eJPT & HTB CJCA Preparation Arsenal

This repository contains a curated list of machines, notes, and resources targeting the eJPT (eLearnSecurity Junior Penetration Tester) and HTB CJCA (Certified Junior Cybersecurity Associate) exams. It blends offensive red team tactics with defensive blue team analysis.

---

Section 1: IT & InfoSec Foundations

Core knowledge required for both certifications.

Linux Fundamentals

Resource	Cost	Link
Learn Linux	Free	THM Room
Linux Modules	Free	THM Room
Linux Fundamentals Part 1-3	Free	Part 1 / Part 2 / Part 3
Bash Scripting	Free	THM Room
Regular Expressions	Free	THM Room
Bandit Wargame	Free	OverTheWire

Windows Fundamentals

Resource	Cost	Link
Windows Fundamentals 1	Free	THM Room
Windows Fundamentals 2	Free	THM Room
Windows Fundamentals 3	Free	THM Room

Networking & Security Basics

Resource	Cost	Link
Introductory Networking	Free	THM Room
What is Networking?	Free	THM Room
Principles of Security	Free	THM Room
ISO27001	Free	THM Room

---

Section 2: Assessment Methodologies & Recon (Offensive)

OSINT, Scanning, Enumeration, Vulnerability Identification.

Topic	Resource	Link
Passive Recon	Passive Reconnaissance	THM Link
Active Recon	Active Reconnaissance	THM Link
Nmap Deep Dive	Nmap / Further Nmap	THM Link
OSINT	OhSINT	THM Link
Google Dorking	Google Dorking	THM Link
Shodan	Shodan.io	THM Link
Web Enumeration	Content Discovery	THM Link
Subdomain Enum	Sublist3r	THM Link
Vulnerability Scanning	Nessus	THM Link
Vulnerability Scanning	OpenVAS	THM Link

---

Section 3: Host & Network Penetration Testing (Offensive)

Exploitation, Metasploit, Pivoting, Password Attacks.

Exploitation Fundamentals

Resource	Description	Link
Metasploit: Intro	Modules, payloads, exploits	THM Link
Hydra	Brute-forcing	THM Link
Burp Suite	Basics & Repeater	Basics / Repeater
Crack the Hash	Hash cracking (John/Hashcat)	Level 1 / Level 2
Ice	Windows RCE	THM Link
Blue	EternalBlue Exploit	THM Link
Blaster	Metasploit & RDP	THM Link

VulnHub Labs (Host & Network)

Machine Name	Focus	Cost	Link
Kioptrix Series	The Classic. Enumeration to Root.	Free	Download
SickOS 1.1	Squid Proxy, Shellshock	Free	Download
SickOS 1.2	PUT Method, Cron Jobs	Free	Download
Stapler 1	SMB Enum, MySQL, PrivEsc	Free	Download
HackLAB: Vulnix	NFS, PrivEsc	Free	Download

HackMyVM Labs (Host & Network)

Machine Name	Focus	Cost	Link
Animetronic	Web Enum, SUID	Free	HMV Link
Liceo	FTP, SSH, HTTP	Free	HMV Link
CoffeeShop	SSH Exploitation	Free	HMV Link
Medusa	Web Enum to Root	Free	HMV Link
Gift	Basic Enumeration	Free	HMV Link
Friendly3	Weak Services, Processes	Free	HMV Link

HackTheBox Labs (Host & Network)

Machine Name	Focus	Cost	Link
Lame	Samba, Distcc (Easy)	VIP	HTB Link
Shocker	Shellshock (Easy)	VIP	HTB Link
Bashed	Web Shells (Easy)	VIP	HTB Link
Nibbles	Nibbleblog exploit (Easy)	VIP	HTB Link
Beep	Elastix, Webmin (Easy)	VIP	HTB Link

Pivoting & Lateral Movement

Crucial for eJPT & CJCA exams.

Resource	Description	Link
Wreath	MUST DO. Full pivoting lab.	THM Link
Pivoting	Proxychains, sshuttle	THM Link

---

Section 4: Web Application Penetration Testing

SQLi, XSS, Manual Exploitation.

Resource	Focus	Link
OWASP Top 10	Critical Web Vulns	THM Link
OWASP Juice Shop	Modern Web Exploitation	THM Link
SQL Injection	SQLi Lab	THM Link
XSS	Cross-Site Scripting	THM Link
LFI/RFI	File Inclusion	THM Link
Command Injection	OS Command Injection	THM Link
Vulnversity	Upload Vulnerabilities	THM Link
Pickle Rick	Web to Shell	THM Link

VulnHub Labs (Web Focus)

Machine Name	Focus	Cost	Link
Mr. Robot	Wordpress, Keys	Free	Download
bWAPP	OWASP Top 10 Practice	Free	Download
VulnCMS	CMS Enumeration	Free	Download
Pinky's Palace	SQLi, LFI	Free	Download

HackMyVM Labs (Web Focus)

Machine Name	Focus	Cost	Link
Gift	Basic Web Enum	Free	HMV Link
Friendly3	Web Services	Free	HMV Link

PortSwigger Academy (Web Security)

Topic	Focus	Cost	Link
SQL Injection	Manual SQLi	Free	Start Lab
Cross-Site Scripting	XSS (Reflected/Stored)	Free	Start Lab
CSRF	Cross-Site Request Forgery	Free	Start Lab
OS Command Injection	Shell Execution	Free	Start Lab

---

Section 5: Defensive Security & Hybrid Analysis (CJCA Focus)

SIEM, Logging, Threat Hunting.

Resource	Focus	Link
Intro to SIEM	SIEM Basics	THM Link
Splunk	Splunk Basics	THM Link
Elastic (ELK)	ELK Stack	THM Link
Windows Event Logs	Log Analysis	THM Link
Sysmon	System Monitor	THM Link
Wireshark	Packet Analysis (TShark)	THM Link
Threat Hunting	Intro to Hunting	THM Link

LetsDefend Labs (Defensive)

Lab Name	Focus	Cost	Link
Phishing Email Analysis	Email Headers/Attachments	Free	LetsDefend
PCAP Analysis	Network Traffic Investigation	Free	LetsDefend
Investigate Web Attack	Log Analysis	Free	LetsDefend
Log Analysis with Sysmon	Endpoint Detection	Free	LetsDefend

Blue Team Labs Online (BTLO)

Challenge Name	Focus	Cost	Link
Bruteforce	RDP Log Analysis	Free	BTLO
Phishing Analysis	Malicious Emails	Free	BTLO

---

Target Practice: CTF Machines (eJPT Level)

These machines are selected for their relevance to the eJPT difficulty level (Easy/Medium).

TryHackMe Labs

Machine	Focus	Link
Simple CTF	CMS Exploit	Link
Bounty Hacker	FTP/SSH	Link
Agent Sudo	Enumerate/PrivEsc	Link
LazyAdmin	CMS/MySQL	Link
Kenobi	Samba/NFS	Link
Bolt	Bolt CMS	Link
GamingServer	Web/LXD	Link
RootMe	Web/PrivEsc	Link
Startup	Web/Wireshark	Link
Chill Hack	Command Injection	Link
Ignite	CMS Exploit	Link
Wgel CTF	Wget PrivEsc	Link
Steel Mountain	Unquoted Path	Link
Alfred	Jenkins	Link

Mixed CTF Machines (Non-THM)

Machine Name	Platform	Difficulty	Link
Tr0ll 1	VulnHub	Beginner	Download
Simple	HackMyVM	Easy	HMV Link
Nebula	HackMyVM	Easy	HMV Link
HackMePlease 1	VulnHub	Easy	Download

---

License

This project is licensed under the MIT License.

You are free to use, modify, and distribute this toolkit for personal or commercial purposes, provided that the original copyright notice and this permission notice are included in all copies or substantial portions of the software.

See the full license text in the MIT License.