I Passed eJPTv2 in My Second Semester — Here’s Everything I Did

Last updated: July 09, 2025
Hi👋 I’m Muhammad Husnain Zargar — a student pursuing a BS in Cybersecurity at Riphah International University. In just my second semester, I passed the eJPTv2 (eLearnSecurity Junior Penetration Tester) certification — a hands-on, practical exam that truly tested my skills and boosted my confidence. But more than that, I consider myself a self-learner. I’ve always enjoyed learning beyond what’s taught in class. That mindset eventually led me to the eJPTv2 certification.
If you’re someone curious about eJPT or just starting in cybersecurity, I hope my story helps you feel more confident to start your journey.
What is eJPTv2?
The eLearnSecurity Junior Penetration Tester (eJPTv2) is a beginner-friendly, hands-on certification that walks you through the full penetration testing process — from reconnaissance to exploitation, privilege escalation, and pivoting.
It’s part of the INE Security platform and includes over 150 hours of training with practical labs, videos, and guided exercises. The course covers areas like network scanning, web app testing, service exploitation, and post-exploitation techniques.
The Exam
The eJPTv2 exam is a 48-hour practical assessment with 35 multiple-choice questions based on real lab tasks. You’ll get access to a simulated network and must:
- Discover and enumerate targets
- Exploit services or web apps
- Escalate privileges and pivot to internal systems
Score 70% or above, and you officially become a Junior Penetration Tester — a strong first step into the world of ethical hacking.
Why I Chose eJPTv2 Over Other Certs
Like many students, I came across eJPT on LinkedIn. I saw others posting about it, and that curiosity made me dig deeper.
I explored other beginner-level pentesting certifications like:
- CompTIA Pentest+ — mostly theoretical, MCQ-based, and not much hands-on.
- CEH (Certified Ethical Hacker) — has a practical version, but it’s very expensive.
- PJPT (Practical Junior Penetration Tester) — decent hands-on content but lacks strong industry recognition.
What stood out to me about eJPTv2 was:
- It’s industry value.
- The 150+ hours of training.
- A real-world simulated exam.
- And most importantly, it’s affordable, especially with discounts.
A senior at my university encouraged me to pursue the eJPTv2, building my confidence to sign up. I had planned to get the voucher and start at the end of 2025, but their support motivated me to begin earlier, during my second semester.
My Preparation Plan (And What I Recommend)
The eJPTv2 voucher included three months of access to INE’s Penetration Testing Student (PTSv2) course, which I completed in just two months. My preparation was intense but structured. I dedicated 2–6 hours daily, with longer sessions on weekends, aiming to cover specific topics like reconnaissance, exploitation, or privilege escalation within set timelines. I used CherryTree to take detailed notes on every module.
I recommend writing notes in your own words helps you understand concepts better and makes them easier to recall during the exam. Trust me, copying someone else’s notes won’t cut it!
I leaned heavily on the official INE labs, completing each one and referring to walkthroughs when stuck. My prior experience with TryHackMe’s Pre-Security and Cybersecurity 101 paths, along with CTFs like picoCTF, gave me a head start with tools like Nmap, Metasploit, and Hydra. Still, privilege escalation and pivoting were my biggest hurdles. Learning how an attacker uses one compromised machine to hack another through pivoting was mind-blowing but tricky. Privilege escalation felt like a puzzle — sometimes I’d breeze through labs, but other times I’d struggle to find the right exploit or misconfiguration.
Tip: If you’re new to pentesting, build a foundation in computer networking, web architecture, and Linux basics before starting. Familiarity with CTFs and tools will make the training much smoother. Also, don’t skip the labs — hands-on practice is where the real learning happens.
Exam Experience
I started the eJPTv2 exam on Sunday, May 25, 2025, at 1:30 PM, right after a university trip. I got home at midnight on May 24, and despite being tired, I was ready to start. I was nervous before clicking “Start,” wondering if I’d pass. I took a deep breath and began.
The exam lasted 48 hours and included multiple-choice questions and hands-on tasks in a virtual lab. The first challenge was finding the target IPs. The exam didn’t clearly say which IPs to attack, but one question listed four IPs (like 192.168.1.150, 151, 152, etc.). I guessed the range was 192.168.1.150–155, so I pinged each one. Four IPs responded, and two didn’t, so I focused on the active ones. I ran Nmap with enumeration scripts and aggressive scans to find their hostnames and wrote everything down — IPs, hostnames, and details — to stay organized.
I solved most reconnaissance (information-gathering) questions in the first two hours, which made me feel good. But one question about finding an email address was hard. I tried theHarvester, but it didn’t work. I thought of using HTTrack to download the website and search for the email, but the browser-based Kali machine had no internet, so I couldn’t download HTTrack. I skipped that question and later found the email while exploring the web server’s files after hacking it.
Hacking targets, like a WordPress server, took time. Some questions hinted at attack methods, like brute-forcing or exploiting services. I noted down credentials for SSH and RDP access to keep track of everything. Privilege escalation was easier because I had my training notes with commands ready. Local enumeration questions (finding specific system details) were tricky. Some asked for information in files that weren’t obvious, so I used Google and ChatGPT to figure out where to look.
By 11 PM on Sunday, I was stuck on pivoting and one local enumeration question. I took breaks for dinner and rest to stay fresh. The next day, Monday, I woke up early for university classes, attending them from 8 AM to 1 PM. I had a class at 2 PM but decided to skip it to finish the exam. With a clear mind, I quickly solved the local enumeration question. Pivoting was still tough — I set up port forwarding, but Nmap couldn’t correctly identify the service version. I tried several times but ended up guessing the pivoting question.
At 3 PM, I clicked “Submit,” nervous but hopeful. When I saw the green “Congratulations” icon with a 91% score, I was so happy! I passed on my first try, officially becoming a junior pentester. I got two questions wrong: the pivoting one (my setup wasn’t right) and an exploit question where I used a different method than the answer choices.
Tip: Write down IPs, credentials, and findings during the exam to stay organized. Take breaks to avoid getting tired. Practice pivoting and local enumeration a lot, as they’re tough.
What I Learned and What’s Next
The eJPTv2 showed me that pentesting isn’t just about hacking — it’s about understanding how and why systems are vulnerable. Local enumeration and pivoting taught me how to dig deeper after breaking in. Passing the exam while managing university classes (and sneaking into a 3:30 PM class after starting the exam!) made me feel proud.
My next goal is the eCPPT, which covers more advanced pentesting.
Tips for eJPTv2 Beginners:
- Learn the Basics: Understand networking, Linux, and websites. CTFs on TryHackMe or Hack The Box are great practice.
- Take Notes: Use CherryTree or another tool to write notes in your own words. They’ll save you during the exam.
- Practice Key Skills: Focus on techniques rather than memorizing them. Do all the labs!
- Study Web Attacks: eJPTv2 doesn’t cover web vulnerabilities much, so try to have some basic knowledge.
- Stay Relaxed: The 48-hour exam gives you enough time. Take breaks, stay organized, and don’t stress if you get stuck.
Final Thoughts
Earning the eJPTv2 was a big step in my cybersecurity journey. It showed me I can handle real-world challenges. If you’re a beginner or student like me, the eJPTv2 is a great way to start pentesting. You can do it too!