Skip to main content
CPTS

CPTS

·990 words·5 mins
HTB Certs
Table of Contents

This entry is for giving you a summary about my experience in obtaining CPTS. In the end I give you some tips and tricks, if you want to go through the course yourself.

Overview
#

Hack the Box’s CPTS is a hands-on offensive security course, which should bring you up to an intermediate level in terms of penetration testing. It teaches a broad skill set over 28 modules, each with their own skill assessment, which is needed to be passed, before even attempting the final exam. The exam tests a candidate’s ability to conduct a penetration test in a simulated real-world environment, connecting all the dots from previous learned modules. It spans over 10 days, crossing multiple active directory domains in a black box scenario. You are tested on a range of skills, including:

  • Penetration testing processes and methodologies
  • Information gathering & reconnaissance techniques
  • Attacking Windows & Linux targets
  • Active Directory penetration testing
  • Web application penetration testing
  • Manual & automated exploitation
  • Vulnerability assessment
  • Pivoting & Lateral Movement
  • Post-exploitation enumeration
  • Windows & Linux Privilege escalation
  • Vulnerability communication and reporting

There are zero MCQ, your knowledge gets validated by the applied work. If you get stuck, you fail. If you can’t properly write up your findings in a professional way, you fail. The exam gets thoroughly inspected and by the amount of threads on multiple social networks, there are a lot of people that fail the exam because of a bad report.

Prerequisites
#

  • Basic technical knowledge in the domains of
    • Operating System (Windows + Linux)
    • Active Directory (Windows)
    • Networking (OSI-Layers)
    • Web Requests + Web applications (CMS likes Wordpress)
  • Being able to understand basic code
  • Being comfortable using a terminal most of the time
  • Having a investigative mind and being able to think outside the box.
  • Being able to write a professional report in English.
  • Wanting to invest a lot of time (official path length is 43 days)
  • Being frustration tolerant. Everyone gets to a point, where he can get stuck and some people give up. To succeed you need to get past it, which more often tests your mind instead your skill.

Working full-time in a IT with related fields in cyber security I had the benefit in fulfilling all the knowledge domains.

Review
#

I successfully passed the exam in my first attempt in spring 2025. The modules took me full-time working half a year, however there were weeks on and off the course. Additional I was doing HTB boxes on the main platform each week. So mostly I was doing one day learning and one day a box on the weekend. When I was done, I’ll accumulated around 130 boxes done, however most were done before even starting CPTS, as I joined HTB in 2023 and was doing mainly boxes in the beginning. I think it’s possible to pass the exam with only having done the path, but its certainly easier for you having your skill set trained and being used to common commands, instead of looking up everything. The 10 days gets you thinking of it, as having plenty of time. But as the exam is mostly linear structured (at least when I did it was) you can easily get stuck and lose a huge amount of time in getting unstucked. Reporting part also took me a great effort. I wrote around 150 pages in the end (a lot were screenshots for obvious reasons).

Overall I really liked the experience and the skill set it teaches throughout the course and the exam. It was no easy exam at all and I took full time off for it. I don’t think you could take the exam when working full-time, unless you are already an experienced pentester, which would nullify the reason for obtaining the cert in the first place. The CPTS really sparked my interest in offensive security and lead me down the rabbit hole (no pun intended ;)), where I currently spend most of my off time.

The modules I really liked the most were:

  • Pivoting, Tunneling and Port Forwarding (even tough the best tool ligolo-ng is not included)
  • Active Directory Enumeration & Attacks
  • Command Injection
  • Linux / Windows Privilege Escaltion

There were also some downsides (nothing is perfect, right?). I did not like some modules like Vulnerability Assessment, where a huge portion was theory. Also as some course material was from 2020, some aspects were already outdated, especially parts that teaches the exploitation of vulnerabilities that are commonly patched now. Also some newer, better tools are not even mentioned (looking at ligolo or netexec)

There also is not a single video in it, if that is your more liked learning style, you’ll get frustrated. There is a lot of text to read, to understand and to apply.

Tips & Tricks
#

On Path
#

  • Take good notes in a structured way, which you can always resort to (personally I use Obsidian)
  • Always understand what a command does, not just copy & paste something.
  • Do not look up solution to the skill assessment, if you did not struggle enough. This is a good experience to learn how to unstuck yourself in the exam.
  • Don’t rush the path, it’s more like a marathon.
  • Apply your skill set on free or preferred retired boxes in HTB.

On Exam
#

  • Report while you go. Every time you reach a milestone, hold on and report to this point, before you go on.
  • If you get stuck, get off your computer to clear your mind.
  • Don’t forget to prolong your exam instance or you risk to lose your progress (happened to me once).
  • Make use of your free second attempt, if you get in a time hassle or couldn’t finish. Know that your second attempt comes with the same environment. So you can use all your previously applied knowledge to rush through the parts, which you had already done.
  • Learn ligolo-ng it makes the whole pivoting part so much easier and more stable.