How I Passed the INE eJPTv2 Exam

Written By Winton

Introduction and Exam Backgrounder

Well, here we are… I'm pleased to say that I’ve finally passed my very first practical, hands-on penetration testing exam! This didn’t come easy, though. I’ll tell you why. Coming from a background in audit and compliance, this was much more than just a pivot within Cybersecurity. I had to think about everything in a peculiar (offensive) manner while never losing sight of the main goal.

Let’s cut to the chase. This isn’t a strict capture-the-flag (CTF) exam. It’s a 35-question, dynamic black box environment in which the answers to the questions are based on the information you gather from the recon(naissance) phase until the post-exploitation phase (there’s not much content surrounding the reporting phase, but we’ll get to that later).

Here’s some more general info about the INE ejptv2: the exam itself is open-book, but this doesn’t do much for you unless you have studied the course content and practiced within the lab environments that INE provides you in their Penetration Testing Student course. However, this comes to your advantage because you can treat this exam as if you had all of your resources at your disposal, mimicking that of a real-world engagement. For the official exam documentation, click here.

How I Prepared

Here’s how I prepared for the exam:

I gave myself a deadline of about 2 months to start the INE Penetration Testing Student course and then subsequently pass the exam. By giving myself this deadline, I was able to map out and plot time each day dedicated to studying and gathering resources while making my notes (which is crucial, as you’ll find other open sources, notes, and documentation on the exam which is (nearly) useless unless you want to comb through someone else’s method of notetaking. No thanks.

Next, I took the PTS (Penetration Testing Student) course very seriously, though I sped up the videos to 1.5x so I could get through the 156 hours and 17 minutes of content a bit quicker. You can always rewatch and replay while taking notes. However, I found that the labs that reflect the course content are much more useful, as they allow you to test the tools out for yourself while having a reference (solution) at your disposal.

Don’t get me wrong, I scoured the internet (YouTube, Reddit, Google, Github, LinkedIn, etc.) for any tips and tricks on how to pass the exam so I would know what to focus on. However, as long as you follow the course, read the Letter of Engagement and Lab Guidelines, and follow the pentesting methodology with your notes, you’ll pass with flying colors.

Tips during the exam:

  1. Focus on enumerating as much as you can while flipping through the test’s exam questions so you know what you’re looking for.

  2. Take notes on (almost) everything, and ensure that you keep them organized. For note-taking, I used Notion as I was able to easily flip through pages and go back and forth between machines. Ctrl+F or Cmd+F is your best friend, so make sure your notes are optimized for quick searches.

  3. Don’t overthink — follow the pentesting methodology and make sure that you know what tools to use in each phase. If you get stuck, switch to a different machine or take a walk. Refresh, and come back. Stay hydrated.

  4. If all else fails, you have a free second attempt which must be taken within 14 days, so just make sure that you’re at least nearly ready on your first attempt.

Resources I Used

In order of importance, I’d say these were my top resources/picks:

  • INE Penetration Testing Student Course (Labs, then Videos)

  • Reddit

  • Google

  • Github

  • Youtube

  • TryHackMe (none in particular, but good for labs and refreshers)

Keep in mind that any resource you use from another person is subject to their methodology of notetaking and their unique perspective on the exam, so take EVERYTHING with a grain of salt. I cannot emphasize this enough, but even if you read their notes, create your own documentation as this will be sorted and parsed more easily in your head and during exam day.

Lessons Learned

The exam was harder than I had expected, but in all fairness I did not study much as I felt the coursework was pretty straightforward. The biggest emphasis I can place on anything is taking better notes. Even when you believe your notes are crisp and clear, you need better notes. Take notes on your notes, even. If you get stuck on something, look through the course and see areas where you might’ve missed some steps or just flat-out incorrectly performed any particular commands.

Summary

I enjoyed the process of taking the course and passing the exam thoroughly. My first goal was to actually just go straight for the OSCP, but after taking this exam, I can safely say that I would’ve failed over and over. The ultimate pentesting certificate that I want is the OSCP, but there are others along the way that I may just entertain first. All in all, if you can’t say you enjoyed the course and the exam (regardless of the amount of stress it placed on you), you probably shouldn’t go into pentesting — just my two cents. Thanks, INE. I look forward to the next challenge!

Medium.com

Winton
Previous

AI Safety: What is ISO 42001?