What I Learned from eJPT Certification Exam

  • Go through all the presentation slides and virtual machines provided in the study material, if possible try them 2–3 times
  • Learn about networking concepts nicely given in the material otherwise you won’t be able to understand about subnets, ARP, static routes, pivoting which is very useful for the exam
  • Though Metasploit isn’t allowed in some exams but in this exam you are not restricted, so learn Metasploit and Meterpreter
  • Directory busting might be useful, go recursive if you don’t find anything in a directory
  • Do not forget to check source code of a website
  • When there are multiple http server in a subnet then do not blindly choose an IP for testing. Have a bird’s eye view of all the websites first and start with the website which looks to have larger attack surface
  • If you find any service running on a non-standard port then enumerate the service, it might give you something useful
  • Do not keep jumping on different IPs in the subnet for testing. Select one IP, spend good time to enumerate each port on it and if you do not find anything then only jump on another IP
  • Be patient with nmap scans, I did nmap scans two times while testing in exam, first one took around 2 hours and second one took around 2.5 hours
  • Sometimes you won’t able to reach a network as there is no route define for it, so learn about checking and adding manual routes
  • If possible then practice on tryhackme platform, it is not compulsory but you will learn how to deal with VPN connections and how to approach machines for testing
  • The quiz questions in the exam appear to be very weird at first (as they are arranged in random order) but while testing the machines keep looking at them. You can also write all the questions together at one place before starting with the exam machine. I used cherry tree for note making but there are many alternatives available for that
  • A silly mistake which I did in exam was that I didn’t check all the ports in last machines as I was able to find answers for 16–17 questions out of 20. So I assumed that there might be some typo in the question and I marked wrong options as answer. I still have some regret for this but that’s why exams are for, to learn from them and this is also the reason I want to share my experience through this post. So remember TEST ALL OPEN PORTS !!!!
  • Do no try to finish the exam within 5–6 hours, you will have 3 days (72 hours) so take your time, focus on learning fundamentals and try to acquire practical skills
  • nmap
  • gobuster or dirb
  • burp
  • nessus (given in study material but I didn’t use it in exam)
  • mysql and ftp CLI
  • sqlmap
  • hydra
  • enum4linux
  • metasploit

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store