Skip to main content

Comparison between CEH Practical and eJPT

This month, i have done two certification exams. Certified Ethical Hacker (CEH) Practical and eLearn Security Junior Penetration Tester (eJPT). These were not actually in my plan however when i received the free vouchers, i thought of giving the exams. 

So in this post, i am going to give a detailed comparison between the two certification exams. 

Certified Ethical Hacker (CEH) Practical

I went for the CEH practical exam with an aversion, but i found it not bad. Mostly the basic topics are validated in the exams. However for really really beginners, they might find the practical exam as useful. Most of the guys attempting this exam might sign up for iclass/ilabs for their exam preparation. But in my opinion, that is not necessary. The best alternative exam prep option is to sign up for Tryhackme and then learn + practice. As i mentioned earlier, i got the free voucher and therefore i didn't go through the ilabs/iclass. In the exam, there are some questions based on cryptographic, stegnography tools and i found those as really unnecessary. At least they could have ask questions based on some open source tools like exiftool, stegoveritis but they went with some obscure tools.

Other topics such as sqlmap, password cracking, brute forcing, exploiting web vulnerabilities, traffic analysis were decent. The tools required for the exam is also included in the exam machine.

The exam duration is 6 hours. Since the exam environment is web browser based, you might experience some lag while accessing the servers. For example, if you type "ipconfig" and it may show "ipconfigggggggggg". There is no VPN required and the servers can be accessed using your web browser. Also, the exam is proctored. So you must have a good internet connectivity without any disruptions or else, the exam might get invalidated in the case of a break in the connection.

You can ask for a 15-minute break during the 6 hour exam. Also can use 2 white papers as scratch-pad. Exam is open book based. So you can access the internet or refer the notes. You can also access internet from the exam machines as well (some users mentioned that they couldn't, but the exam was recently updated, so). Note that you cannot copy commands from your host machine to the exam machines or vice-versa.

The exam is hands-on and has 20 questions that has to be answered based on your findings. 15 is the passing score. Once you have submitted the exam, you will get the result and the certificate immediately and can be viewed from your aspen portal. 

eLearn Security Junior Penetration Tester (eJPT)

This exam is more realistic and require more knowledge and practice than CEH practical exam prep. You need to go though almost all phases of the penetration testing. Since eJPT is an entry level exam, the machines are pretty easy to root however you need to find out how to exploit by doing the proper recon and enumerations. 

This exam duration is 72 hours, open book and in my opinion, that is an unnecessary luxury. The training for the course is completely free and you can access it using the INE starter pass. In my opinion, INE has done a great job with the course content and by making a decent certification with a great standard. The free course enough to pass the exam however, doing the easy boxes from Hackthebox and Tryhackme will help with the preparation. 

The exam is accessed over VPN which gives you the possibility of using your own favorite tools and commands, and is non-proctored. So if there is any disruption with the internet connection, you don't need to be worried. The exam is hands-on and has 20 multiple choice questions that has to be answered based on your findings. 15 is the passing score. 

In terms of difficulty and practicality, i would give my thumbs up for eJPT. CEH is more widely accepted as some requirement (like DoD) , might be because they were the one who came up with one of the first certifications on hacking domain. 

For beginners, If you have signed up for the iclass from Ec-Council, then probably you may plan for the CEH exams. But if money is a concern, i would encourage you to go for the eJPT. The course if free and exam experience is great but not as much popular as CEH, but hopefully that will change soon. I can see many posting their eJPT achievement on Linkedin/twitter. Both exam can boost your confidence and help to get a junior level job as well.

Popular Posts

RUST error: linker `link.exe` not found

While compiling Rust program in a windows environment, you may encounter the error : linker `link.exe` not found. This is because of the absence of the C++ build tools in your machine. For compiling Rust programs successfully, one of the prerequisites is the installation of the Build Tools for Visual Studio 2019.   Download the Visual Studio 2019 Build tools from the Microsoft website. After the download, while installing the Build tools, make sure that you install the required components (highlighted in Yellow) This will download around 1.2GB of required files. Once everything is successfully installed, reboot and re-run your rust program and it will compile successfully.   Read More on RUST Hello World Rust Program : Code explained RUST Cargo Package Manager Explained Data Representation in Rust.

Download Microsoft Office 2019 offline installer.

When you do malware analysis of documents or office files, it is important to have Microsoft Office installed in your Lab machine. I am using flare VM and it doesn't comes with MS Office. Since Microsoft is promoting Microsoft 365 over the offline version, finding the offline installer is not that easy. Here is the list of genuine Microsoft links to download the office .img files.  Download Microsoft Office 2019 Professional Plus : https://officecdn.microsoft.com/db/492350F6-3A01-4F97-B9C0-C7C6DDF67D60/media/en-US/ProPlus2019Retail.img Download Microsoft Office 2019 Professional : https://officecdn.microsoft.com/db/492350F6-3A01-4F97-B9C0-C7C6DDF67D60/media/en-US/Professional2019Retail.img Download Microsoft Office 2019 Home and Business : https://officecdn.microsoft.com/db/492350F6-3A01-4F97-B9C0-C7C6DDF67D60/media/en-US/HomeBusiness2019Retail.img Download Microsoft Office 2019 Home and Student : https://officecdn.microsoft.com/db/492350F6-3A01-4F97-B9C0-C7C6DDF67D60/media/en-U...

Cisco ASA: Disable SSLv3 and configure TLSv1.2.

For configuring TLS v1.2, the ASA should run software version 9.3(2) or later. In earlier versions of ASA, TLS 1.2 is not supported.If you are running the old version, it's time to upgrade. But before that i will show you the config prior to the change. I am running ASA version 9.6.1 Now ,set the server-version to tlsv1.2, though ASA supports version tlsv1.1, its always better to configure the connection to more secure. Server here in the sense, the ASA will be act as the server and the client will connect to the ASA.     #ssl server-version tlsv1.2 set the client-version to tlsv1.2, if required.     #ssl client-version tlsv1.2 ssl cipher command in ASA offers 5 predefined security levels and an additional custom level.     #ssl cipher tlsv1.2 high we can see the setting of each cipher levels using #show ssl cipher command. Now set the DH group to 24, which is the strongest offered as of now in the AS...

How to Install Netmiko on Windows?

Netmiko, developed by kirk Byers is an open source python library  based on Paramiko which simplifies SSH management to network devices and is primarily used for network automation tasks. Installing Netmiko in linux is a matter o f one single command but if you need to use Netmiko in your Windows PC, follow this process. 1) Install the latest version of Python. 2) Install Anaconda, which is an opensource distribution platform that you can install in Windows and other OS's (https://www.anaconda.com/download/) 3) From the Anaconda Shell, run “ conda install paramiko ”. 4) From the Anaconda Shell, run “ pip install scp ”. 5) Now Install the Git for Windows. (https://www.git-scm.com/downloads) . Git is required for downloading and cloning all the Netmiko library files from Github. 6) From Git Bash window, Clone Netmiko using the following command git clone https://github.com/ktbyers/netmiko&#8221         7) Onc...

PrintNightmare (CVE-2021-1675) PoC exploit Walkthrough

I am not an exploit developer but was interested to see how this vulnerability can be exploited. So i tried to replicate the infamous PrintNightmare vulnerability using the following PoCs ( https://github.com/cube0x0/CVE-2021-1675 ) and ( https://github.com/rapid7/metasploit-framework/pull/15385 ) However i had trouble with the new metasploit module (auxiliary/admin/dcerpc/cve_2021_1675_printnightmare) and i couldn't able to exploit the machine successfully. So i tried the second PoC from cube0x0. This one has done the magic. I just followed the guidelines with couple of tweaks. First of all, i installed the impacket (cube0x0 version) which will install the required modules and files. After that i set up a samba share with an anonymous login. This is required for hosting the dll file. I edited the smb.conf with the following settings. [global]     map to guest = Bad User     server role = standalone server     usershare allow guests = yes ...

Unable to locate package linux-headers / E: Unable to locate package linux-headers-5.10.0-kali5-amd64

While compiling programs, you may encounter this particular error. E: Unable to locate package linux-headers-5.10.0-kali5-amd64 I encountered this while compiling a C code. To fix this, i first updated my Kali machine (v2020.2a).  sudo apt update -y && apt upgrade -y && apt dist-upgrade   Rebooted. Then installed the headers.   sudo apt install linux-headers-$(uname -r)  

Google Cloud : Basic Cloud Shell commands

Google Cloud resources can be managed in multiple ways. It can be done using Cloud Console, SDK or by using Cloud Shell. A few basic Google Cloud shell commands are listed below. 1)    List the active account name gcloud auth list 2)    List the project ID gcloud config list project 3)    Create a new instance using Gcloud shell gcloud compute instances create [INSTANCE_NAME] --machine-type n1-standard-2 --zone [ZONE_NAME] Use gcloud compute machine-types list to view a list of machine types available in particular zone. If the additional parameters, such as a zone is not specified, Google Cloud will use the information from your default project. To view the default project information, use gcloud compute project-info describe 4)    SSH in to the machine gcloud compute ssh [INSTANCE_NAME] --zone [YOUR_ZONE] 5)    RDP a windows server gcloud compute instances get-serial-port-output [INSTANCE_NAME...