The Practical Junior Penetration Tester (PJPT) certification is a beginner-level certification for individuals interested in ethical hacking and penetration testing. Here are the key points:
- Exam Overview: The PJPT certification assesses your ability to perform an internal network penetration test at an associate level. The exam consists of two days to complete the assessment and an additional two days to write a professional report.
- Certification Requirements: To obtain the certification, you must leverage your Active Directory exploitation skills to perform lateral and vertical network movements and ultimately compromise the exam Domain Controller. Additionally, you need to provide a detailed, professionally written report.
- Intended Audience: This certification is suitable for anyone interested in ethical hacking, especially those new to cybersecurity or seeking to advance their IT career. It’s also relevant for IT professionals looking to validate their fundamental penetration testing skills.
- Details: The PJPT certification is at a beginner level, takes two days to complete, and includes two days for report writing. Basic computer and networking knowledge is recommended.
- Hands-on Training: The package includes 25+ hours of video training to equip you with fundamental hacking skills necessary for internal penetration testing.
- Pricing: The exam voucher is available for $199.99, with an option for a four-week skill camp with live training priced at $2,999.99.
- Career Opportunities: Entry-level penetration testers can earn between $70,000 and $90,000 per year. This field offers flexibility, with many professionals working from home, and there is a high demand for skilled penetration testers in the cybersecurity industry.
- Exam Format: The exam is designed to simulate a real-world internal penetration test engagement and doesn’t involve multiple-choice questions.
- Training Material: The PJPT exam material is sourced from the Practical Ethical Hacking Course (PEH) from TCM Academy, which includes over 25 hours of hands-on learning material.
- Certification Badge: Upon successful completion, you will receive a certificate of completion and a badge to showcase your achievement.
- Eligibility: The exam is open to individuals from any country. Those under 18 years old must submit a Parental Consent Form.
The PJPT certification is designed for those looking to start a career as entry-level penetration testers and provides practical skills and knowledge for this field.
Difficulty: 1 out of 5
The PJPT is the perfect certification for anyone who may be thinking about starting out in Penetration Testing.
The exam is modeled around a mock penetration test, once the exam begins your are emailed 1) Non-disclosure agreement, 2) Rules of engagement that outlines what is acceptable to attack and what isn’t. This information is vitally important to the exam. It also outlines what is required in the report once the engagement is completed.
Those requirements mandate the student documents all steps to domain compromise with screen shots as “evidence”. It also requires the student to quantify the risk associated with each vulnerability from multiple machines and recommend to the client how to remediate that risk. The soft skills required to effectively communicate highly technical issues to those who are not tech savvy is an underrated skill. All these skills have value and it requires the student to think critically based upon best practices to help the client secure their digital assets.
The student is required to compromise multiple machines in an Active Domain Network, including the Domain Controller. There are no flags to capture so there are no clues along the way. The free form nature of the exam makes the student rely on methodology to achieve their goals vs the feedback given by capturing flags. Unlike other exams the student is allowed to use any tool they would like. The student has to know how to find the path based off of reasoning. There are no shortcuts here just following the methodology outlined in the training.
The exam environment is very stable, and the TCM support staff is world class. The report at the end of the exam is was by far my favorite part of the exam and it is where I gained the most in the way of experience.
This exam covers a variety of topics. LLMNR, Enumeration, Lateral and Vertical movement in a network, Kerberoasting, and Hash Cracking. The exam is 2 days with another 24 hours to write a professional report.