Penetration Testing Student v4 Review
Penetration Testing Student (PTS) is a foundational ethical hacking course at eLearnSecurity. It starts from the very basics and covers Networking and Programming skills every Penetration tester should have. It is entirely self-paced with interactive slides and videos that students can access online. Students have lifetime access to the training material and can also study from home, the office, or anywhere an internet connection is available. It also provides several Penetration testing exercises in virtual lab environment through Hera Labs. After completing this course, you will have a chance to take a certification exam which will earns you eLearnSecurity Junior Penetration Tester (eJPT) certification.
I have subscribed to eLearnSecurity newsletter and course updates via email. On April 2020, I got an email that eLearnSecurity were giving away the BAREBONE version of their Penetration Testing Student (PTS) course in order to keep people busy at home and improve their knowledge at the same time during the COVID-19 quarantine. One important thing to note about this BAREBONE version of this course is that it does not include exam voucher and virtual labs. If you want to get the exam voucher and virtual labs, you may consider upgrade to FULL or ELITE version of the course. For more information related to different offers among these versions, please refer to PTS – Plans & Pricing. Actually, I didn’t have any plans to take this course as I had already got my hand on my OSCP back in March 2020. Since this course is free and eLearnSecurity is well-known with PenTester cycle, I decided to give it a try to see the quality of contents it offers.
Please note that this course has been given away by eLearnSecurity several times already even before COVID-19. If want to get it, you can just subscribe their newsletter and course updates via email. I can’t guarantee that you will get it, but it is likely that you will get it someday.
Since I came from CTF player background and also already earned my OSCP, I found that I had already familiar with 85% of the contents covering within this course. For more information related to what are covered within this course, please refer to the Course Outline and Virtual Labs section below. I spent just a few days to go through and finish the course materials. After completed the course, I have 3 choices, just leave it there, purchase an exam voucher ($200) or upgrade to FULL ($299) or ELITE ($399) version which include exam voucher and labs then take the certification exam to get certified.
In order to take this eJPT certification exam, you must have eJPT exam voucher which you can buy separately for $200 or it is included within FULL or ELITE version of PTS course. eJPT is a 100% practical certification on penetration testing and information security essentials. When you start the exam, you will be provided with a Letter of Engagement and some other files that you will need during pentesting the network. There will be 20 multiple choice questions for you to answer within 3 days (72 hours). In order to get the answers for this exam, you will need to connect to VPN network provided by eLearnSecurity during this exam period. You will need to perform most of the things you had learned from the course and virtual labs such as enumeration and exploitation in order to find the answers for the exam questions. It is also very important to read the Letter of Engagement carefully and line by line as you will find a lot of information or clues from it. To pass this exam, you will need to get at least 75% of the exam score which translates into getting 15 correct answers out of that 20 questions. Moreover, there is no limitation on tools you want to use. You can also use any OSes you are familiar with such as Kali Linux, Parrot Security OS, Fedora Security Lab, etc.
Below are the exam details.
Course Name: Penetration Testing Student (PTS)
Exam Name: eLearnSecurity Junior Penetration Tester (eJPT)
Exam Type: 20 Multiple Choice Questions (Context based)
Time Allowed: 72 Hours
Pass Mark: 75%
Validity: Does not expire
For me, I decided not to take certification exam due to the fact I have had my OSCP, so I don’t think that it is necessary for me to take this certification. For more information about my OSCP journey, you can find it here.
I think this course is really good for cybersecurity enthusiast or CTF player who have just stepped into the field and would like to expand their knowledge on PenTest methodology and get familiar with tools for enumeration and exploitation. If you have not had any cybersecurity or information security certifications yet and would like to get one, I think this is one of the best deal for you. You can claim this course for free, then purchase exam voucher around $200 or upgrade from BAREBONE version to FULL or ELITE version then sit in the exam to get certified. With this deal, I don’t think you can find any other cybersecurity or information security courses or certifications out there with the price as low as this one. In addition to that, I think this course will also provide you a foundation platform to build upon in your journey to reach PWK/OSCP.
If you are familiar with CTF challenges such as Web, PWN, Programming and Misc, I think it will also help you to get familiar with the course and labs, so what you need to do is just connecting the dots of what you have learned from CTF challenges together in order to achieve a working exploitation.
If you would like to know how it is like to take PTS/eJPT, you can try spinning up some easy rated machines from VulnHub then tried to get root shell or give it a try with Hack The Box.
This course has 3 sections, and each section contains several modules covering various domains of knowledge.
- Section 1: Preliminary Skills – Prerequisites
- Module 1 : Introduction
- Module 2 : Networking
- Module 3 : Web Applications
- Module 4 : Penetration Testing
- Section 2: Preliminary Skills – Programming
- Module 1 : Introduction
- Module 2 : C++
- Module 3 : Python
- Module 4 : Command Line Scripting
- Section 3: Penetration Testing
- Module 1 : Information Gathering
- Module 2 : Footprinting & Scanning
- Module 3 : Vulnerability Assessment
- Module 4 : Web Attacks
- Module 5 : System Attacks
- Module 6 : Network Attacks
- Module 7 : Next Steps
There are 19 virtual labs included within this course. Here is the list of exercises you will face on your PTS/eJPT journey.
- HTTP(S) Traffic Sniffing
- Find the secret server
- Data Exfiltration
- Burp Suite Basics
- Burp Suite
- C++-assisted exploitation
- Python-assisted exploitation
- Scanning and OS Fingerprinting
- Cross-site scripting
- SQL Injection
- Bruteforce and Password Cracking
- Null Sessions
- ARP Poisoning
- Black-box Penetration Test #1
- Black-box Penetration Test #2
- Black-box Penetration Test #3