After four demanding days marked by limited sleep, plenty of frustration, and a surprising amount of fun, I successfully passed the PJPT exam. I went into the exam feeling fairly nervous, as it is a fully practical assessment focused on Active Directory exploitation, and I am still relatively new to cybersecurity. In just six months, I went from having no certifications to earning four, so this felt like a significant milestone. Let’s get into it.

About the Exam

The Practical Junior Penetration Tester (PJPT) is an entry-level certification focused on ethical hacking and penetration testing. The exam costs $249 and includes a free retake along with lifetime access to the Practical Ethical Hacking course.

The assessment is designed to simulate a real-world internal penetration test within an Active Directory environment. There are no flags to capture and no multiple-choice questions. Instead, the focus is entirely on methodology, enumeration, and practical execution.

Candidates are given two days to compromise a domain controller, followed by an additional two days to produce a professional penetration testing report. Below is the official description from the TCM Security website.

Practical Ethical Hacking - The Course

The Practical Ethical Hacking (PEH) course is 20–30 hours of material covering the basics of ethical hacking. The course covers exploitation, ethical hacker methodology, the stages of ethical hacking, information gathering, hacking Linux, Active Directory, pentest report writing and legal documents, and web application exploitation techniques like SQL injection and Cross-Site Scripting (XSS).

Each lesson is a video anywhere between 5 and 20 minutes long walking you through each step of the process. There is a course capstone that consists of 3–5 vulnerable virtual machines to practice the skills being taught.

One thing that sets this course apart is the extensive Active Directory pentesting content. Heath does a great job breaking each topic down in a way that a beginner can understand. It culminates in an Active Directory home lab you can set up to follow along with the material. I will go over setting up a home lab in a future post. There is also a hands-on lab for the web penetration testing section.

You can find older versions of parts of this course on YouTube by searching "Practical Ethical Hacking" and clicking the video from The Cyber Mentor. Everything you need to pass the test is in this course.

I had a blast going through these videos. I went from no knowledge of hacking or Kali Linux tools to being able to hack some boxes from VulnHub on my own without looking anything up. It is very thorough and is a great beginning preparation for the OSCP exam.

Exam Advice

There are strict policies prohibiting the disclosure of exam-specific details, and violating these policies can result in revocation of the certification. The exam itself spans two days, followed by an additional two days to produce a professional penetration testing report. It is an open-book assessment, and candidates are permitted to use any tools or resources available to them.

Candidates are expected to provide their own Kali Linux virtual machine. TCM provides a VPN connection to the exam environment, along with sample reports, a defined scope of target IP addresses, and formal rules of engagement. If an attempt is unsuccessful, candidates may submit their progress report in exchange for a hint to guide their next attempt.

Based on my experience, the following strategies were particularly helpful:

1. Prioritize rest and maintain a clear mindset
2. Take regular breaks and avoid burnout
3. Rely on the course material as your primary reference
4. Continuously evaluate how newly discovered information can be leveraged
5. Document every step of the compromise process with screenshots
6. Use the provided reporting templates as a structured guide
7. Take detailed notes throughout the course
8. Revisit key concepts, particularly within Active Directory
9. Approach the exam as a real-world engagement rather than a CTF-style challenge

Overall, the experience was both challenging and rewarding. The moment when everything comes together after sustained effort is incredibly satisfying. The exam closely mirrors a real-world penetration test and reinforces the importance of methodology, persistence, and attention to detail.

I would recommend this certification to anyone seeking a practical introduction to penetration testing. While I cannot speak definitively to its industry recognition, it provides a strong foundation for developing real-world skills.

The course itself took approximately one month to complete, though this will vary depending on available study time. Because the exam is entirely practical, the most effective preparation is hands-on experience, particularly within Active Directory lab environments.

I have since enrolled in the Practical Network Penetration Tester (PNPT) certification, which builds on these concepts at a more advanced level. That will be my next focus, and I will share updates as I progress.

Wish me luck!