Review and Thoughts of PTSv4 Course and eJPT Certification

On August 12th, 2019 I began studying for the Penetration Testing Student (PTS) course and achieved the correlating eLearnSecurity Junior Penetration Tester (eJPT) certification on August 18th, 2019. This post will discuss both the PTS course and eJPT exam from purchase to certification attainment.

Intro

I can't say enough good things about the PTS course. It was exactly what I was looking for as an intermediate IT professional looking to dive into the world of penetration testing (Although I previously completed the OSWP certification). The PTS course is advertised as "Tailored for Beginners" and covers the basics of networking, routing, information gathering techniques. buffer overflows, various web application attacks, SQLi, pcap analysis, password cracking, data exfiltration, and a lot more. In fact, eLearnSecurity doesn't hide the contents of the course, as other courses may do. You know exactly what you're getting and what you're getting yourself into. They even allow you to test drive each course they offer for free, which is an entire section of slides to provide preliminary understanding of how they deliver the course content. There are little to no curveballs, eLearnSecurity just wants to concisely provide the knowledge and it is up to the student to learn and practice the hands-on material.

The entire PTSv4 course syllabus can be found here: https://dsxte2q2nyjxs.cloudfront.net/Syllabus_PTSV4.pdf

Purchasing and Course Delivery

As I have stated, eLearnSecurity allows prospective students to take a test drive of their courses. This test drive takes a designated section of the course and provides insight into eLearnSecurity's course delivery methodology. Before purchasing the PTSv4 course, I took this test drive to see if this was a delivery mechanism I could learn from, and it was.

Once I solidified the course content and it's delivery was something I could get behind, I decided to make the purchase. eLearnSecurity provides 3 tiers of plans and pricing for a majority of their courses which outlines progressing features on the materials provided, lab time access length, certification vouchers and even formatting of materials. The current tiers and models of the PTSv4 course can be seen here: https://www.elearnsecurity.com/course/penetration_testing_student/enroll/

Here is a screenshot of the above link:

PTSv4_eJPT_Tiers

I decided to purchase the PTS Elite tier (the top tier) and added the unlimited lab time. This is actually a critical step and should be thouroughly thought through as to what tier you should get because I don't believe add-ons or tier upgrades are an option after purchase, but I'm not certain. The primary reason I purchased this tier was because of the PDF format and additional 3 black-box penetration testing labs features provided.

After purchasing, eLearnSecurity sends an email for an invoice and then another email outlining steps to getting started and even a little information about the eJPT exam, which comes with the Full and Elite tiers. It was a very simple and easy process.

Let me provide a final thought on the tiers: If you have penetration testing experience and are comfortable with a bunch of the topics in the syllabus, I don't believe the Elite tier is necessary. If you are a complete beginner or are uncomortable with a lot of the topics or your own competency, get the Elite tier. It's up to you to make the right decision, but I hope this post clears up some uncertainty.

PTS Course Content

Every single topic in the PTS v4 course is laid out clearly in the syllabus. Again, there are no surprises. The course provides 2 preliminary skills sections for those who have litle to no prior experience in penetration testing or computer science topics which gets you up to speed for the course content. This is why the course is geared towards absolute beginners or junior penetration testers to fill the gaps. Although, if you're trying to jump into the information security sector, don't use this is a starting point, try to learn basic programming and basic networking before diving into this course.

With that being said, the meat of the course contains 6 thourough modules and a final module outlining the black box penetration tests and beyond the PTS course (which is primarily the PTP course):

  • Module 1: Information Gathering
  • Module 2: Footprinting and Scanning
  • Module 3: Vulnerability Assessment
  • Module 4: Web Attacks
  • Module 5: System Attacks
  • Module 6: Network Attacks
  • Module 7: Next Steps

The course content was amazing, and I won't harp on it too much here because the depth I can go into for the course is outlined in the syllabus. I don't want to get granular and spoil the course for propspective students. I will say that the course author(s) definitely provided worthwhile content and walks you through every step to avoid confusion and to level the playing ground for all of those taking the course. Most of the modules come with external resources for examples and accompanying labs to practice the lessons hands-on. Lastly, the interface is extremely simple and modern and it's definitely one of the great things about the course overall. So kudos to eLearnSecurity for that. Here is a screenshot of the interface as I have left it after the course. (I didn't need to practice or go through all of the modules because of prior information I already know and didn't feel the need to go through int he course)

pts_course_interface

eJPT Exam Review

Similar to any other certification, I won't discuss the scpecifics of the exam as it relates to the content. However, I will say that everything taught in the course is more than sufficient enough to pass the exam. The format is a 20 question, multiple choice exam, but it isn't theoretical. Each question is based on hands-on penetration testing techniques provided by eLearnSecurity. Essentially, youre doing a pseudo-penetration test and answering multiple choice questions based on the actions and answers provided in the questions. I will say that it makes it a little easier than, say, a fill-in-the-blank question or writing a professional report like Offensive Security requires. Lastly, I will say that the exasm was a lot of fun and there was more than enough time to complete the exam. (I think it was 3 whole days to submit answers)

Final Thoughts

The eJPT certification and corresponding PTS v4 course filled in quite a few knowledge gaps that I didn't know before and solidified my understanding on others. I would recommend this course for someone who is looking to get into penetration testing, as a precursor to other eLearnSecurity courses, or a foundation exam to take before the PTP or even the OSCP. Thank you for following along.