Post

Creating a Novice Hacker

Posted
By
6 min read
Creating a Novice Hacker

New Session Detected: Welcome phishysiren

As someone who became interested in cybersecurity because of wanting to help keep people safe online, the idea of being a pentester never even crossed my mind. Truthfully my only real idea of hacking was what I had seen in movies and tv shows. Almost one year into this journey I can assure anyone considering ethical hacking as a career path that while it may not be all dark rooms and green writing on screens it is just as intense.

Default Profile Loaded: Learning the Basics

The first major update to my profile happened when I started working towards the INE eJPT certification. As a complete beginner in penetration testing, with very little cyber security knowledge (I did not even know what TryHackMe or HackTheBox was), this certification really gave me a foundational understanding of pentesting. The main areas covered were Assessment Methodologies, Host and Network Auditing, Host and Networking Penetration Testing, Web application Penetration Testing.

The eJPT exam is a 48-hour exam in which you are expected to perform an Infrastructure Pentest on a network and answer multiple choice questions. You must get at least 70% to pass the exam. I am happy to report, I passed the exam.

My honest opinion is that the exam is well designed to test your pentesting skills. While it may be a junior certification, it’s not easy so don’t underestimate it. My one piece of advice would be to take breaks if you’re feeling tired or stuck, since you have 48 hrs to write the exam, take advantage of it.

One of my main takeaways from both the course material and the exam is that while it is a semi-beginner certification you would benefit from any prior hacking knowledge and experience. My advice to anyone who may be completely new to hacking and is interested in the course is to test the waters by completing a learning path on TryHackMe just to familiarise yourself with general pentesting concepts. (Note to anyone reading this in Dec 2025 or any time afterwards: the TryHackMe Advent of Cyber is a nice way to get into learning a wide array of pentesting concept).

Another important takeaway is good notetaking is crucial. Use any notetaking app/method you like. While completing the course make sure to take note of important concepts and commands you may use in the exam. During the exam, make sure to make notes of what you have found, it makes it easier to keep track of what you have tested and what you still need to explore.

Session Token Refreshed: Confidence and Complexity Increase

With the initial session established, the next modification occurred with the INE eWPT certification. The eWPT course covers most of the fundamentals of web application pentesting.If I had to give any criticism of the course, I would say that the delivery of the content wasn’t as structured as the eJPT content.Some of the topics covered were Web Fingerprinting and Enumeration, XSS, SQL Injection, and File & Resource Attacks.

The eWPT exam is a 10-hour exam in which you are expected to perform a Web Application pentest on multiple web applications and answer multiple choice questions. You must get at least 70% to pass the exam. Just like the eJPT, the eWPT exam was not easy, I was extremely happy to see I passed after submitting my exam.

My helpful tips: again, remember to take breaks. Also do not be nervous if you come across things you have never seen before, use the theory you’ve learnt as a guide on what to do next.

In my opinion web application penetration testing is quite complex. Throughout the studying process I would recommend looking at other resources such as:

  1. The PortSwigger Web Academy
  2. The OWASP Juice Shop Project
  3. Spending time trying to test Mutillidae and bWAPP not in the context of a lab
  4. The OWASP Web Testing Guide

My ultimate tip for the course and exam is to do as much hands-on web app pentesting as possible. I believe just building the muscle of searching for vulnerabilities is just as important as understanding and exploiting them.

Session Active: Mistakes Expected

After multiple session updates, a more significant change followed when I attempted the Burp Suite Certified Practitioner (BSCP) exam by PortSwigger. For anyone who may not know, PortSwigger is the company responsible for one of the most useful pentesting tools: Burp Suite.

To attempt the BSCP exam, you must first complete the PortSwigger Web Academy. One of the most incredible things about the web academy is that it is completely free. For the breadth and depth of knowledge that is shared on that platform, it is a blessing to be able to access that information at no cost. Just some of the topics that are covered there include: HTTP Request Smuggling, Web Cache Poisoning and Insecure Deserialization. Pretty hardcore stuff. Another great feature about the platform is that there are tons of labs for you to practice the content on.

The BSCP exam is a 4hr exam in which you must test 2 web apps, going through 3 stages in each web app to ultimately get a ‘secret’, which you must submit. Unfortunately for me I failed the exam.

On reflection, I’m not sure I was at the right skill level when I took the exam.Regardless it was a good reminder that learning is a process. A natural part of that process is failure: experiencing it and learning how to overcome it.

User Privileges Updated: Beginner Mode

One of the other tasks I took on this year was creating and pentesting my own web application. It was designed to be simple and keep track of all the certifications I did throughout the year. I built my web application before I knew anything about pentesting and cybersecurity… Safe to say I found SO MANY vulnerabilities in my web app. I must say it was a great reflection exercise because it really opened my eyes to how much I learnt about securing applications this year. I highly recommend trying this out to anyone wanting an extra way to practice their skills.

Logging Out (For Now): Lessons from the Session

That was my journey in the year of 2025. I went from having no hacking skills to becoming a novice in around 11 months. You might even call me a Junior (Ethical) Hacker.

To anyone interested in this field of work, I hope this inspires you to take action towards your goal. My biggest piece of advice to anyone seeing this is to take as much time as you need. Don’t let my journey make you feel pressured. Everything takes time, and what really matters is you being able to confidently say you understand what you’ve learnt.

What will my updates be to my hacking profile in 2026 look like? I’m not sure, but I’m excited to find out!

Disclaimer: All information regarding the specific certifications is accurate as of 2025 and could be different at the time of reading this post

Blog
Ethical Hacking ejpt ewpt bscp
This post is licensed under CC BY 4.0 by the author.