Reivew of INE’s — Junior PenTester (eJPT) Learning Path/Certification
In the current world of remote working and as even more businsess switch over to cloud based infrastrucuture, there’s never been a better time to improve your cybersecurity skills. Or, at the very least start learning the basics.
While there are 1000s of hours of free resources online, alongside video content on places like Youtube. It has become harder to navigate the landscape and figure out exactly where to start learning. Even harder still, are the various different certifications that exist, each with different requirements and skills.
Just to illustrate the point, the above link contains a roadmap for certifications necessary to specialise in a specific field of cybersecurity.
Therefore, in today’s blog post, I’m going to review a good starting point to CyberSecurity and that is INE’s eJPT Certifiation and by extension its associated learning path.
Overview of the Learning Path
The INE’s eJPT learning path is designed for beginners and consists of 3 courses: Penetration Testing Prerequisites; Penetration Testing: Prelimary Skills and Programming; and Penetration Testing Basics.
The first course, Penetration Testing Prerequisites covers the basic concepts of networking, and HTTP Standards. It will also cover how to analyse packets using a network packet analysis tool Wireshark.
The 2nd course Penetration Testing: Prelimary Skills and Programming covers the basics of Python, C++, Bash and Command Line Programming. There are a few small exercises as well to encourage you to code up a small program.
The 3rd course Penetration Testing Basics covers all the basic pentesting tools such as NMAP, Nessus, Dirbuster, sqlmap, JohnTheRipper, Hydra and Metasploit.
Now that we have an overview of the different course content, let’s take a look at the good and bad aspects about the content.
Good
Covers a broad variety of topics, and the very basics that any pentester will need to know. However, it isn’t overly broad like the SSCP which covers media distruction and shredding standards, etc.
It also introduces the most basic types of web vulnerability such as XSS and SQL injection. As well as tools that help leverage the vulnerabilities, for example sqlmap.
Most importantly, the course allows you to start virtual machines that you can connect over vpn to test out what you’ve learned. For example, the course would introduce a login brute force tool, Hydra, and in the lab lession you’ll be able to test Hydra on a machine. Solutions, are also included if you’re not able to figure out how use the pentest tool.
There are also 3 black boxes at the end of all the 3rd and final course to test everything that’s been covered. This forces you to utilise every pentesting tool and trick that you’ll pickup throughout the courses.
Bad
For a beginner learning path, overall, I don’t have much to criticise. The only thing worth mentioning is the 2nd course about programming seems a little uncessary.
There’re plenty of online resources dedicated to programming and adding in a small course isn’t going to make someone a genius overnight. Now to be fair, this doesn’t seem to be the point. As the course seems to be designed for people without a degree or prior knowledge in the computer sciend field.
The 2nd course doesn’t have many exercises to test your programming skills, and furthermore it’s not covered in the exam. Speaking of exam…
The Exam
The exam is simply designed to test your knowledge of networking (i.e. adding routes to your route table) as well as the pentesting tools covered in the course. You’ll be given 3 days, to answer the exam questions. However, I was able to finish the exam in a single day.
As for costs, the exam was $200 USD if you utilised INE’s free starter pass, or I believe included with your INE subscription.
Difficulty wise, I would say it was more than I expected, but less than the Black Boxes. There will be no special tricks like those utilised in the Black Boxes.
Conclusions
Overall, I had a pretty good experience with the courses. Ignoring the 2nd course on programming, the 1st course and 3rd course were pretty good. I especially liked having lab machines that you can connect to and practice pentesting tools against. Truth be told, it’s simple enough to setup your own DVWA (Damn Vulnerable Web Application) and lab in VirtualBox, however, having a machine setup by the providers of the course just makes things simplier.
If you’re still on the fence about the course or exam, note that the course content can be access for free with INE’s starter pass. Now there’s no excuses to get started learning about all the basics on CyberSecurity.
