eLearnSecurity eJPT (Junior Penetration Tester) Certification and Review



This week I completed my studies for eLearnSecurity's Junior Penetration Tester certification and earned the certification.  This certification is a culmination of ELS's entry level course, Penetration Test Student, or PTS. The course itself is incredibly straight forward, and crafted for those who have little to no knowledge of penetration testing processes, usage of tools, command line scripting, enumerating, and so much more.

The PTS course comes in three sizes; Barebone, Full, and Elite.  Barebone is exactly as it sounds, and provides instruction via slideshow, with no other bells and whistles.  The Full and Elite versions grant access to additional benefits, to include Hera Labs, which are incredibly well maintained and professional lab environments.  The Full version grants 30 hours in the labs and offers a single exam voucher to be used within 180 days, and a retake if you fail.  The Elite version offers 60 hours of Hera Labs, and 3 "Infinity" vouchers.  Elite also provides three "Black Box" labs as an additional benefit.

The instruction is well thought out, slides are professionally presented, and the labs appropriate.  Each lab comes with a corresponding challenge correlating to the lesson it pertains to, and provides solutions that are recommended for use only if the student cannot solve the challenges on his or her own.  The lessons cover a variety of topics, from the very basics of networking and binary, to null session exploitation in legacy systems.  There are modules for basic Python and C++, and significant instruction on XSS (Cross Site Scripting) and SQL injection techniques, in addition to much, much more.  ELS also provides video instruction of specific topics, which do a good job of working out the specific task at hand, step by step.

Some material is outdated, causing frustration among students who are simply told to download older, outdated versions of software, and dump it when they are done (I'm looking at you Null Sessions).  There is no acknowledgement that the material is outdated in this instance, and instead staff suggest it is the fault of Offensive Security for producing updated versions of their Kali Linux operating system.  Further, there are workarounds for this issue specifically in the lab challenge, but the staff fail to provide any appreciable instruction how to do so. 

I spent approximately two weeks studying and taking advantage of the slide presentations and lab environments before taking the test.  The student is granted three days to complete a 20 question, Capture the Flag style exam (despite the exam guide suggesting it isn't CTF).  Much of the exam correlated to the provided lab challenges, yet I still felt taken aback by certain things in it.  Several challenges required me to learn on the fly, wishing that some portions of the instruction had covered certain mechanisms better (I would love to suggest what these are, but we are bound to not share specific details of the exam).

My greatest negative takeaway, however, is the demeanor and attitude of certain ELS staff towards students.   There is no formal setting, per se, to gain insight or answers to questions about materials.  ELS maintains a student forum to ask questions in a public setting, to which certain staff regularly criticize students for asking questions rather than using the forum search function.  As a new student in the field, you may not know what to search for to begin with, and find it second nature to ask for help directly when you are challenged and cannot find an answer.

In all, I'm incredibly proud of this continuation of my education in cybersecurity, and towards my goal of being a penetration tester.  I'm currently enrolled in ELS's Certified Professional Penetration Tester certification course, and will hopefully finish in the next couple of months.  In the end, the exam was incredibly, and appreciably, challenging.  I felt that I gained additional knowledge in the exam, but also found that there were things I wish had been taught better.



Comments

Marc said…
What Udemy course did you use for buffer overflows please?
Joe said…
@Marc

Not quite sure why you're posting this on the eJPT post as it doesn't require any buffer overflow exploitation.

That said, I fell back on The Cyber Mentor's coverage of Buffer Overflows in his Practical Ethical Hacking course.
candelas said…
Hi Joe, I've finished the course but I'm not ready to take the exam yet.
I have to practice before I take it.
You're write ups help a lot.
ultimate said…
A very awesome blog post. We are really grateful for your blog post. You will find a lot of approaches after visiting your post. Penetration Testing Services
Radhapraveen said…
Really wondered to see this blog. Along with reference links.
Data Science Course in Chennai
Ethical Hacking Course in Chennai

Popular Posts