eJPTv2 Review
A few days ago, I achieved my Junior Penetration Tester certification from INE. So I’m going to share a bit about the exam experience, the preparation process, useful tools, and some extra tips. I hope you find it helpful 🫡.
Preparation process
In my case, completing this certification took approximately nine months from the moment I began studying cybersecurity in a general sense. However, it's important to note that I already had prior knowledge of operating systems, networks, and databases, gained over the previous two years. This foundation allowed me to progress more smoothly throughout the course.
From my experience, I wouldn’t consider the certification particularly difficult, as long as you follow the content consistently. INE’s official course — which includes several exam attempts — covers around 95% of the topics that appear in the practical exam. In fact, I’d say that someone with basic IT knowledge who completes the course thoroughly has a very good chance of passing the exam without major issues.
As a personal recommendation, before attempting the exam, I suggest spending some time practicing in lab platforms like Hack The Box (my favorite), TryHackMe, or VulnHub. Working on machines and solving CTF-style challenges really helps to consolidate knowledge, build confidence, and develop the agility needed to navigate the hands-on portion of the exam effectively.
In summary, with a basic technical foundation and strong dedication to the official course, this certification is completely achievable — even for those taking their first serious steps into the world of penetration testing.
What was the Exam like?
I know many people feel a bit nervous about what to expect during the exam: what kind of questions are asked, how much time is available, or whether INE’s lab environment is stable enough for demanding testing.
To start with, I can assure you the lab’s stability is excellent. During my exam, all processes related to port scanning, brute-force attacks, fuzzing, and techniques like directory listing worked flawlessly. So rest assured — the technical environment is well-designed and won’t hold you back.
The exam begins as soon as you confirm the start from INE’s platform. Once you do, the lab is activated and you're given a set of questions to answer throughout the assessment. You’ll have access to a simulated network, and you'll need to discover both the DMZ and internal network from scratch. That might sound intimidating at first, but with a solid enumeration methodology and a calm mindset, things start to fall into place naturally.
In my case, I completed the exam in approximately 3 hours and 45 minutes, scoring 88%. So regarding time, there’s plenty of room to work carefully, review each step, and truly enjoy the process.
And I mean that — if you're genuinely passionate about hacking (like I am — I’m a total geek about it), you're going to enjoy every moment of the exam. It feels more like a personal challenge than a test, pushing you to apply what you've learned and solve problems logically and creatively.
Tools
The use of tools during the exam can vary significantly depending on each person's preferences and experience. There are multiple ways to approach the same task, and different tools can lead to the same result — so there’s no single “correct” combination.
That said, I’d like to share the tools that, based on my experience, I consider essential for successfully tackling the practical exam:
Metasploit Framework
Dirb
Hydra
Smbmap
Nmap
Of all the tools, the one I consider most important by far is Metasploit. In fact, much of the exam seems intentionally designed to encourage you to apply the knowledge you've gained about this framework. For that reason, I strongly recommend taking detailed notes on all the techniques, modules, and commands covered in the official course related to Metasploit.
Mastering it won’t just make the exam significantly easier — it will also boost your confidence in real-world pentesting scenarios, especially when it comes to exploitation and post-exploitation phases.
In short, while you’re free to incorporate additional tools depending on your workflow, being comfortable with these five — and especially with Metasploit — will make a huge difference in your performance.
Additional Tips
The first — and perhaps most important — step in preparing for this certification is developing the habit of taking high-quality notes. Personally, I believe good documentation is not only essential for passing this exam, but also for navigating real-world environments, CTF-style challenges, lab exercises, and virtually any scenario in the field of ethical hacking.
Keeping a structured and detailed record of what you do allows you to revisit processes, recognize patterns, and avoid repeating mistakes. That’s why I highly recommend using Notion, a very versatile and visually friendly platform for organizing your notes. You can find it on its official website:
During the exam, my main advice is: take your time. Carefully analyze each host, read every question thoroughly, and don’t panic if you get stuck. One important lesson I took from this experience is that if you’ve been stuck on a step for more than an hour, chances are you’re heading down the wrong path.
Keep in mind that the exam is designed to be solvable using only the tools and methodologies covered in the course.
As you progress, tools like CherryTree can help you take quick, structured notes for each host or service. While I personally didn’t rely on it much during my exam, I can definitely see how it could be helpful — especially if you tend to have multiple terminals and windows open at once.
To sum it up: document everything you do, stay calm, trust what you’ve learned, and most importantly — enjoy the process. The exam isn’t just a test; it’s also a great opportunity to put your skills into practice and reinforce your personal workflow as a penetration tester.
Bueno, hasta aquí mi pequeño aporte sobre esta certificación. ¡Espero que esta experiencia te sea útil y te anime a seguir creciendo en este apasionante mundo de la ciberseguridad! 🫡
Last updated