Open in app

Sign in

Write

Sign in

How I Passed eJPT, eWPT, eCPPT in DAYS

Jacob Masse
5 min readOct 16, 2024

--

About Me

I’m Jacob Masse, a cybersecurity professional with a passion for penetration testing and secure development. Over the past four years, I’ve worked in various roles that span full-stack development and cybersecurity, including security engineering and application security. My experience has given me a deep understanding of both the technical and strategic aspects of cybersecurity.

After taking a year-long hiatus from the cybersecurity field, I decided it was time to jump back in and refresh my skills. To do this, I set my sights on obtaining the eJPT, eWPT, and eCPPT certifications. This journey not only reconnected me with my passion for cybersecurity but also allowed me to update my knowledge.

Introduction

Since I was just getting back into cybersecurity, I thought I’d go for a few certifications that I’ve always wanted. I started by creating a document planning out which certifications I would take in their appropriate orders, as well as studying resources and timelines. The first three certifications (in order) were eJPT, eWPT, eCPPT.

Taking the exams in this order enabled me to connect the knowledge and experiences from each exam to the next, allowing me to work more efficiently and develop a solid understanding of core concepts.

And, of course, the proof:

https://certs.ine.com/profile/jacobmasse296956/wallet

Study Methods

To study for the exam, I used a combination of the following study methods. These all contributed to the successes I had in the exams:

  • Flashcards: Since I was just coming back into cybersecurity, I made flashcards of common tools and their usage, basic terms, and other methods/processes that would be helpful in the exam as a refresher. My main idea with this is that it would save me time in the exam if I knew what to run. This could be adapted to any exam, even if you are actively in the field.
  • Hands-On Practice: I got familiar with the tools I was going to use on the exam beforehand to avoid any difficulties. This ties into the next section, which is just about being familiar with the kinds of software and systems you are attacking.
  • CTFs: I subscribed to the Pro Plan on Parrot CTFs and did a lot of their boxes to prep me for the exam, along with a little bit of TryHackMe. Parrot CTFs is EXTREMELY helpful to pass any certification with flying colours, as they keep updated and realistic labs to practice with. Parrot CTFs’ Academy is also really helpful for learning harder AD concepts. I took one of their AD certification rooms as well, which prepped me for the AD section on the eCPPT pretty well, combined with some additional labs.

Even though this is a hands-on exam, it is important to know WHY you are doing what you are doing and what is going on behind the scenes when you use standard tooling in Kali Linux. This can be extremely helpful in situations where you need to improvise a method, modify an exploit, or write your own script to accomplish a task during the exam.

I consistently studied using a combination of these methods for around three weeks before starting the first exam, and then I added new flashcards or tweaked my existing flashcards for the next exam.

Resources Used

I don’t have an exact list of resources that I used, but I chose not to rely on the official eLearnSecurity courses for my studies. Instead, I opted for self-study using resources from the internet and other educational platforms. Preparing my own study materials not only catered to my learning style but also helped me save on costs.

  • Online Tutorials and Blogs: I leveraged free content from websites like Hackersploit, HackTricks, The Cyber Mentor, and various other cybersecurity educational materials. These platforms provided in-depth tutorials on specific tools and techniques that were directly relevant to the exams.
  • YouTube Channels: Channels such as IppSec, John Hammond, and LiveOverflow offer walkthroughs of Capture The Flag (CTF) challenges and explain complex concepts in an understandable way. Watching these videos helped me grasp practical applications of theoretical knowledge.
  • Community Platforms: I used platforms like TryHackMe and Parrot CTFs to get hands-on experience with real-world scenarios. These platforms offer labs and challenges that mimic the kind of tasks you’d encounter in the exams.
  • Books and eBooks: I referred to classics like “The Web Application Hacker’s Handbook” for web vulnerabilities and “Penetration Testing: A Hands-On Introduction to Hacking” for general methodologies and techniques.

I compiled my own notes, cheat sheets, and flashcards based on the information gathered from various resources. This personalized approach reinforced my learning and provided quick references during study sessions.

Tips and Tricks

  • Open Book, Open Internet: These exams are open book and open internet! Don’t be afraid to reference any information you used to study or to research any new software you may discover to get a better understanding of what you’re dealing with. This is encouraged during the exam, and it is best to organize your materials in a way that they are easily accessible to avoid wasting time when referencing your cheat sheets and such.
  • Trippy Browser Environment: Get very familiar with the browser environment that INE forces you to work within. You will be in a machine through a browser and need to use a browser in that machine, or a browser in the machine in your browser needs to access another machine over RDP and use that browser — it’s very trippy. It is even worse when you have a mushy brain towards the end of the exam.
  • Copy and Pasting: Learn how to use the Apache Guacamole in-browser Kali Linux machines that INE provides before the exam. I wasted lots of time writing out hashes and other long strings between my browser machine and host system during my first exam. Copy and pasting is possible, please don’t be like me and waste time and energy.
  • Read the Engagement: It is important to read the LoE (Letter of Engagement) before starting each exam, as it gives you relevant context to what you are testing. This can help with creativity and thinking on your feet, and it gives you a general direction to take while testing. BE AWARE: For some of the exams (eCPPT specifically), INE will lead you astray in the LoE. For example, sometimes brute forcing can last longer than the 10–20 minutes that INE says, and they advertise incorrect wordlists to use for SOME questions. This will make sense once you take the eCPPT.

Overall Thoughts

Jumping back into cybersecurity after a year away was challenging but incredibly rewarding. The approach of taking the eJPT, eWPT, and eCPPT exams helped me rebuild and enhance my skills. The hands-on nature of these certifications ensures that you’re not just learning theory but also applying it in practical scenarios, which is crucial in this field.

My prior experience in penetration testing allowed me to approach the exams with a solid foundation. Understanding secure development and having hands-on experience with exploitation techniques gave me an edge in identifying vulnerabilities and thinking like an attacker.

Cybersecurity
Ejpt
Ecppt
Certification
Studying

--

--

Jacob Masse
Jacob Masse

Written by Jacob Masse

28 Followers
15 Following

Developer | Pentester | Director of Operations @ TrazTech Solutions LLC https://www.linkedin.com/in/jacob-masse-836371226/

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams