🧛
Acaard
  • WHOAMI
  • writeups
    • HTB Boxes
      • Headless (Easy)
      • Codify (Easy)
      • Builder (Medium)
      • Usage (Easy)
      • Sightless (Easy)
      • Cicada (Easy)
      • Yummy (Hard)
    • TuxCTFv2
      • Vampires Checker (Reverse)
      • wannaGOwithme (Reverse)
      • TuxHouse (Machine)
      • The Lair (web)
      • Die Todten (OSINT)
  • 💻Random but useful
    • Tmux
    • CPTS Review
Powered by GitBook
On this page
  • The CPTS course
  • The exam prep
  • My exam experience
  • Tips for the exam
  • Conclusion
  1. Random but useful

CPTS Review

My review for HackTheBox CPTS exam!

PreviousTmux

Last updated 6 months ago

Hello people, in this quick article I will write a small review and discuss some stuff about the CPTS course and exam. It was a long journey indeed with a lot of fun and obstacles :D

Finally I have earned it!!

The CPTS course

For those who don't know, the course is the Penetration Tester job role path on HackTheBox academy

The path consist of 28 modules covering a lot of aspects of penetration testing like:

  • Penetration testing process and methodology.

  • Network and services scanning and enumeration.

  • Attacking web applications.

  • Attacking Active Directory environments.

  • Windows & Linux privilege escalation.

  • Pivoting and lateral movement.

  • Post exploitation techniques.

  • Attacking common applications.

  • Vulnerability assessment and reporting.

My main background in Pentesting was just doing machines on HTB main platform, and usually you don't call that much of a "professional Pentesting", because we just treat it like quick labs and mess everything up, but during the course and the exam you have to practice cautious and deal with every penetration test like you would do in a real environment, to no disrupt services and break the environment.

Taking the course and doing all the skill assessments taught me a LOT, the amount of knowledge and practical experience you gain through the course is really amazing and everything was planned and set up so well.

The exam prep

To prepare for the exam, my plan was like the following:

  • Do the Attacking Enterprise Networks module blindly (with a report).

  • Revise my notes and modules where I felt weak (to enhance notes and my understanding).

The most important step here is doing the AEN module blindly, just spawn the target in the end of the section, and start your Pentest against the network, don't look at the question as it will spoil stuff.

Doing that while also writing a report for it will prepare you so well for the exam, as it will simulate it and can refine your methodology and enhance you in a lot of aspects you will need during the exam.

I will be honest though, I didn't complete all the boxes in the list because eventually I kinda got bored, and wanted just to start the exam because in the end, that's what will tell you if you're really ready or not.

My exam experience

I managed to get all 14 flags during the first 5 days of the exam, and then have quite a good time for the report.

At first I struggled for about 1.5-2 hours to get the first flag, and then go from there. Some flags took minutes, others took days yes, DAYS, I faced a lot of frustration moments during the exam but taking breaks and thinking more calmly about it will help you uncover the thing you need to see in order to move forward.

Overall I enjoyed the exam so much, everything was put together really well, almost in a perfect way, simulating a real Pentest you would do in your job, and very enjoyable.

One important thing I learned during the exam is to never judge based on others experience, I was afraid so much to start the exam from what i hear about it, for example the infamous flags 1,9,12 and how hard they are, but not really :D.

Every person get a unique experience, for me I didn't find flag 1 nor 12 hard at all, yes maybe not as other flags of course, but a lot of people tend to "overreact" for certain stuff, which can lead to being afraid and not thinking clearly about it, but don't judge purely from others. For flag 9, it was brutal indeed, but again, not as much as people scare you about it, everything is taught, if you understand the course and have good notes, can think clearly to "unstuck" yourself, you will do fine during the exam.

Tips for the exam

  • Write the report and take screenshots and quick notes as you go, will save you much time later.

  • Before you start, make sure you have good notes that YOU can refer to when in need.

  • Review any module/section in any topic that you don't fully understand.

  • Take breaks and stay relaxed through the whole thing.

  • Have fun :D.

Conclusion

Overall this experience was really amazing, I definitely learned a lot, enjoyed a lot, and of course struggled a lot but it was so worth it. This course and exam will be something that you can't forget.

Lastly, doing the CPTS prep box series from .

Use for the report, you will thank me later :).

This was my first professional exam and certificate but much more to come in the future, till then, happy hacking :)

💻
🧛‍♂️
Ippsec
SysReptor
CPTS Certificate
Penetration Tester Job Role Path