GitPedia

Offsec Foundations Labs

This repo contains Machines and Notes for practicing for EJPTv2 & CJCA exams

From N1NJ10·Updated June 13, 2026·View on GitHub·

This repository contains a curated list of machines, notes, and resources targeting the **eJPT** (eLearnSecurity Junior Penetration Tester) and **HTB CJCA** (Certified Junior Cybersecurity Associate) exams. It blends offensive red team tactics with defensive blue team analysis. The project is first published in 2023. Key topics include: cjca, ejpt, hackmyvm, htb.

eJPT & HTB CJCA Preparation Arsenal

This repository contains a curated list of machines, notes, and resources targeting the eJPT (eLearnSecurity Junior Penetration Tester) and HTB CJCA (Certified Junior Cybersecurity Associate) exams. It blends offensive red team tactics with defensive blue team analysis.

LinkedIn
Blog
Website
X

<p align="center"> <img src="https://media3.giphy.com/media/v1.Y2lkPTc5MGI3NjExMmhnb2Vkbzl0dWVlbmsyaGd1aHdzaGx0NnprYWsxamczemZuMTJrZyZlcD12MV9pbnRlcm5hbF9naWZfYnlfaWQmY3Q9Zw/NVHcy0e6RChhLdTi5w/giphy.gif" width="1000" /> </p>

Section 1: IT & InfoSec Foundations

Core knowledge required for both certifications.

Linux Fundamentals

ResourceCostLink
Learn LinuxFreeTHM Room
Linux ModulesFreeTHM Room
Linux Fundamentals Part 1-3FreePart 1 / Part 2 / Part 3
Bash ScriptingFreeTHM Room
Regular ExpressionsFreeTHM Room
Bandit WargameFreeOverTheWire

Windows Fundamentals

ResourceCostLink
Windows Fundamentals 1FreeTHM Room
Windows Fundamentals 2FreeTHM Room
Windows Fundamentals 3FreeTHM Room

Networking & Security Basics

ResourceCostLink
Introductory NetworkingFreeTHM Room
What is Networking?FreeTHM Room
Principles of SecurityFreeTHM Room
ISO27001FreeTHM Room

Section 2: Assessment Methodologies & Recon (Offensive)

OSINT, Scanning, Enumeration, Vulnerability Identification.

TopicResourceLink
Passive ReconPassive ReconnaissanceTHM Link
Active ReconActive ReconnaissanceTHM Link
Nmap Deep DiveNmap / Further NmapTHM Link
OSINTOhSINTTHM Link
Google DorkingGoogle DorkingTHM Link
ShodanShodan.ioTHM Link
Web EnumerationContent DiscoveryTHM Link
Subdomain EnumSublist3rTHM Link
Vulnerability ScanningNessusTHM Link
Vulnerability ScanningOpenVASTHM Link

Section 3: Host & Network Penetration Testing (Offensive)

Exploitation, Metasploit, Pivoting, Password Attacks.

Exploitation Fundamentals

ResourceDescriptionLink
Metasploit: IntroModules, payloads, exploitsTHM Link
HydraBrute-forcingTHM Link
Burp SuiteBasics & RepeaterBasics / Repeater
Crack the HashHash cracking (John/Hashcat)Level 1 / Level 2
IceWindows RCETHM Link
BlueEternalBlue ExploitTHM Link
BlasterMetasploit & RDPTHM Link

VulnHub Labs (Host & Network)

Machine NameFocusCostLink
Kioptrix SeriesThe Classic. Enumeration to Root.FreeDownload
SickOS 1.1Squid Proxy, ShellshockFreeDownload
SickOS 1.2PUT Method, Cron JobsFreeDownload
Stapler 1SMB Enum, MySQL, PrivEscFreeDownload
HackLAB: VulnixNFS, PrivEscFreeDownload

HackMyVM Labs (Host & Network)

Machine NameFocusCostLink
AnimetronicWeb Enum, SUIDFreeHMV Link
LiceoFTP, SSH, HTTPFreeHMV Link
CoffeeShopSSH ExploitationFreeHMV Link
MedusaWeb Enum to RootFreeHMV Link
GiftBasic EnumerationFreeHMV Link
Friendly3Weak Services, ProcessesFreeHMV Link

HackTheBox Labs (Host & Network)

Machine NameFocusCostLink
LameSamba, Distcc (Easy)VIPHTB Link
ShockerShellshock (Easy)VIPHTB Link
BashedWeb Shells (Easy)VIPHTB Link
NibblesNibbleblog exploit (Easy)VIPHTB Link
BeepElastix, Webmin (Easy)VIPHTB Link

Pivoting & Lateral Movement

Crucial for eJPT & CJCA exams.

ResourceDescriptionLink
WreathMUST DO. Full pivoting lab.THM Link
PivotingProxychains, sshuttleTHM Link

Section 4: Web Application Penetration Testing

SQLi, XSS, Manual Exploitation.

ResourceFocusLink
OWASP Top 10Critical Web VulnsTHM Link
OWASP Juice ShopModern Web ExploitationTHM Link
SQL InjectionSQLi LabTHM Link
XSSCross-Site ScriptingTHM Link
LFI/RFIFile InclusionTHM Link
Command InjectionOS Command InjectionTHM Link
VulnversityUpload VulnerabilitiesTHM Link
Pickle RickWeb to ShellTHM Link

VulnHub Labs (Web Focus)

Machine NameFocusCostLink
Mr. RobotWordpress, KeysFreeDownload
bWAPPOWASP Top 10 PracticeFreeDownload
VulnCMSCMS EnumerationFreeDownload
Pinky's PalaceSQLi, LFIFreeDownload

HackMyVM Labs (Web Focus)

Machine NameFocusCostLink
GiftBasic Web EnumFreeHMV Link
Friendly3Web ServicesFreeHMV Link

PortSwigger Academy (Web Security)

TopicFocusCostLink
SQL InjectionManual SQLiFreeStart Lab
Cross-Site ScriptingXSS (Reflected/Stored)FreeStart Lab
CSRFCross-Site Request ForgeryFreeStart Lab
OS Command InjectionShell ExecutionFreeStart Lab

Section 5: Defensive Security & Hybrid Analysis (CJCA Focus)

SIEM, Logging, Threat Hunting.

ResourceFocusLink
Intro to SIEMSIEM BasicsTHM Link
SplunkSplunk BasicsTHM Link
Elastic (ELK)ELK StackTHM Link
Windows Event LogsLog AnalysisTHM Link
SysmonSystem MonitorTHM Link
WiresharkPacket Analysis (TShark)THM Link
Threat HuntingIntro to HuntingTHM Link

LetsDefend Labs (Defensive)

Lab NameFocusCostLink
Phishing Email AnalysisEmail Headers/AttachmentsFreeLetsDefend
PCAP AnalysisNetwork Traffic InvestigationFreeLetsDefend
Investigate Web AttackLog AnalysisFreeLetsDefend
Log Analysis with SysmonEndpoint DetectionFreeLetsDefend

Blue Team Labs Online (BTLO)

Challenge NameFocusCostLink
BruteforceRDP Log AnalysisFreeBTLO
Phishing AnalysisMalicious EmailsFreeBTLO

Target Practice: CTF Machines (eJPT Level)

These machines are selected for their relevance to the eJPT difficulty level (Easy/Medium).

TryHackMe Labs

MachineFocusLink
Simple CTFCMS ExploitLink
Bounty HackerFTP/SSHLink
Agent SudoEnumerate/PrivEscLink
LazyAdminCMS/MySQLLink
KenobiSamba/NFSLink
BoltBolt CMSLink
GamingServerWeb/LXDLink
RootMeWeb/PrivEscLink
StartupWeb/WiresharkLink
Chill HackCommand InjectionLink
IgniteCMS ExploitLink
Wgel CTFWget PrivEscLink
Steel MountainUnquoted PathLink
AlfredJenkinsLink

Mixed CTF Machines (Non-THM)

Machine NamePlatformDifficultyLink
Tr0ll 1VulnHubBeginnerDownload
SimpleHackMyVMEasyHMV Link
NebulaHackMyVMEasyHMV Link
HackMePlease 1VulnHubEasyDownload

License

This project is licensed under the MIT License.

You are free to use, modify, and distribute this toolkit for personal or commercial purposes, provided that the original copyright
notice and this permission notice are included in all copies or substantial portions of the software.

See the full license text in the MIT License.

Contributors

Showing top 1 contributor by commit count.

N1NJ10

N1NJ10

9 commits

View all contributors on GitHub →

This article is auto-generated from N1NJ10/Offsec-Foundations-Labs via the GitHub API.Last fetched: 6/20/2026