There are a lot of certification options out there with varying levels of acceptance. I decided to do the eLearnSecurity Penetration Testing Student (PTS) course and the associated eLearnSecurityStudent Junior Penetration Tester (eJPT) certification because I wanted a hands-on initial penetration testing certification. I also considered the CompTIA PenTest+ but decided to go with PTS because it was a completely practical exam. I didn’t think I was quite ready for OSCP, though I would love to go after that in the future, and I find CEH to be cost prohibitive. I know the eJPT isn’t as well known, but I have seen it pop up on job postings. And to be honest, I’m more concerned about the learning for this one.
You can check out the syllabus and get a good idea of what the class will cover. I found the content to be appropriate. I expected most of the material to be a review since I’ve done a lot of labbing. I wanted a course that would cover some fundamentals that I may have missed. The Intro module covers a lot of foundational material in a way that I found easy to understand. If you aren’t familiar with networking, it’s a lot to take in. I found it a good refresher and reminder that I want to continue digging into networking. The programming module was a brief intro into C++ and Python. These aren’t enough to do much other than make you realize you need to do more on your own. I like that the course intros some programming, but I would have liked a little more. I understand the decision to keep the focus light though since this is an intro course. The Penetration Testing section was the largest section and covered the material well. I was introduced to some tools that I hadn’t used previously and got targeted practice on some that I have.
The course also has 12 labs. If you are a complete beginner, it would probably be a good idea to get the package with more lab hours. I opted for the Elite version so I would have more time to play. I haven’t used all of my time. I used about half working through the course and prepping for the cert. If you aren’t familiar with the tools, you may end up using more. I’ll be going back to the labs to practice on some specific things, try out tools I’m working on, and so on. I thought the labs were well done and targeted key skills for penetration testing. I think if you just used the course materials and labs to prep for the eJPT cert, you would be fine. So on to the cert…
The exam is completely practical – you have 3 days to test a network to answer a series of questions. I think this format is excellent for an initial pentesting cert because it provides guidance on what you are looking for. If you haven’t gone through the steps of pentesting in a live environment, the questions are really helpful to know what to look for. I think I spent about 10-12 hours actively working on the exam. A good chunk of that was being obsessive about my answers and double/triple checking things. All of my experience with other labs and CTFs definitely helped. Part of that time was also doing things that I would do in a normal pentest that weren’t working toward answering the questions. If you are worried about time, just follow the questions. I made an effort to stay on track with the questions because I knew I had limited time to work on the exam over the 3 day testing period. If you have some experience and just focus on answering the questions, I think you could knock the exam out pretty quickly. I had a lot of fun working through the exam. I felt the course and labs would be adequate preparation for someone coming in without much experience.
Solid course at an appropriate level. I think this is a good step working toward OSCP. My plan is to use this as a base and keep working on other thing (VulnHub boxes, Hackthebox, etc.) until I feel ready to start on OSCP. I would recommend the PTS/eJPT combo to people wanting to get started with pentesting. The course does have some minor errors with things like grammar and spelling, but the content is solid. I would not hesitate to take another course from eLearnSecurity. I’m looking at the Practical Network Defense and Penetration Testing Professional courses for the future. All of the offered courses look like fun, but the costs would make it necessary to spread them out. They aren’t “expensive” – I actually think the cost of the course with the included certification exam voucher is reasonable/appropriate. But even appropriately priced, the classes may be out of reach for some. There is the option to pay in installments, so I think the courses and exams are quite reasonable in the overall context of infosec. Is the course/cert combo a golden ticket? No. Is the course/cert combo a solid introduction to pentesting that will help you get the basic knowledge, skills, and abilities to do pentesting? Yes. Like any of the options out there, you have to determine if it will meet the goals you have for the situation. I wanted a ethical hacking/pentesting cert that I could knock out quickly and would help make sure I’ve got a solid foundation. The PTS/eJPT accomplished those goals.