
Welcome! This is the Exam Coaching session for the eJPT certification. In this lecture you'll get an overview of the certification and how earning it can help improve your skills as a penetration tester. It can also be an item on your resume that helps separate you from others, showing that you have demonstrated the hands-on techniques needed to conduct a professional penetration test.
The eJPT bridges the two current extremes of penetration testing certifications. It offers a balanced approach for:
- Ensuring hands on skills are measured by validating penetration capabilities beyond question / answer scenarios
- Moderate cost for the exam voucher (in some cases there is a retake option)
- Differentiate yourself from traditional Q&A type exam certification holders
- Use the eJPT as a stepping stone to more advanced certifications where intense hands-on skills are needed
Pack Of Coders provides online technology training that's targeted at various skill levels. We seek to provide students with a better understanding of technology, software development practices, and cyber security topics.
This lesson deals with giving you an overview of the process related to purchasing exam vouchers and getting started with your certification exam.
The eJPT certification exam is different from standard exams that are built around asking a series of questions. To pass the exam and earn the certification, you'll need to have hands-on skills. This lesson outlines some of the differences between traditional exam and performance based exams.
Penetration testing is a process - there is a repeatable pattern that can be applied. When this pattern is applied, you can expect better results from your testing efforts. In this lesson, we introduce a testing methodology and approach that can help you on exam day and during your career as a penetration tester.
This lesson covers the basics of gathering information on target systems and highlights why this is such an important foundational step for penetration testing.
Whois is an open source database of domain registrations. Learn how to leverage it during testing!
Much can be learned about a target organization through web site browsing and searching social media. Learn the basics of site browsing from the perspective of a penetration tester.
This section of the course will show you how to leverage Burp Suite to automate your web crawling efforts. Learn to configure the Burp proxy and spider a target web site!
Wireshark is a powerful tool for capturing network traffic. This section covers the basics of Wireshark capture and display filters as well as common packet analysis techniques.
Here's a quick re-cap of some of the important items from this section.
Footprinting a network and then scanning hosts is a critical skill that's needed to earn the eJPT certification. This section of the course will give the basic needed in order to map a target network.
Learn to make use of a basic ping command as a first step in mapping a target network.
Learn to use the Linux utility called Fping. Fping is designed to help you conduct ping sweeps of entire networks.
Nmap is a utility for network discovery and security testing. Nmap uses raw IP packets to determine which hosts are available on the network and what types of services the hosts are offering. In addition, it can return information related to services and operating system versions in use. This portion of the course gives you the basics on this powerful tool!
Netcat is an all-purpose networking tool that allows you to open connections between systems. One of the ways you can use netcat is to fingerprint web servers. This lesson teaches you the basics of web server fingerprinting with netcat!
When trying to fingerprint a web server that uses HTTPS, you need tool that's up to the task. That's where OpenSSL comes into play!
A quick pause to re-cap important items from this section.
Once we have an idea of the scope and range of our targets, it's time to begin to compile an inventory of potential vulnerabilities.
CVE provides a database of known vulnerabilities that impact systems and services. Learn how to leverage this powerful knowledgebase during your testing.
One of the vulnerability scanners that penetration testers have relied on for years is Nessus. This lesson will give you and overview of the tool and help guide you to success with getting it installed in a lab environment.
Nmap is a powerful tool. Learn how to combine Nmap's version detection with custom scripting to perform vulnerability assessments.
Let's pause and review key topics in this section!
We now start to go hands-on with launching attacks against web applications. This section will give you the basics of conducting both manual and automated assessments of web-based applications.
Forced browsing is essentially brute force browsing of a web site. Learn how you can automate this process using DirBuster.
Many times, developers will store sensitive data and values inside cookies. Learn how to spot this and take advantage of these flaws during your testing.
Sessions are they key to maintaining an on-going conversation between browser and server. This lesson teaches you how to spot and exploit these flaws during testing.
Cross Site Scripting (XSS) is an easy to execute and dangerous attack against web applications. Learn the theory behind how different XSS attacks are crafted and see demonstrations of these attacks.
Altering the way a user views the content of a web page can be a powerful attack. This lesson is a case study in how you can launch a XSS attack, which leads to a social engineering encounter.
SQL Injection is a way of attacking a database through flaws in the web application layer. Learn how to manual test for these types of injection vulnerabilities and then walkthrough an exploit.
Another powerful injection attack deals with sending operating system shell commands as input to web applications. This lesson shows you how and why this might work on certain web applications.
Web Shells are a powerful tool for penetration testing. Learn the skills needed to determine if an application is vulnerable to upload web shells. Then see how to write your own shell, deliver it to a target, and use it to run operating system commands.
There was a lot of material in this section. Let's review...
This section deals with attacks against password stores and authentication. Learn the theory as well as the practical techniques you can use during the exam.
John The Ripper sets the bar high for offline password cracking. Learn how to use this powerful tool for pure brute force attacks as well as dictionary based password cracking.
Hydra is fast and versatile when it comes to breaking system authentication. Learn the basics is this lesson!
This part of the course will give you the basics to attack systems at the NetBIOS level - using the flaws in the Windows networking system against itself. We'll also cover how you can maintain control over a system with netcat shells. The section concludes with a detailed walkthrough of using Metasploit and Meterpreter to deliver powerful exploits and payloads.
NetBIOS is used whenever a Windows system takes part in a network. Learn to use different NetBIOS flaws and vulnerabilities when attacking these systems.
Have you ever encountered and old, out of date Windows system on the network? If so, it might be a prime candidate for a Null Session attack. Learn the basics of null sessions in this lesson.
Shells are the key to maintaining access to a compromised system. In this lesson, we'll walk through the theory behind two common types of shells: bind and reverse shells.
Now that we know the concepts behind shells, we'll use netcat to establish bind and reverse shells in the lab.
Metasploit is a powerful framework for the creation and delivery of exploits. Learn the basics in this lesson.
Once a system has been compromised through Metasploit, you can leverage this powerful shell to not only issue operating system commands, but also elevate privileges and dump password hashes.
The eJPT is a 100% hands-on certification for penetration testing and essential information security skills.
By passing the exam, a cyber security professional proves they have the core skills needed for penetration testing. Earning this certification is a great way to separate your resume from others or show that you're ready for a rewarding new career.
If you want to set yourself apart from traditional certifications, but aren't ready for the OSCP or CEH Practical, then the eJPT hands-on certification might be what you're looking for.
Throughout this course, we'll be covering topics to help you self-study as you prepare for the exam. By earning the eJPT certification, your skills in the following areas will be assessed:
Critical penetration testing processes and methodologies
Information gathering and reconnaissance
Basic vulnerability assessment of networks and web applications
Exploitation with Metasploit and Meterpreter
Manual exploitation of web applications
Scanning and profiling target systems and networks
Netcat for bind and reverse shells
Nmap for system fingerprinting and scanning
SQLmap for automating SQL Injection attacks
Burp Suite for web attacks
Hydra for attacking authentication
John The Ripper for password cracking
DirBuster for forced web browsing
TCP/IP protocol and routing
Local Area Network (LAN) protocols and devices
HTTP and web technologies
By analyzing the exam outline and data published to the public, we'll anticipate the types of skills you'll need to improve your test performance.
The course covers eJPT and eJPT v2 content and also provides a section dealing with skills and tools that should not be overlooked during your exam prep. Several cheat sheet type pages are also provided as a reference for key penetration testing tools and scripting languages.
And as a conclusion to the course, a comprehensive exam strategy is outlined!
Just Updated with a Additional Content section
Get additional lessons and LIVE demonstrations of ethical hacking tools and techniques to assist you with earning the eJPT certification!
Note: This is unofficial training / editorial commentary on the certification, products, and skills.