I Have Passed CJCA Exams

It’s funny that my last post was 4 months ago about passing CDSA exams from HackTheBox. It’s funny because i’m back with a new HackTheBox certificate called CJCA or Certified Junior Cybersecurity Associate. This is a purple team certificate, meaning that it’s combining both red team and blue team elements. You have to be able to perform both Pentest and SOC Operations if you want to make it yours.

HackTheBox announced CJCA near the end of July and caught everyone by surprise. That’s because HackTheBox is well known for the brutal certificates it offers and having a certificate called ‘Junior’ can be interpreted wrong. I wasn’t planning on giving it a go but i had already cleared 90% of the required modules and so i only had to finish 1-2 more modules and since the price for the exams was less than 100 euros, i said why not. This was also a chance to test my red team skills and grab my first pentesting certificate, even if it is on a junior level. HTB gives you 5 days to pass the exams and i’m going to tell you that this was the first time i failed an exam on first try. I wont blame just my skills for that but im going to give the biggest blame to time management which made me upload an unfinished report just to wait for my failure and get a second try. But more on that later.

The first part puts you in a network where you will have to test your hacking skills. The problem with that part is that you might waste a huge amount of time trying to find where to start, i was optimistic with the exams but spend one whole day before finding the first flag. Of course i cannot reveal exam content but i know that many people with Hacker and Pro Hacker rank have failed because the exploits are a bit tricky. It took 3 1/2 days to finish the offensive part but i had to do many other things in between so i only had 1 1/2 day for the defensive part and the report.

As someone who has both BTL1 and CDSA with the latter being one of the hardest defensive certificates in the market, i’m going to tell you that CJCA’s defensive part is more SOC related than these two which are more related to Digital Forensics. Again, i can’t reveal exam content but you are going to need enough time to finish it and it might catch you by surprise if you are going to judge by the required SOC modules that you will have to finish before being eligible to unlock the exams. And this was my problem as well because i didnt have enough time for that part and so i had to accept my defeat and upload an unfinished report to get my 2nd chance. This was not a bad thing though cause in the offensive part i only got 80% on my first attempt while on the second i got 100% and the funny thing is that what i was missing on my first attempt just came to my mind naturally on the retake.

The worst thing after submitting your report is that you will have to wait for an unknown amount of time for the results although i knew that i had passed because i had plenty of time on my 2nd attempt to do everything right. Results arrived in my email on Sunday which was also the case for CDSA!

Now based on the mixed nature of CJCA (a bit of this and a bit of that) i would not recommend this certificate to anyone, if you love offensive part better go for CPTS and for defensive part go for CDSA. I don’t think that CJCA will get much recognition and judging from the fact that there was no option to order a physical certificate like all other HTB certificates have, i don’t think that they consider this certificate something very serious themselves but it might be a good way to check your overall skills in cybersecurity, especially judging from the very cheap price of the exams.

Just don’t have a big idea of yourself before starting the exams cause you may land on your face.