What’s up, fam? 🌟 Hope you’re doin well !

If you’re here, it means you’re probably planning to either prepare for or take the eJPT exam. I’m here to share my journey — how I passed the eJPT, the steps I took, what to avoid, and how to streamline your preparation.

The Backstory: I was initially searching for an internship in a VAPT (Vulnerability Assessment and Penetration Testing) role. I got selected for a position, but it was for a GRC (Governance, Risk, and Compliance) role, while my interest lay firmly in VAPT. When I inquired, they mentioned that a certification like OSCP, eJPT, or at least CEH was required as part of their hiring criteria. Since I felt CEH was too basic, given my knowledge at that level, I decided on eJPT. It’s practical, challenging, and competitive — just what I was looking for!

Don’t Like Reading? Here’s my Youtube video on this !

Mastering eJPT | 2025

My Background:

I have been in the cybersecurity field for the past three years and have extensive experience participating in Capture The Flag (CTF) events. Additionally, I organize CTF competitions at my university, where I create CTF machines and invite teams and individuals to participate. As the Joint Secretary of the Cybersecurity Department, I lead a team of over 20 tech-savvy individuals. I have also taught more than 200 students at a prestigious university in Bengaluru for a Cisco certification program. Overall, I consider myself to be at an intermediate to advanced skill level in this domain.

Certification Details

1. The certification cost me around 20,700 INR on October 8, 2024.
2. It is entirely practical, requiring you to hack into vulnerable machines, access the information requested in the questions, and select the correct answers.
3. You have 48 hours (2 days and 2 nights) to complete the exam, which includes 35 multiple-choice questions.
4. I encountered 4 Windows servers and 2 Linux machines in the DMZ, but I only compromised the 4 Machine ( 3 Windows & 1 Linux), as the questions were focused on those systems. However, I scanned all the machines to gather as much information as possible.

Purchasing Date:

I purchased the voucher on October 8, 2024, which included three months of lab and course access.

Preparation:

The course was extensive, totaling 151 hours and 34 minutes of videos, labs, and quizzes. I wanted to review the course content to understand the scope of the certification. The topics covered included Information Gathering, Scanning, Gaining Access, Privilege Escalation, and Clearing Tracks, which aligned with my prior knowledge. However, I wanted to ensure I didn’t overlook anything due to overconfidence.

I began watching the videos on October 11, and by the end of the first day, I had completed around 22 to 25 hours of videos and labs. I watched at 2X speed, and I must say, Alexis Ahmed’s delivery was exceptional; I was able to grasp the material clearly, even at that speed. That said, I wouldn’t recommend watching at such a fast pace unless you’re already familiar with the content. It’s important to set a video pace that works for you.

First day i have completed 100% of the 1st section of module. but after that i was just skipping the videos in b/w as i already knew that thing , so i didn’t want to spend so much time on that. i don’t reccommend you to go like that , please complete the course if you are unaware about any topic.

As you can see in this screenshot, I skipped a significant portion of the course material. Shortly after, my university exams started, which lasted for about 3 to 4 days, requiring my full attention. I paused my course preparation during this time and focused on my exams. I managed to complete all the course content by the morning of October 30th.

Why We Should Watch the Course Content:

After passing my exam, I realized that if I had attempted it without proper preparation, I could have managed, but it would have taken me a much longer time to solve the machines. The course included a lengthy section on Metasploit (MSF), which I wasn’t accustomed to using, as I preferred manual methods. However, through the course, I discovered the importance of MSF and completed that section thoroughly. It was an eye-opening experience, as it significantly streamlined my work with multiple targets.

I learned how to create workspaces for different targets, set up a database to store information, and utilize Meterpreter effectively. Additionally, Alexis shared his experiences during various penetration tests and scenarios, which provided valuable insights. Therefore, I highly recommend completing the entire course before taking the exam.

Note Taking:

As I mentioned, I watched everything at 2X speed and skipped some parts, but I remained focused on the key points. I made sure to take notes on everything I deemed important, even the basics, using different color highlights and proper formatting. In the cybersecurity field, we understand the value of good note-taking, and my notes proved invaluable during the exam, saving me a lot of time that would have otherwise been spent Googling information.

I used Obsidian for my note-taking since I had been using it for a few months, making it quite convenient for me. However, you can choose any tool that works for you; many people recommend CherryTree, but the choice is yours. I even continued to make notes during the exam in Obsidian, jotting down anything useful, such as passwords, usernames, and flags.

Below ,You can see the screenshot of the notes I took during the exam.

Battlefield: The Exam Time

I started my exam on 30th October 2024 at 10 PM with some caffeine.

Phase 1: 10 PM — 5 AM

1. I started Nmap scans with different parameters in order to find all live hosts on the DMZ.
2. While scanning was ongoing, I read all 35 questions in order to set a limit on my findings to save time and not waste it on finding unhelpful information.
3. The questions were based on what the IPs on the network were, usernames, the root password, etc.
4. Around 45–50 minutes in, my initial scan was done, and at that point, I had a proper and clear list of the IPs I needed to compromise. I kept creating different workspaces for whatever IP I was compromising.
5. I started hacking around 11 PM and worked straight until 5 AM. I compromised two machines: one Windows machine with administrative privileges and another Linux machine with root access. This was significant because ten questions were based solely on that one Linux machine.
6. I set up backdoors on the machines in order to regain access in case I lost it.
7. I reviewed the questions again and had answered 16 questions, with 3–4 in doubt, so I flagged those to revisit later after completing the other machines.
8. Then I felt a bit hungry, so I ordered food and called my parents since it was Diwali; I wanted to wish them before going to sleep. I called them around 6 AM, and within 5–10 minutes, I received my food, ate it, and called it a day and went to sleep.

Note: I took a few small but frequent breaks to get some fresh air 🌬️. I also recommend you do the same.

Phase 2: 2 PM — 10 PM

1. I woke up at 2 PM after a straight 7–8 hours of sleep. After freshening up and having my brunch, I returned to my chair to hack the remaining systems.
2. In front of me were 2–3 DMZ hosts and a system that required pivoting. I started working and gained administrative access to the third machine in just half an hour. After that, I took another break and chatted about some random college topics for an hour with my flatmate.
3. I resumed my work and, by 9:10 PM, had gained access to all the machines. I was hacking a machine that was present internally, but while reviewing the questions, I discovered that there were no questions requiring a flag submission for internal machines, so I skipped those.
4. I double-checked all my answers and submitted the exam before 10 PM. And guess what? I passed the exam! 🎉 I was so happy and also a bit confused 🤔 (more on that later in this post).

Batch :

So I shared this news with my family, and they were also happy! Since it was Diwali, this became the best Diwali gift I could give myself. 🎁

Note: During phase two, I also took plenty of breaks due to numerous calls from my relatives, friends, and other family members wishing me well. Overall, after taking many breaks and getting some fresh air, I completed this exam in just 12–14 hours.

After Exam Experience :

I felt incredibly motivated after completing the exam, especially since it’s considered an intermediate certification. Achieving a good score boosted my confidence tremendously. 🎉 Throughout the exam, I didn’t run out of ideas; it really highlighted my strategies and methodologies for pentesting, particularly on Windows machines. 💻 I wasn’t initially confident with Windows, but this experience has significantly increased my confidence in that area. I highly recommend pursuing this certification — not just for the credential itself but for the valuable knowledge and diverse strategies you’ll gain, which will benefit you along your journey. 🚀

Challenges Faced:
To be honest, I didn’t face any significant challenges; I was full of ideas. There was only one instance where I got stuck, but come on, “try harder” is something I learned from Offensive Security 💪. Overall, it was a smooth experience.

Labs Connectivity:
The labs ran exceptionally well during the exam 🚀. I read some comments on Reddit mentioning that they often had to reset the labs, but mine were running like a car on the Delhi–Agra Highway, lol 😂. I did face some issues with copy-pasting since the labs were browser-based, but I had spent a lot of time on TryHackMe labs, so I was used to it 🖥️.

Things to Keep in Mind While Preparing:

1. Procrastination: Complete your course and take the exam ASAP ⏰.
2. Viewing Your Own Notes: Having access to your notes during the exam is like having a “superpower” 💪. Use it wisely and make notes that will truly help you.
3. Stay Calm: Don’t panic; it’s just another certification you need to clear 😊.
4. Think Like a Hacker: Imagine you are a hacker hired by an organization to pentest their system 🕵️‍♂️. This mindset will help you generate more ideas. (my personal experience)
5. Pentest Mindset: Treat this as a pentest rather than a CTF. While they revolve around similar concepts, prepare yourself & get into the battlefield ⚔️.
6. Familiarize with MSF: Metasploit will be your companion during the exam. Learn to use it effectively 🔧.
7. Read Questions Carefully: Read the questions thoroughly, as hints may be provided within them to help you find the correct answers. 📖✨

IMPORTANT — Confusion After I Passed the Exam

Actually, when I submitted the exam, I expected a 100% score because I rechecked my answers twice, and the flags and passwords were correct. However, the result was a bit lower than I anticipated. I really don’t know where I made mistakes.

TIP: There might be instances where you think you know the answer, but it could still be wrong. So, it’s highly recommended to recheck your answers twice before submitting the exam 🔄.

Reach Out!

If you have any doubts or need support regarding anything related to this certification or cybersecurity in general, feel free to reach out to me here: www.linkedin.com/in/raman-gautam-98208820a 😊.

Thank you !

Keep hustling, keep growing! 🚀