Today I received the so expected email from hack the box regarding my CPTS exam! Yes I passed on the exam, finishing this long journey!
Today’s post is about my journey from starting the Penetration Tester Role path to finally passing the exam. If you’re studying for this certification or just curious about the process, stay tuned!
CPTS Overview
If you are not familiar with the Hack The Box Certified Penetration Testing Specialist certification, this has become the new Penetration Testing exam standard from an intermediary level. I found myself very impressed by the level of quality of the content learned as well as its density.
To become eligible for the exam attempt, the candidate must complete the Penetration Tester Role path, which is composed of 28 modules. Also, each module ends with a Skill Assessment lab; some of them were already highlighted in previous posts here.
As per Hack The Box, this is a 43-day estimated path, but in my case it took 7 months to be thoroughly completed, taking my valuable notes and not rushing.
The exam is highly challenging and closely simulates a real-world penetration testing engagement. Candidates are evaluated not only on their technical skills but also on the quality and thoroughness of their final report. The technical portion is demanding, taking place in an enterprise-like environment with numerous machines, an Active Directory setup, and multiple networks. While the scenarios are complex, everything tested falls within the scope of the 28 modules covered in the course.
Candidates are required to report at least 12 out of 14 flags during the exam. However, it’s important to note that the exam is not CTF-style, the flags serve as progress indicators, but candidates may encounter many findings that are not directly tied to a specific exam flag.
Preparation
My preparation for this exam was nothing but completing the Penetration Tester Role path and jumping into the exam. I planned to start the exam within a certain date frame when I would have total availability to take the exam, since I had availability constraints and the exam requires 10 dedicated days.
Apart from the exam modules, I watched and read a lot of content from certified people, many of them recommended Pro-labs and the ippsec unofficial prep, but I didn’t take this path as mentioned, although I had watched some videos from ippsec which were helpful!
Also, before starting the Penetration Tester Role path, I completed some learning paths like JR Penetration Tester, Red Teaming, and many others on the TryHackMe platform, coming from a 1-year streak, apart from some experience with CTFs and Bug bounty that I already had.
It is important to mention that the CPTS exam is at an intermediate level, so it is more appropriate to go through some hands-on labs and not only complete the Penetration Tester Role path and jump into the exam as I did, and you will understand why on the next section. But in the end, there is nothing on the exam that won’t be covered in the 28 modules from the path.
The Exam & Tips
10 days for the exam might sound like a lot, but for me, it wasn’t. Remember, you need to test, write your report, and also take care of yourself during those days, the time goes by quickly!
I didn’t pass on my first attempt, and I believe it was because I focused too intensely on the exam. During the first four days, I slept very little and couldn’t disconnect my mind from the challenge. I also failed to take proper breaks, which led me to spend hours overthinking and chasing unproductive ideas.
Based on my experience, here are my recommendations for anyone taking a 10-day exam like this:
Don’t sacrifice sleep thinking you’ll gain more time for the exam. Being well-rested is much more valuable.
Take regular breaks. Your eyes and body need rest, and your performance will improve as a result.
Stay hydrated and stick to your usual diet to keep your energy levels stable.
If you get stuck for too long, revisit the points above. Try a different kind of break, go for a run, take a shower, or do something else that refreshes your mind. You’ll often notice things you missed before.
You do have the exam retake. Of course, the best scenario is to pass on your first attempt, but many people fail, even after capturing all the flags, because their report doesn’t meet the required standard. If you’re on your first attempt and don’t manage to get the minimum 12 flags, use the remaining time to focus on writing the best report possible. Your submission will be reviewed, and you’ll receive feedback on your report. Make sure to submit your best work on the first attempt, so you don’t risk failing the report standard on your second try. In my experience, delivering a report that meets the expected standard is just as challenging as capturing the flags.
From the technical side, I won’t go into too much detail. If you’re planning to take this exam, be prepared for a long learning journey, this process alone should equip you with the necessary skills. However, there are a few important tips that I’d like to share, which can make your preparation even more effective.
I recommend joining the HTB Discord server, you’ll find a dedicated CPTS channel there. Make sure to read the server rules and try to participate, or at least follow the discussions. The insights shared there can be very helpful.
For the exam reporting, I found a blog post by brunorochamoura to be especially valuable. His blog has a lot of useful CPTS content that really helped me. Also, even though it’s not covered in the Documentation & Reporting module, I highly recommend using Sysreptor as your reporting tool. I used it to build my report, running it in a local Docker container, and it made the process much smoother.
Pivoting, Tunneling, and Port-forwarding was an excellent module, packed with tools and techniques that are essential for the exam (no spoilers here!). I highly recommend using the ligolo-ng tool instead of the others mentioned in the module. Ligolo-ng will make the process much easier and faster for you. You may find more about Ligolo-ng on this post.
Last but not least, if you are preparing for the exam, keep in mind that your pace may be different from other candidates. I took 7 months to complete all the modules, but that doesn’t necessarily mean you’ll take less than half that time or twice as long.
No matter how long it takes, invest time in building good notes. Tools like CherryTree, Obsidian, and others are great for gathering valuable information and commands to help you during the exam. The journey is challenging, but it’s worth it!
Thanks for reading!