EntryINE SecurityHands-on (48h lab)~80 prep hrs$249 exam

eJPT — eLearnSecurity Junior Penetration Tester

eJPT is the most affordable, accessible hands-on entry to offensive security. The 48-hour live-lab format means a holder has demonstrably exploited something — not just memorised a syllabus. For someone trying to break in from IT support, networking or SOC analyst work, eJPT is the credential that proves capability without the OSCP commitment. INE has recently refreshed the cert and the prep PTS path is free, which removes the typical cost barrier of entering the field.

Operator difficulty2/5

Fully hands-on but intentionally beginner-friendly — no Active Directory, open-internet, 48-hour window. The challenge is workflow confidence, not exploit depth.

Fast facts

Cost, hours and exam shape.

Vendor: INE Security
Level: Entry
Exam style: Hands-on (48h lab)
Prep hours (median): ~80 hours
Exam cost (USD): $249
Difficulty: 2/5

Who it's for

Pursue this if…

You are new to offensive security and want to prove hands-on capability affordably.
You are coming from IT support, networking or a Tier 1 SOC role and pivoting to offence.
You want a confidence-building stepping stone before committing to OSCP.
You are a career-changer who needs a credential plus a homelab story to land the first interview.

Exam format

What you actually sit.

100% hands-on practical exam: 48 hours of unlimited access to a live lab environment, 35 questions answered from the data you exfiltrate. No multiple choice. Open-book, open-internet. 70% cut score.

Prerequisites

Where you should be before you book.

→No formal prerequisites — eJPT is intentionally beginner-friendly
→Basic TCP/IP, common ports and Linux command-line familiarity recommended
→INE's free 'Penetration Testing Student (PTS)' learning path covers the prerequisite knowledge

Syllabus

What is on the exam.

01Networking and basic protocols (TCP, UDP, HTTP, DNS)

02Enumeration: Nmap, Netcat, basic service fingerprinting

03Vulnerability assessment with Nessus and basic CVE correlation

04Web application basics: directory enumeration, basic SQLi, file inclusion

05Network attacks: pivoting, port forwarding, basic Metasploit usage

06Windows and Linux basics for post-exploitation (no AD)

Prep roadmap

A study plan you can actually follow.

Work the free PTS path
INE's Penetration Testing Student learning path is free and covers the full prerequisite knowledge. Complete it end to end.
Build enumeration muscle memory
Practise Nmap, Netcat, directory enumeration and basic Metasploit on TryHackMe / HackTheBox starting boxes until the workflow is automatic.
Drill pivoting and port forwarding
The lab spans a small internal network — get comfortable with basic pivoting and port forwarding, the one concept that catches beginners.
Book the 48-hour lab
Treat it like a mini-engagement: enumerate, exploit, pivot, and answer the 35 questions from what you find. There is no report — focus on data collection.

Job roles unlocked

Where this cert opens doors.

Junior Penetration TesterSecurity Analyst (Tier 1 SOC pivoting to offence)IT generalist breaking into securityCareer-changer demonstrating hands-on capability

How AxVeil's team uses this cert

From the operator side of the desk.

We recommend eJPT to candidates we mentor who are still building hands-on skills toward OSCP. It is the cheapest, fastest way to prove practical capability and the lab format mirrors the workflow of a real (small) engagement. We do not hire eJPT-only operators for delivery — that floor is OSCP — but eJPT on a junior CV with a strong homelab portfolio gets the technical interview booked.

FAQ

Questions people ask before booking.

Is eJPT worth doing if I plan to take OSCP?+

Yes, if you are early in your journey. eJPT builds confidence with the workflow (enumerate, exploit, pivot, report) without the price tag or AD intensity of OSCP. If you already have 100+ hours on HackTheBox or TryHackMe and a homelab, you can skip eJPT and go straight to OSCP. The PTS prep material itself is free and worth working through either way.

How does eJPT differ from CEH?+

eJPT is 100% hands-on against a live lab — you exploit real machines and answer questions from what you find. CEH is primarily multiple-choice with an optional separate practical exam. eJPT proves capability; CEH proves familiarity. For HR-filter and government roles CEH wins; for technical interview prep eJPT wins. They serve different goals.

Will eJPT alone land me a pentest job?+

At a small consultancy or a junior in-house role, plausibly — paired with a homelab, HackTheBox progress and one or two CTF writeups. At larger pentest firms or for CREST-aligned work the floor is OSCP. Treat eJPT as the credential that gets the interview; treat the interview as a hands-on take-home or live machine exercise you need to pass independently.

What is the lab time like?+

48 hours of continuous lab access (you can pause / sleep). The environment is several machines on a small internal network, accessible via VPN. You enumerate, exploit and pivot to gather the data needed to answer 35 questions. No report required (unlike OSCP). Most successful candidates spend 8–16 of the 48 hours actively working and the rest on rest and review.

Does eJPT cover Active Directory?+

Not in depth. The current syllabus touches Windows basics but does not cover Kerberoasting, BloodHound or ADCS. For AD attack-path depth you need OSCP, CRTP (Pentester Academy) or PNPT (TCM). Treat eJPT as the network-and-web on-ramp and add an AD-focused cert next.

Where this maps in our practice

Relevant AxVeil services and field notes.

Services

Sibling certifications worth comparing.

ProfessionalOffSec

OSCP — Offensive Security Certified Professional

Need a qualified team to deliver the engagement?

We can field operators with eJPT (and the rest of the stack — OSCP, OSEP, CISSP, CISM) on engagements in 5 to 10 working days. Letter of Attestation includes the lead-tester credentials so your auditor can verify.

Contact AxVeil →Back to All Certifications