Introduction
I just passed the PJPT certification from TCM Security, It is a hands-on penetration testing exam experience hat will assess a student’s ability to perform an internal network penetration test and to write a professionaal report.
The certification is priced at 249$, however if you are a student you can email support and get a 20% of discount, this includes the course material and 2 exam attempts, here is how’s the price compares to other similar certs, so It’s pretty reasonable.
| Cert | Price |
|---|---|
eJPT | 249$ |
PJPT | 249$ |
PT1 | 297$ |
Prior to PJPT & Why I took It
Before taking the PJPT I had no other practical cybersecurity certification, all I had was bunch of theoretical courses and MCQ exams such as Microsoft SC-900. So this was to be my first real certification. However I wasn’t a total noobie I participated and won in multiple CTF competitions in the past and also used to play TryHackme and now I play HacktheBox machines.
So I have the basics of Networking, Pentesting apps and pwning machines, why do I need to take this cert ? well there were 2 reasons why :
- Before taking the cert I had little to no idea on Active Directory and Internal pentesting and I’ve always found it intimidating to learn hacking AD, even when a seasonal HTB AD machine drops I avoid it. I did my research and found that the cert is the perfect fit for me since it revolved heavily on AD, unlike the
eJPTwhich I think is made for someone with 0 prior knowledge in the field. - I could have went for other certs like
PNPTorCRTPbut I felt like my first cert should be stress-free since it was my first exam experience, I wanted to see how is it like to prepare and take an exam before getting into more harder certs.
Practical Ethical Hacking Course (PEH) :
The PEH is the course used for both the PJPT and PNPT exam, and let me tell you, this course is just perfect and I’ll tell you why in a bit. The videos in the course are presented by the GOAT Heath Adams & Alex Olsen (Web part). It starts by covering fundamentals :
✅ Networking Refresher
✅ Ethical Hacker Methodology
✅ Information Gathering (Reconnaissance)
✅ Scanning & Enumeration
✅ Exploitation & Basics with practice labsThen the awaited section the Active Directory, since the exam is an internal penetration test it revolves around this section,It contains the following sub-sections :
✅ Active Directory Overview
✅ Active Directory Lab Build
✅ Attacking Active Directory: Initial Attack Vectors
✅ Attacking Active Directory: Post-Compromise Enumeration
✅ Attacking Active Directory: Post-Compromise Attacks
✅ Additional Active Directory AttacksFirst thing I loved about this section is that we build our own local AD Lab, while some people won’t like it and they prefer ready-to-go environments, I think it’s super handy to know how to configure and setup a local Lab, plus you know how Active Directory misconfigurations lead to critical attack vectors.
Heath Adams did a great job In explaining each Attack, he would first do an overview and explain the attack in one video, the next video would be the hands-on practice of the attack and an additional video on remediations related to the attackk. I made sure to follow along and take very effective notes, this is how I structured my notes :
TIPYou probably heard this a lot but you really don’t need anything in addition to the PEH course to pass the exam, everything you need is in there, no additional resources.
The Exam
The exam feels like a real pentest assessment with absouloutely 0 flags to capture, you will recieve the Rules Of Engagement, the VPN file and Scope for the assessment. The candidate will have 2 full days to complete the assessment and an additional 2 days to write a professional report.
In order to pass you have to compromise targets inside the assessment scope, you will have to perform lateral and vertical network movements along the way, but that’s not enough you will need to write a professional report.
I can’t go into details about the exam but let me tell you this, It was very very realistic and Realistic dosen’t mean it was Hard, but It really didn’t feel like a CTF challenge or some machines with weird SMB share where you find the creds. No this was real vulnerabilities that you would find in real AD environments.
I started the Exam at around 1:45 am (Night owl), Enumerated a bit and kept applying the methodology that I have learned in the course by 3:00 am I had already acess on an internal system. I started looking for lateral movement vectors and kept getting closer and closer, seriously just do the methodology that Heath mentionned in the course xD. A little after I got stuck, I literally had everything in my hand that could get me further into the environment but I just didn’t know how/where to use it, I stayed like that for about 3 hours, took my notes and decided to call it a day (or a night ig) at around 7:00 am.
The next day I dind’t start immediately, I resumed at around 7:52 pm and it was a matter of minutes that I found out something that I haven’t tried with all the information I got, so I had access to another internal system by 8:05 pm. From there we needed vertical movement to reach higher privileges, and the path was kinda clear since this was presented in the course so I escalated to Domain Admin at around 9:50 pm.
I’d say the exam is pretty straight-forward if you follow the methodologies used in the PJPT course, don’t try to overthink it and always go back to your course notes and it will be smooth experience.
The Report
The course provides a section about Legal Documents & Report Writing, It goes through the structure and all the sections that a professional report must have and they provide a real example along with a template that you can use to report the findings of your exam, you can find it below :
I submitted my report and in the next 2 days I recieved the update that I successfully passed the exam and got my PJPT 🎉
Areas of improvements
I think the cert is pretty solid for a Junior Pentester but maybe they should add some more attacks that don’t exist in the course like maybe AS-REP Roasting, ADCS Attacks, Tunneling & Pivoting. I am not saying they should add it to the PJPT exam tho xD but it would be a great addition to the PEH course.
Final Thoughts
The PJPT is a solid starting point and hands-on Junior Pentester cert. It’s very realistic and the PEH course is fire, I highly advise people who want to start their cyber cert journey, or people who want to discover Active Directory attacks to take this certification. It’s a huge win and definitely worth the investment.