The eJPT preparation roadmap can help you prepare for the exam in 2 months. The following study plan is based on eJPT study material, TryHackMe rooms (some rooms might require a voucher), and additional reading materials. I have assumed that during the preparation, one will commit 8-10 hours of daily study for 2 months. Note-taking is quite important, so make sure to take full advantage of note-taking apps of your liking.
If you wish to include additional rooms, blogs, notes, or share your exam experience, feel free contribute to this roadmap.
| eJPT + 3 months FREE of Fundamentals Quarterly cost | $249 |
| Preparation Time | 2 months |
| Study Hours Per Day | 8-10 hours |
| Preferred Note-taking app | Notion, Cherrytree, Gitbook |
This comprehensive checklist is designed for those completing the Penetration Testing Student course offered by INE, along with relevant TryHackMe rooms and reference blogs. Here are some key points to consider during your preparation:
- Thoroughly review the PTS course content; it is comprehensive and sufficient for succeeding in the exam.
- Seek assistance from alternative online resources if you encounter difficulty understanding any part of the PTS material; ensure that your concepts are clear.
- Go through the labs provided in the PTS course at least twice—first while covering the material and again after completing the course.
- Practice the TryHackMe labs mentioned in the checklist; they serve as valuable additional practice beyond the labs provided in the PTS course.
- This checklist assumes a dedication of 8-10 hours per day for preparation. If it is not possible to allocate this much time or the time period seems too long, feel free to adjust your pace accordingly.
| Planned Content | Task | Completed |
|---|---|---|
| Penetration Testing Student Course | Assessment Methodologies - Information Gathering | [ ] |
| Assessment Methodologies - Footprinting and Scanning | [ ] | |
| Tryhackme | Hacker Methodology | [ ] |
| Intro To Research | [ ] | |
| Passive Recon | [ ] | |
| Active Recon | [ ] | |
| Nmap | [ ] | |
| Blogs | Ethical Hacking: 5 Phases, Techniques, and Tools | [ ] |
| Active vs Passive Recon | [ ] | |
| Understanding Reconnaissance and Foorprinting in Ethical Hacking | [ ] | |
| CompTIA Security+: Vulnerability Scanning and Penetration Testing | [ ] | |
| Nmap | [ ] |
| Planned Content | Task | Completed |
|---|---|---|
| Penetration Testing Student Course | Assessment Methodologies - Enumeration | [ ] |
| Tryhackme | Nmap Post Port Scan | [ ] |
| Network Services | [ ] | |
| Blogs | Enumerating a new network with Nmap | [ ] |
| Enumeration guide for beginners | [ ] | |
| Remote port and service enumeration – nmap | [ ] | |
| Enumerate SMB with Enum4linux & Smbclient | [ ] | |
| Scanning for SMB Vulnerabilities with enum4linux | [ ] | |
| Nmap Scripts (NSE): The Key To Enhance Your Network Scans | [ ] | |
| Network Vulnerability and Scanning: Explanation of Nmap Script Engine (NSE) with Hands on Practice | [ ] | |
| How to Use Hydra to Hack Passwords – Penetration Testing Tutorial | [ ] |
| Planned Content | Task | Completed |
|---|---|---|
| Penetration Testing Student Course | Assessment Methodologies - Vulnerability Assessment | [ ] |
| Assessment Methodlogies - Auditing Fundamentals | [ ] | |
| Host & Network Penetration Testing - System/Host Based Attack (Complete till windows part) | [ ] | |
| Tryhackme | Vulnerabilities 101 | [ ] |
| Nessus | [ ] | |
| Windows Fundamentals 1 | [ ] | |
| Windows Fundamentals 2 | [ ] | |
| Blogs | Vulnerability Research 101 | [ ] |
| What is a CVE? | [ ] | |
| Working with Exploits: Using Exploit-DB to find Exploits | [ ] | |
| Attacking SMB via Metasploit and PSexec | [ ] |
| Planned Content | Task | Completed |
|---|---|---|
| Penetration Testing Student Course | Host & Network Penetration Testing - System/Host Based Attack (Remaining part) | [ ] |
| Host & Network Penetration Testing: Network-Based Attacks | [ ] | |
| TryHackMe | Blue | [ ] |
| Ice | [ ] | |
| Linux Strength Training | [ ] | |
| Linux Privilege Escalation | [ ] | |
| Dirty Pipe: CVE-2022-0847 | [ ] | |
| Wireshark: The Basics | [ ] | |
| Blogs | Privilege Escalation on Linux: When it’s good and when it’s a disaster(with examples) | [ ] |
| Tools analysis: linPEAS | [ ] | |
| How to Use Wireshark: Comprehensive Tutorial + Tips | [ ] | |
| How I use Wireshark | [ ] |
| Planned Content | Task | Completed |
|---|---|---|
| Penetration Testing Student Course | Host & Network Penetration Testing: The Metasploit Framework (MSF) | [ ] |
| TryHackme | Metasploit: Introduction | [ ] |
| Metasploit: Exploitation | [ ] | |
| Metasploit: Meterpreter | [ ] | |
| HeartBleed | [ ] | |
| Deja Vu | [ ] | |
| Blogs | Metasploit Tutorial for Beginners – Basics to Advanced | [ ] |
| MSFVenom | [ ] | |
| MSF Venom Quick Guide | [ ] | |
| Use John the Ripper in Metasploit to Quickly Crack Windows Hashes | [ ] | |
| Armitage — A Tutorial | [ ] |
| Planned Content | Task | Completed |
|---|---|---|
| Penetration Testing Student Course | Host & Network Penetration Testing: Exploitation | [ ] |
| TryHackMe | What the Shell? | [ ] |
| Steel Mountain | [ ] | |
| Poster | [ ] | |
| Blogs | Vulnerability Scanning with Metasploit | [ ] |
| How to Use Searchsploit in Kali Linux? | [ ] | |
| What are Web Shells? | [ ] | |
| Reverse Shell vs Bind Shell | [ ] | |
| Use MSFconsole's Generate Command to Obfuscate Payloads & Evade Antivirus Detection | [ ] |
| Planned Content | Task | Completed |
|---|---|---|
| Penetration Testing Student Course | Host & Network Penetration Testing: Post-Exploitation | [ ] |
| TryHackMe | Windows PrivEsc | [ ] |
| Windows Privilege Escalation | [ ] | |
| Windows PrivEsc Arena | [ ] | |
| Bypassing UAC | [ ] | |
| Credentials Harvesting | [ ] | |
| Linux Local Enumeration | [ ] | |
| Linux PrivEsc | [ ] | |
| Linux Privilege Escalation | [ ] | |
| Linux PrivEsc Arena | [ ] | |
| Wreath | [ ] | |
| Blogs | OCSP: FILE TRANSFER RECIPE FOR DELICIOUS POST EXPLOITATION | [ ] |
| Linux Privilege Escalation Techniques | [ ] | |
| Privilege Escalation in Windows | [ ] | |
| Understanding Impersonation via Access Tokens | [ ] | |
| Post Exploitation Technique -Pivoting | [ ] | |
| How to Dump NTLM Hashes & Crack Windows Passwords | [ ] | |
| Linux Gather Dump Password Hashes for Linux Systems - Metasploit | [ ] |
| Planned Content | Task | Completed |
|---|---|---|
| Penetration Testing Student Course | Host & Network Penetration Testing: Social Engineering | [ ] |
| Web Application Penetration Testing: Introduction to the Web and HTTP | [ ] | |
| TryHackMe | OWASP Top 10 | [ ] |
| Web Enumeration | [ ] | |
| SQLMAP | [ ] | |
| OWASP Juice Shop | [ ] | |
| Blog | [ ] | |
| Vulnversity | [ ] | |
| Hydra | [ ] | |
| Blogs | Gobuster Tutorial | [ ] |
| The Ultimate SQLmap Tutorial: Master SQL Injection and Vulnerability Assessment! | [ ] | |
| Web Server Scanning With Nikto – A Beginner's Guide | [ ] |
- Notes by PakCyberbot
- Notes by NeilMadava
- Notes by edoardottt
- Cheatsheet by seergiovks
- Cheatsheet by xalgord
- Exam Experience by Pr0tag0nist - Jeremiah has an entire EJPTv2 series covering his entire preparation journey; make sure to check out the entire playlist.
- Exam Experience by PakCyberbot
- My eJPTv2.0 exam review by Siddhart Shree Kaushik
- eJPTv2 Success Unlocked: Strategies for Passing on Your First Try
- Mastering the eJPTv2 Exam
- My Experience with the Free eJPTv2 Exam by PakCyberbot
- eJPT v2 Review: Decoding the eLearn Security’s Junior Penetration Tester Certification
If you wish to include additional rooms, blogs, notes, or share your exam experience, feel free contribute to this roadmap.