pjpt.exe

Posted on | By x.z3r0

After 4 grueling days of very little sleep, frustration, and fun, I was able to pass the PJPT exam! I was very nervous going in as its a practical exam meant to test your Active Directory hacking skills and I’m very new to the world of hacking and cybersecurity. After just 6 months, I went from no certifications to 4 certifications. Lets jump right into it.

About the Exam

The Practical Junior Penetration Tester (PJPT) certification is a beginner level ethical hacking and penetration testing certification. The exam was $249, which included a free retake as lifetime access to the Practical Ethical Hacking training course. It is meant to simulate a real world internal penetration test on an Active Directory environment with absolutely no flags to capture and no multiple choice questions. As I said, its a practical exam in which you have 2 days to compromise a domain controller and an additional two days to write a professional pentesting report. Here is the official description from the TCM Security website.

Practical Ethical Hacking – The Course

The Practical Ethical Hacking (PEH) course is 20 – 30 hours worth of material going over the basics of ethical hacking. The course covers the basics of exploitation, ethical hacker methodology, the stages of ethical hacking, information gather, hacking linux, Active Directory, pentest report writing and legal documents, and even some web application exploitation techniques like SQL injections and Cross-Site Scripting (XSS). Each lesson is a video anywhere between 5 and 20 minutes long walking you through each step of the process being discussed. There’s a course capstone that consists of 3-5 vulnerable virtual machines to practice the skills being taught. One thing that sets this course apart from other ethical hacking courses is the extensive Active Directory pentesting skills. Heath does a great job breaking each topic down in ways that a beginner can understand. It culminates in an Active Directory home lab you can set up to follow along with the materials. I will go over setting up a home lab in a future post. There’s also a hands on lab for the web penetration testing section.

You can find older versions of parts of this course on YouTube, just search ‘Practical Ethical Hacking’ and click the video from The Cyber Mentor. Everything you need to pass the test is in this course. I had a blast going through these videos. I went from no knowledge of hacking or Kali linux tools to being able to hack some boxes from VulnHub on my own without looking anything up! It is very thorough and is a great beginning preparation to the coveted OSCP exam.

Exam Advice

There is a strict rule about divulging any exam specifics and doing so could risk having the certification revoked. The exam two days plus an additional 2 days to write a professional pentesting report. It is open book and you can use any tool or resource available to you. You will need your own Kali virtual machine. TCM will provide a VPN to connect to the exam server as well as sample reports, the scope of IP addresses, and the rules of engagement. If you fail, you can submit a report of your progress and TCM will provide a hint for your next attempt. Here is my advice for passing the exam:

  1. Get plenty of sleep
  2. Make sure to eat and take lots of breaks
  3. Everything you need is in the course
  4. When you get new information, ask yourself, “what can I do with this information?”
  5. Make sure you include screenshots for EVERY step to domain compromise
  6. The rules of engagement will provide example pentest reports. You can use those as a template and just substitute your own information and screenshots
  7. Take plenty of notes during the course
  8. Everything you need is in the course
  9. Go through the Active Directory section twice

All in all, it was a great experience. There is nothing more satisfying than the moment a puzzle you’ve worked on for so long finally clicks into place. I felt like I was doing a real penetration test, or at least what I imagine a real penetration test is like. I’d highly recommend this exam for anyone looking for an introduction to the world of penetration testing. I don’t know how the certification stands up as far as employment and industry recognition, but its a great place to start. The course took about a month to get through, though I do have a lot of time to spend on studying. Since its a practical exam, the only way to study is to try hacking Active Directory, so make sure to play around in the lab environments.

I purchased the Practical Network Penetration Tester (PNPT) exam, which is an intermediate level hacking certification. That will be my next challenge. I’ll keep you updated. Wish me luck!

Happy hacking!

Category: certifications, ethical hacking | Tag: , , , , , , , , ,