 Hello everyone, my name is John Hammond, and I want to talk to you guys about certifications. Specifically, I want to talk about the EJPT certification or the E-Learn Security Junior Penetration Tester. If you'd like to follow me on social media for some reason, you might have noticed just recently over the past few days, I was screaming about the fact that I accomplished it, got it done, and picked up the certification for EJPT. That certification comes through from the PTS course or the Penetration Testing Student course that E-Learn Security offers, and I want to offer my opinion and some things to you guys, so you'll have a little bit of a course review, some discussion on the exam, and just general views that I think might be worthwhile. So here we go, let's do that. Talking about the course, talking about PTS Penetration Testing Student, honestly, in my opinion, I think this course is awesome for anyone that is new and green, kind of a beginner to the whole cybersecurity scene. They want to get into pen testing, they want to get into red teaming, being that ethical hacker. What the PTS course does is it offers the fundamentals in a super easy, really friendly, kind of guided, hand-holding way. As far as the actual content, as to what you're going to end up learning, what it covers in the course, what they test you on in the exam, at the very, very beginning, they start you with the bare-bone basics. They talk about like, this is what an IP address is, this is what a router is, this is what a submit is, this is what a network is, so you understand like, okay, how does it all come together in that big picture grand scheme view of things between when you're doing an internal penetration test, when you're doing a penetration test, moving across, pivoting, going through machine to machine, how does that really look? What do all those numbers with periods in between them actually mean? And then it gets into this a little bit more solid, tangible things where you're actually on the keyboard working with them. It talks about how you can develop your own tools with C and C++, how you can exploit some C and C++ programs. They talk a little bit about buffer overflows, which is cool, and then they talk about how you can build your own tools, kind of help build out your own toolkit and your arsenal within Python, and that's great. And then eventually they'll slowly introduce you to other tools that you might actually use for an actual penetration test or some of the brute-forcing techniques that you might do or some cross-site scripting attacks you might perform or SQL injection that you might do. So you're going to become familiar with NMAP, with Hydra, with Derbuster, with SQLMap, and a ton of tools that are going to come in handy for actual penetration testing, and eLearn Security honestly introduces them to you in a super nice way. Super friendly, super easy. I don't want to spend too much time on all the information you can already find yourself. If you go online, visit their website, elearnsecurity.com, just simply search for that PTS course or the EJPT exam and certification process. They'll already kind of go into everything that I've already been discussing with you and telling you about now. They do have their syllabus, which is a big PDF file you can download, and that has a giant nice table of contents that explains here are some of the things you're going to learn about in each module, and it'll actually deep dive and break down that module to get more in depth than what I'm going to do here in this video. What I would like to do, though, is I'd like to show you guys how it looks from the inside. Right? Let's say you're a person who's bought the course, what does PTS look like when you're interacting with it and working with it inside of the member area? So you can see all the different modules broken down into lessons and things you're going to learn from. You can see they have different slides you can download in a PDF form or view them in your browser with HTML5. And one thing that I really recommend, this is just kind of like life advice for someone in the cybersecurity or computer science scene, get yourself a lot of external hard drives or just, I don't know, have at least one that you can dedicate to like a library of all of the different certifications that you've gone after. So I have this thing loaded up with some of my files when I went through CEH, when I went through OSCP, and now I threw in a course, the material and resources that come from this EJPT or the PTS course. So I'll have them to always look back on. I can always kind of review them if I know, hey, in the real world, I remember doing something with this in the course. I've already got that material just ready for me to work with and access. So I really recommend you guys doing that. Just have your own library that's portable, you can carry it with you and you'll have all of your material notes, things that you've done in the past readily available to you. I bought like a ton of these. Look at this. Goodness. You can see them all dropping. I literally just, the other day, I bought like nine of these things. So really recommend that. So the course will offer tons of resources. For one thing, you have slides, you have videos, you'll have the PDF that you can download, and you'll actually have all the resources for the course. And you have the HERA lab environment. So the lab environment is awesome because it's like a specific scenario tailored to what you're going to learn in that lesson or that module, and you'll have all the resources already set up to use it. All you do is download a virtual VPN key, virtual private network, and that way you can use that with open VPN and whatever your Kali virtual machine or your host or Bantu that I use, whatever the case may be, you can go ahead access that lab and they'll give you a little PDF or some instructions like a guide that will tell you this is what you are actually trying to accomplish. And they give you the solutions to it. At the very, very bottom of that PDF, you can say, okay, this is what I needed to do. If for some reason you're banging your head against the wall, you absolutely can't solve it. It's not really advised to look at that before you solve it. But once you've seen, okay, this is how you accomplish a task. This is how you solve that lab, that challenge, that task. You can read about their intended solutions. Another thing I do want to mention for the lab section here, especially specific to PTS is that at the very end, you have three practical black box penetration testing labs. And these are awesome because for one thing, if you're new to the scene and if you've never actually done this full pen testing before, this is going to be awesome because it totally represents what you might do in like a job interview if you just need to prove your practical hands on the keyboard skill set. And this is great test prep because the exam itself is going to end up being a practical actual pen test. Well, if you can run through all three of these black box lab exercises, then the exam is going to be a breeze. And something goes wrong. You're struggling a bit. Maybe you just aren't getting over that hurdle. One of the things that I love about eLearn security is that they have student forums. So for the course that you're taking, in this case, PTS, a penetration testing student, you have an online resource filled with tons of other students and the instructors that teach the course that record the videos that Taylor and fine tune the content are in the forum and you can talk with them and they'll totally help you. That's awesome because you actually get even just even though it's an online course, you have that student and instructor kind of relationship and information gathering asked for help if you need to. So let me talk about the price. PTS comes in three tiers or kind of additions, how you can purchase the course and the exam. It comes in the bare bones edition, the full edition and the elite edition. So I super duper recommend the elite edition that where you can download the PDF course where you can actually take the exam and have more access to the labs. And that is only $4.99. The full version is $3.99. And honestly, that price is just an absolute steal. If you think of other certifying bodies or courses similar to this, oftentimes that price is double that or in some cases even 10 times that. And I would argue honestly this course and elearn securities content is just as good if not better than those other certifying bodies. So I really, really think this is worth it. You can also get the bare bones edition totally for free. If you go join the ethical hacker network. Note that that bare bones edition does not include the certification exam or any access to the labs. But if you want to go check it out, I have actually done a shell code for the masses webinar with the ethical hacker network. So please go check that out and you can get a free copy of the bare bones edition of PTS. And if you're not too interested in PTS itself, maybe penetration testing and red teaming just isn't your thing. Well, don't forget elearn security has tons of other certifications that you might not see at another certifying body. I love the fact that they also have blue team courses and blue team certifications and exams. Not just strictly offensive red teaming and pen testing, but you also have incident response and defense in depth and a lot of other blue team stuff. And elearn security updates their courses all the time, like much more frequently than I've seen other certifying bodies do. They might actually refresh a course within two years, three years or even less than that depending on the upkeep of that actual course. Obviously elearn security. Their whole manifesto is about being on the keyboard. It's about real technical stuff. It's like actually doing the practical hands on applications that are necessary for this field, right? Because obviously to be a cybersecurity practitioner, to do things with computer science on the computer, you have to be on the computer. You don't want to just talk about it. And so that brings me to the exam. So the exam is really interesting because it is multiple choice. It's 20 questions multiple choice and you have to get a 75% to pass. So 15 out of the 20 questions have to be correct. But it is paired with an actual, like actual on the keyboard, a pen testing exercise and an activity. It's doing real world practical things to really prove that you have this penetration testing skill set. And I love that because, yes, it's multiple choice and that's a benefit to you as a test taker. And one of the interesting things is that you can go ahead and use the test to take the test, right? Because the questions will probably contain some useful information in their question prompt and the possible answers because, oh, maybe it lists a couple IP addresses and one of them is a potential target. You're trying to make sure that is one kind of network service. Well, you could start to look for those actual IP addresses, see if they really exist or try the set of passwords, see which of them will work, et cetera. And that's good in a sense. Okay, maybe you're gamifying or kind of taking some advantage of the test itself, but I don't think that's a bad thing. I think that's to help you and sort through what you're really working with. There is no stress in writing a long report at the end of it. There's no stress in making sure that it's in a time period crunch because, so this example, PTS, right? The EJPT exam gives you three days to take this test. 20 questions. It's great because it has that practical application. You are VPNing into a network, and that network has a couple machines you can reach out to and poke and attack and abuse. And then behind that machine is a whole other network that you'll have to break into and also find, unravel more pieces of the puzzle through that. So that's really cool because the whole, like pivoting and port forwarding and actually being able to hop from one machine to the other inside of that penetration test is something that I haven't seen in other certification exams or other practical cybersecurity pen testing exams. So I really like that a lot. Another nice thing is you can take the test whenever you want. When you buy the course, you have a little button in the exams kind of section of that member area that says begin certification process. And then just like that, you start your exam. You download your VPN key and you're ready to go. There's no days in waiting because you don't have to write a report or anything or do anything after the fact. It's immediate because it's multiple choice, right? It'll auto grade everything that you've done and just like that, it'll tell you whether or not you passed or you failed, get your certification or get ready to try again. Awesome. So it took me, again, I say you have three days to go ahead and actually finish the exam and answer all 20 questions. I think in total, I spent, admittedly, just me personally, I spent eight hours on the exam and I believe I had more than enough to pass in the first three hours because I guess I have a little bit more back on a little bit of experience so I've done this kind of thing before. And that will bring me to kind of my other topic of conversation is how does this compare to other things that you've experienced with? Or some of the messages that I'd seen when I kind of screamed about this on social media is someone had said to me like, hey, that's baby stuff for you, John. Like that's too simple and for you. And I don't want that to go into some people's heads. They're like, oh, because it says junior penetration tester in the certification or because it's pen testing for students. Look, this is a technical certification. This is a technical exam. And with that, there's going to be a little bit of difficulty no matter how things go. Like, I don't know, actually, this is just me thinking back to the exam. I had a lot of trouble trying to pivot and trying to port forward and move around because the shell, the machine that I'd compromise, I would use that, my interpreter session I'd try and port forward or auto route or set up some proxies to be able to move through. And every time I tried to access a port that I forwarded to access my machine, suddenly my interpreter session would die. I don't know why. Whatever technical, it's technical stuff. I didn't particularly try and deal with it. I actually found a good work around download Plank. Make sure you know how to use Plank. Really suggest that if you can't pivot or can't port forward, this test become very, very difficult. So download Plank, use Plank in my suggestion. But I want to drive the point home that because it says junior in the name or student in the name, don't let yourself think, oh, this is cheese. It's a certification, man. That's top-notch stuff. Some other questions that I've been asked is how does this certification, how does EJBT compare to something like CEH? So I have strong opinions on CEH, EC Council certification. And again, I'm not trying to, I want to be as impartial as I can be. I want to be as where I can. I want to stand where I can without kind of badgering or badmouthing any particular thing or person. I just think that in the multiple choice exam where you don't have a practical application, and I realize CEH now, and I think version 10 or something, they have a practical applicable portion of it. So speaking, just what I've seen in just a multiple choice portion of CEH, Certified Ethical Hacker, it's a multiple choice exam where you go through flashcards and repeatedly memorized with rote memorization what you might need to know to take the test. So you don't actually get your hands on the tools. You don't really get to know any of those things that you're actually working with because unless you go through some labs or tinker with it or explore it on your own, it just doesn't stick and it doesn't retain the way that you need it to in an actual cybersecurity penetration testing scene in the real world stuff. So the practical application is really what I really vouch for and I love that. So with that, the conversation then becomes how does EJPT compare to something like OSCP, the Offensive Security Certified Professional? Again, please let me put a disclaimer. Trying to be as impartial as I can be and trying to be not pointing fingers or naming names now that I've actually introduced names. So what I want to say, because I've heard people say, oh, I'm going to use EJPT as a kind of a stager. That's a good word for it because it's got that cyber sense to it. Or like a middle ground. I'm going to use PTS to help myself prepare for OSCP. I think that's fair. I think because PTS is so generous and because the course is giving you so much time three days for a 20 question thing, it's much more approachable and I don't think that's bad because OSCP, it has a lot of mystique to it because it's very scary and ominous. So like, oh, I got 24 hours to break into five machines and their prompt is like, here's the IP address. Go, break in. PTS using it to, again, as a springboard to move into OSCP is not a bad thing. Does it compare as it's the same level of penetration testing? Yes. In fact, I'd argue PTS is a little bit more real world because you don't have the limitations or oh, you can't use this end of metasploit or you can't use this utility. You can use whatever tools you want and you're going to pivot. You're going to port forward. You're going to move around laterally in a network and I haven't seen that happen. I don't think that happens within OSCP. So this video is coming on the tails of OSCP and PWK's new upgrade and update where they've made the 2020 edition of OSCP and that pen testing with Cali course and now they've introduced active directory and some PowerShell attacks, et cetera, PowerCat and other things. And again, I'm not trying to badmouth or point fingers in one direction or the other, but it's so funny because I say, wow, that's something that I know eLearn Security has in their ECPTX or I think they touch it in PTP or that ECPT course. So it's cool when I note them and I'm trying to just be someone in the community, someone in the industry that is looking and surveying the scene and saying, what are the good certifications? Where am I going to learn the most from? And while you get introduced to some cool topics, I really, really love the content and quality of the material that comes from eLearn Security. I don't think you can fight that. Obviously the student resources, the student forums, you've gotten a little bit of that with OSCP. I like how helpful eLearn Security wants to be with everything and they don't have, like if you need to ask for help, if you need to ask for some assistance or something just isn't working and you really feel like it should, you just need some technical assistance, whatever the case may be, if you were to approach them, they don't tell you just, oh, go away, go pound sand, try harder. I'm not a big fan of that manifesto. I'm not a big fan of that mantra. It's just, I don't see that as an awesome marketing scheme. Tough love is good, right? Especially in this cybersecurity scene, because everything you can learn, you can find on, everything you want to learn, you can find on Google. You can research and track down yourself. But I love that eLearn Security is giving you the most bang for your buck and exposing you to so many other technologies. And does it compare well to other certifications? CEH as maybe a sister cert or not, because it's considered itself an introductory or for beginner certification. Well, it's got that practical spin on it. How does it compare to OSCP? Well, it's got a little bit more pen testing, actual pivoting, port forward and lateral movement. I not just really like, I don't know. I had a great experience with eLearn Security and I do really, really, really recommend, go check out that certification, go check out that whole certification body, go check out what they have to offer. I really think you're gonna love it. You're gonna learn a lot of good stuff. So also, this makes me laugh so hard. I just really want to share this with you guys because I think it's fantastic. When I was cheesing on the social media on Twitter, I was like, yeah, I got the certification. Woo. And eLearn Security responded with Rick and Morty Jif and they were spot on because my caption was absolutely a Rick and Morty reference. All right, thank you guys so much for watching. I really hope you enjoyed this video. If you did, please do press that like button. If you didn't, press the dislike button twice so I know you didn't like it that much, leave a comment, do the whole YouTube algorithm thing. If you want to know a little bit more or you just want to chat with me or if I can answer more of your questions specifically to PTS and EJPT, please do not hesitate to reach out. I want to be as open as I can be to you guys. I'm on LinkedIn. You can message me on Discord. You can email me. I want to hear from you. Have you taken the certification? Do you like it? Where do you think it lines up in the other certifications in the industry, in the community? What do you like best? What do you want to see more of, etc., etc. So thank you guys so much for watching. I'll see you in the next video.