticulous enumeration, the painstaking process of documenting my findings and going over my exam game plan which is largely based on the penetration testing lifecycle.

You will soon notice that with good enumeration alone you’d be in a position to answer 40% of the exam questions.

Don’t be overconfident as you would still need to obtain the minimum passing score for each of the four domains and a minimum of 70% overall. The point is, good enumeration will get you far.

The most important steps you need to do before you fire any tool are:

1. Read the engagement letter thoroughly
   Read it slowly and piece together a picture of the network and what you are expected to do. Read it again carefully this time and pay attention to every word to ensure you have not missed a crucial piece of information regarding the scope or a hint that could help you with the engagement.
2. Read ALL of the questions before you do anything
   I suggest you read them slowly once and start taking notes to help you formulate a plan of attack. This will dictate your engagement workflow. Do not attempt to answer them sequentially. Some questions may provide hints to earlier or later questions so it is important you read the questions at least twice to establish any relationships.

Day 1 — Friday Afternoon

2 PM — I started my exam on Friday afternoon for focused time away from my work week. Following my attack plan (you have one by now, don’t you?), I initiated network-wide discovery and port scans of the DMZ network.

5 PM — I took a break for dinner with my family.

Two days proved more than sufficient for tackling this exam. I can’t stress enough how crucial it is to weave breaks into your day, away from the desk.

6 PM — Obtained my first root shell machine and continued to enumerate the compromised machine further, confirming the accuracy of my answers from the enumeration phase. information. I’ve documented all my findings from local enumeration.

Remember! The goal is not to pop a shell and move on with some sort of a flag or an answer to a question, but to learn how to be a thorough penetration tester who has done a comprehensive job to uncover all weaknesses on the target system. That is what a client would pay you for in real life.

10 PM — Moved on to compromise my second machine, thoroughly enumerating the compromised machine as well as the DMZ network which consisted of several Linux and Windows servers. At this point, I was able to answer 11 out of 35 questions.

12 AM — I started to slow down and have diminishing returns at this point so I’ve decided to take some good rest before attacking this again with maximum energy the next day.

Day 2 — Saturday

10 AM —After a slow and easy start to my day (hey, it’s weekend!), I made a start and refreshed my memory by revisiting my notes, Nmap scan reports, my attack plan and the remaining questions.

11 AM —Assessed my progress and verified my answers so far, before kicking off a few brute force attacks and hash-cracking tasks for previously looted hashes.

12 PM — Compromised a third machine, escalating privileges, and enumerating services, processes, accounts, and system information.
I paused to take good documentation of the findings so far.

4 PM — I resumed after a quick swim and lunch break and managed to compromise a fourth machine and repeated the same steps which you are familiar with by now. Escalate privileges, enumerate, grab hashes, crack hashes, document etc.

Giving your brain a breather will boost your performance, and your body will thank you by returning re-energized. Trust this little tip — it can make a big difference!

5 PM — I started experiencing issues with the fourth and fifth machines. The compromised services on the 4th machine no longer responded.
While the 5th machine was simply unavailable all of a sudden.

I fired a support ticket at INE only to find out their Customer Support does not operate on weekends and outside of business hours. Bummer!

I kept trying for about half an hour until I finally decided that I had no choice but to reset the exam environment. This is where I was thankful that I took plenty of notes and copied all results out of the Kali machine to my local note-taking app on my personal machine as a backup.

5.30 PM —Resumed with no impact as I had saved all credentials and did not need to exploit the machines all over again. This is why I keep emphasizing the importance of keeping notes!

8 PM — Another break for dinner and family time before I resumed my hacking -spree (still having fun!).

9 PM — By now I have compromised the entire DMZ network and did not go to bed until I verified the machine I believed was the Pivot box. I reviewed all my questions at this point and I had 28 out of 35 answered.

Day 2 — Sunday

8 AM — Final hours. Only a few questions left and all were related to the Internal LAN which required me to pivot and compromise the internal network. I’ve used my cheatsheet and attack plan to pivot and enumerate the internal network.

10 AM — By now the process was going a lot smoother and quicker and I have completed compromising all the machines on the internal LAN.
With all 35 questions answered I was ready to submit, but why the rush?

11 AM —Reviewed machines on both networks which I had labelled as dead-ends and rabbit holes. They provided no value in terms of answering exam questions and enumerating them did not yield much. Yet, I decided to give this a last hurrah before resting my hacky fingers.

1 PM — With no additional machines to compromise, all questions were double-checked and verified I had submitted the exam questions and anxiously waited for confirmation. The longest 30 seconds of my life. :)

Lessons Learned — (Post-Exploit!)

Reflections and lessons learned

Here are the lessons I have learned from my recent eJPTv2 exam experience:

⏲ Exam Time
The 2-day timeframe provided ample time for completing the exam. However, it’s essential to organize your preparations, including notes, cheatsheets, and reference materials.

📖 Revision Strategy
The practical labs from INE were sufficient for exam preparation. To enhance this, attempt the labs without a write-up initially. Later, review the video or lab notes to understand INE’s intended approach. Attacking labs concurrently with course videos helps, but some details might be missed.

✍ Exam Day Note-Taking
While note-taking was crucial during the study, it became even more critical during the exam. Keep detailed notes on attacks, outputs, and findings (credentials, hashes, etc.) frequently. Store them outside your Kali attack machine, as unexpected issues in the exam environment might necessitate a reset.

❗ Exams During Weekends
Taking the exam on weekends, although minimizing impact on the workweek, comes with the drawback of unavailable INE Support.

INE typically provides an extra attempt without hesitation for issues outside support hours. However, consider the trade-off between avoiding a weekend redo and potential support assistance.

🥳 Pentesting Exams Are Fun!
Transitioning from mostly theoretical security exams, the real-world scenario of compromising two networks and lateral movement brought a refreshing change. The experience was very exciting and enjoyable, motivating me to continue with more practical exams this year to hone my ethical hacking skills.

Onwards and upwards to TCM’s PNPT!

Please follow my journey as I will be posting future articles about my PNPT and OSCP preparations :)

Join the Journey

Thank you for your support and for visiting my blog.

Please follow me for more future content around CTFs, Ethical Hacking, Certifications, and much more.

I would appreciate any comments, feedback, or queries you may have.

Happy Hacking!

CyberSecMaverick