This post took a little longer than I planned so my apologies to all that follow me. After completing my PenTest+ and CEH certification, I realized that penetration testing topics were more interesting to me and I wanted to get better at it. My ultimate goal is to obtain the Offensive Security Certified Professional (OSCP) certification but I also knew I was not ready to venture out on that journey just yet. So I needed something that will give me a very good foundation on penetrating testing. After researching around through various subreddits, I was introduced to the eLearnSecurity Junior Penetration Tester (eJPT) certification. At that time, the Penetration Testing Student (PTS) Course offered by eLearnSecurity was discounted so I took advantage of the low price and signed up. Unlike CEH or PenTest+, the eJPT training was all hands on. By going through the topics and actually being able to practice, really helped with retaining information and understanding the material presented. This course contained labs, study guide, a voucher, and a free retake.
Here is how the course was presented
Preliminary Skills Pre-Reqs:
1) Introduction
2) Networking
3) Web Applications
4) Penetration Testing
Preliminary Skills - Programming (I skipped this portion and will learn it later)
1) Introduction to Programming
2) C++
3) Python
4) Command Line Scripting
Penetration Testing
1) Information Gathering
2) Footprinting and Scanning
3) Vulnerability Assessment
4) Web Attacks
5) System Attacks
6) Network Attacks
7) Next Steps (Preparing for the test and a few practice black box labs)
The course had a very good flow and the instructions were very clear. Most of the topics had videos and labs to really help you understand the lesson better. I highly recommend using Cherry Tree and OneNote to capture your notes and any type of tips to create your playbook. This certification is open book so you can use any notes you can gather as well as our trusty friend, Google.
This is how I used Cherry Tree for my notes. Each topic I made snapshots for easy reference. If the topic had labs or videos, I just made a joining node to capture it.
My Cherry Tree Notes
When I got to the blackbox portion of the material, I broke out my engagement as such for easy workflow.
To also ensure I wasn't getting lost in the pentesting, I opened a new terminal session for specific functions like in the picture. This helped out a lot during all my engagements.
My Terminal Sessions
My OneNote playbook came in handy as well because I made tabs for tools, general tips (How to setup my Linux environment), cheatsheets, resources, shells, wordlists, etc.
My Tabs My Resource List
Whenever I got stuck or needed to reference something really quick, I came to my playbook. You can continue to modify yours over time to better assist you on your engagements.
My Exam Experience
First and foremost, eLearnSecurity is not in the business to trick or stomp you. They want you to have a great learning experience and their course material is built as such. So everything you need is in the training material. If you find yourself stuck and things are not working, make sure you review your material, read everything carefully, and or reset your lab and try again.
I found myself stuck for about 12 hours on my route add and I honestly thought I was going to fail. I got up from my lab, took a nap, retried everything over, and after awhile I threw in a hail mary and the dang thing worked. A huge relief. After that point it was easy sailing from there.
Helpful Commands
Ping
ip a
nmap
route
ip route
john
hydra
smbclient
metasploit
sqlmap
Make sure you practice enough before jumping into the exam. You want to get comfortable with your methodology and tools. Enumeration is the key and I can tell you I jumped in way too fast because once I started to panic, my methodology became erratic and I was all over the place. I did pass with a 95% though but I could have done a better job during the engagement. Develop your methodology, practice it, and make sure to enumerate as much as you can. You will have fun and you will pass.
Kommentare