(TL:DR at the bottom)
Practical Junior Penetration Tester
The PJPT is a simulated real-world internal pentest from TCM Security. To be awarded the PJPT certification, students have 48 hours to move vertically within an Active Directory network and ultimately compromise the domain controller. They then have another 48 hours to write a report documenting their steps to domain compromise. The cost is $199.99 at the time of writing and comes with the training needed to pass the exam. Also, a free retake is included in the exam price.
Background
I am a PhD student (IT) who got obsessed with hands-on cybersecurity while researching my dissertation. Before taking the PJPT I did work that involved technical writing and E-commerce development. I also had done a ton of Hack the Box. I was generally comfortable with computers and editing code, but was not a pro in the terminal.
Initially, I had planned to study for the OSCP and stumbled onto TCM’s content while looking up a concept. Their content is great because it gets to the point while still being informative. I have done many code-along tutorials where the instructor messes up, has to course correct, and completely loses me in the process. TCM’s content has a good flow. The stuff that needs to be there is there, but there isn’t a lot of filler (which is great).
I had heard of the PNPT, but saw that they had recently created the PJPT as a junior level to that test. The price was very affordable at $199.99 and came with a free retake. It seemed like a good way to test my skills without taking an insanely expensive exam. All of the material comes from TCM’s Practical Ethical Hacking (PEH) course and is included with the purchase of the exam voucher. Most of PEH is on Youtube for free, but I would advise picking up the full course.
Process
I studied for 2-3 weeks. For me, the best section was Active Directory (AD). Around 90% of the Fortune 1000 use AD, but solid practice with it can be a bit difficult to get. In my opinion, setting up your own lab is the best way to get practice because you have complete control of the environment. Heath takes you through the step-by-step setup of the lab environment. It’s a cool thing to have even after the exam. I still use it to test out attacks that I run across online.
Also, there is a script called “Pimp My Kali” linked in the course. This is a LIFESAVER. I spent a ton of time on HTB and other platforms tinkering with broken tools while wondering if it was the attack or the tool that was failing. Pimp My Kali automatically adds functional versions of all of the tools used in the course to your Kali VM. So, if an attack isn’t working, you don't have to stress about the broken tool vector and can triage other avenues.
Dewalt is the author of the script. I don’t know who he is, but he is a hero that we do not deserve. He has my loyalty. I will never be using a Makita again.
Exam
On exam day I logged into the portal and started the exam. Connecting via VPN was exceptionally easy. The environment was solid during my whole testing window.
Without giving away anything about the exam, I can say that I passed on the first try and compromised the last machine with 30 minutes left in my 48 hours.
There are many write-ups online about the PNPT (the big brother to this exam) and the consensus is people mess up when they fail to keep it simple. Even though I read all of this, I was still trying to do the dead loop when all I needed was a cartwheel.
I managed to break out of my tunnel vision in the last hour (and only after I thought I had failed). There was a simple path that I had missed. After correcting my error, I was able to compromise the last machine.
I waited until the next day to write the report. Report writing can be pretty arduous. I am used to lengthy compositions, but this was the first report of this style that I had written. It took about 4 hours of steady work.
I submitted my report in the portal and received notification that I had passed the exam within an hour. Shout out to TCM for the kind of customer service rarely seen anymore.
TL:DR
Would I take the exam again?
110% yes. It gave me a real-world test of my skills and the experience of beating my head against the wall to find a solution. Afterward, my confidence level was a lot higher. I had to raise my skills fast to pass the exam. The confidence has carried forward into other hacking projects.
Would I recommend it to others?
I think the PJPT fills a good space in the beginner ethical hacking niche. I have also taken the Pentest+. In my opinion, of those two, the PJPT is the undisputed winner. For many things, theoretical knowledge is sufficient. Hacking is not one of these things.
For the min-maxers out there, the hidden bonus is that the PJPT and PNPT are based on the same material. In passing the PJPT, you are already preparing yourself for the larger PNPT.
The strategy could be:
Take the smaller exam => work out the gaps in your knowledge => pass the PJPT and receive the certification => Take PNPT based on the SAME material
Kinda like going to community college before going to undergrad. It is a great value and gives you something to show for the work that you are going to have to do anyway.
Was the pricing fair?
Are you kidding? $199 is a few tanks of gas and a Big Mac now. The exam/cert is an excellent value. They also offer hefty discounts for students and veterans.
How was the exam environment?
The exam was cloud-based and had excellent persistence. Occasionally I would have to boot my VPN connection if I let it sit for an extended period, but I did not have any game-changing mishaps.
Did the material cover the exam?
Yes. EVERYTHING that was on the exam was in the material.
Tips and tricks?
If you get stuck on the exam, literally go back and start watching videos. It is always tempting to try some ninja-hacking moves, but I would advise against it. This exam is about executing the basics well.
Another tip is to make sure to label your screenshots as you take them. In my haste, I had taken a bunch of screenshots and then had to sift back through them to find the pictures of the full attack chain. This made report writing more painful than it needed to be.