Last night I earned eLearn Security’s Junior Penetration Tester certification, and I wanted share my experience here in the event that anyone is interested in learning more about the certification and the course.
I started studying the (free!) Penetration Testing Student (PTS) course material on INE’s website about a week and a half before attempting the exam. The PTS course relies heavily on slide decks, and since a good chunk of the course was going to be review for me, I skipped over the denser slide decks. I also skipped over the second section on programming and scripting all together, as this is not required for the exam and I was trying to get the certification under a time crunch. From what I read online, this section of the course is weak, and a separate course on scripting would be best to learn the fundamentals anyway.
Okay so do I have anything good to say about the course? Yes! The Hera lab environment is the shining jewel of the course. Remember when I said you can skip over slides? Don’t skip the labs! They cover everything on the exam, and things that aren’t covered but are just good to know like using the egress-framework find ex filtration points and packet-whisper to ex filtrate data over DNS. Almost every section has a lab you can spin-up to try what was covered in the section yourself.
At the end of the course, there are 3 Black Box PenTest labs. These labs are similar to the exam in that your given a subnet of machines to scan and exploit. I will, say that the Black Box labs are easy to over-think. They are good quality, but if you get stuck or don’t understand something don’t let that psych you out. These labs are meant to get you into a mindset of Googling outside resources to learn about and exploit services, and in most cases are “harder” than the exam. (They aren’t hard, just not what is covered in the course).
While I can’t say much about the specifics of the exam, I will say it was the best part of the course by far. It’s 20 multiple choice questions and you can only get the answers from pen-testing the environment. You need at least 15/20 to pass, and no report is required. When you start the exam you are sent a Letter of Engagement from a mock company who’s network you will be testing. The presentation of the exam is exciting and it makes it feel as real as possible. You will also get some important resources for use on the exam, hope you didn’t skip the Wireshark or routing sections. The Black Box labs are “bite-sized” environments, while the exam is a larger and more fleshed out experience. There a good number of boxes, and you get a chance to identify routers and pivot around the network in a way I haven’t been exposed to before this exam.
Overall, I was pleasantly surprised at the quality of the labs and the exam. At $200 for an exam voucher and $0 for the course, It’s hard to tell anyone NOT to go for this cert.