Tzion

CTF / Reverse Engineering / Malware Analysis / Threat Intelligence / Threat Hunting

2 minute read

Over the past five months, I’ve taken several INE certifications without taking their courses. In this blog post, I won’t focus on how to prepare for each certification since many reviews already cover that. Instead, I’ll share some key points and things to watch out for when attempting the exams.

eJPT (Junior Penetration Tester)

This is one of the most popular certifications offered by INE, and the exam environment is incredibly smooth like butter. I highly recommend taking it.

Perfection

eWPT (Web Application Penetration Tester)

The exam environment is also stable and runs smoothly, just like the eJPT.

eCTHPv2 (Certified Threat Hunting Professional)

No complaints on this one. The exam environment is smooth as well.

eMAPT (Mobile Application Penetration Tester)

There have been some complaints in the INE Community Forums about people’s exploits working during testing but failing the exam. My advice is make sure your exploit is fully automated to avoid such issues.

eWPTXv2 (Web Application Penetration Tester eXtreme)

I’m taking version 2 of this exam because I missed the exchange period for version 3, which was released a few months ago. In version 2, you’re required to submit a pentest report, but version 3 switched to an MCQ format and doesn’t require a report. Overall, it’s a good exam, though the exam environment can occasionally be unstable.

eEDA (Enterprise Defense Administrator)

Take note that crucial information, such as credentials, can be found in the lab description. However, this information will disappear once you start the exam lab, which was a frustrating experience for me. I ended up wasting an attempt because of that. Make sure to check the lab description carefully and take note of it before starting.

eCPPTv3 (Certified Professional Penetration Tester)

Hear me out, All you need from the Letter of Engagement or guide is the target scope. After you get that, feel free to delete the guide.

Don’t trust everything in the guide

Don’t trust everything in the guide

Don’t trust everything in the guide

This includes not relying on the recommended wordlists specified in the guide. All the information you need is typically in the ~/Desktop directory, including wordlists, Neo4j credentials, etc.

eCDFP (Certified Digital Forensics Professional)

This exam is in MCQ format, and the questions are generated/rotated automatically. Sometimes, you may get odd questions. While I can’t share the exact questions, here’s an example to give you an idea of what to expect:

Which fruit below is healthy? (Apple is healthy)
- Pineapple
- Watermelon
- Apple
- Orange

Other than that, overall its a good exam as well :D

You may also enjoy

[MALWARE] Lumma Stealer Loader Analysis

2 minute read

On September 19, 2024, I received an email regarding a GitHub Scanner result for my public repository. Initially, the email was not flagged as malicious or s...

[HITCONCTF-QUALS] Antivirus

16 minute read

I played HITCON Quals CTF 2024 with merger team World Wide Union. This challenge provided a run.sh and print_flag.cbc file.

[MATRIXCUP] My Journey & Experience

4 minute read

I am thrilled to participate in MatrixCup 2024 in QingDao, China with my team, 打个没五分钟充电三小时, humorously named after M53. Before we begin, I would like to tha...

[HACKTHEON] My Journey & Experience

2 minute read

Hackathon 2024 Adventure I am honored to participate in Hacktheon 2024 held in Sejong, South Korea with team Kopi Cincau consisting of M53 members Kelzin (@m...