CPTS Review

CPTS Review

Overview:

The HTB Certified Penetration Testing Specialist (HTB CPTS) was not an exam I had originally anticipated taking. However, during a short break after completing the Certified Red Team Expert (CRTE), I did some research and saw many people referring to it as the “new OSCP,” noting that the exam was extremely challenging. I took this as an opportunity to push myself and evaluate how much I’ve grown so far.

HTB Certified Penetration Testing Specialist
HTB Certified Penetration Testing Specialist Certificate
HTB Academy Logo

What is it?

HTB Certified Penetration Testing Specialist (HTB CPTS) is a highly hands-on certification that assesses the candidates’ penetration testing skills. HTB Certified Penetration Testing Specialist certification holders will possess technical competency in the ethical hacking and penetration testing domains at an intermediate level. They will be able to spot security issues and identify avenues of exploitation that may not be immediately apparent from searching for CVEs or known exploit PoCs. They can also think outside the box, chain multiple vulnerabilities to showcase maximum impact, and actionably help organizations remediate vulnerabilities through commercial-grade pentesting reports.

The Exam:

The candidate will have to perform blackbox web, external and internal penetration testing activities against a real-world Active Directory network hosted in HTB’s infrastructure and accessible via VPN (using Pwnbox or their own local VM). Upon starting the examination process, a letter of engagement will be provided that will clearly state all engagement details, requirements, objectives, and scope. All a candidate needs to perform the required penetration testing activities is a stable internet connection and VPN software. HTB Certified Penetration Testing Specialist is the most up-to-date and applicable certification for Penetration Testers that focuses on both penetration testing and professionally communicating findings.

The course work:

The Penetration Tester Pathway consists of 28 modules with 495 sections and an estimated completion time of 43 days. I won’t be diving into each section or reviewing every module, as I believe experiencing the content firsthand is far more valuable than any arbitrary opinion I could offer.

Penetration Tester

I was in a unique situation, as I had completed this course in its entirety before pursuing my OSCP. I wanted to be extra prepared to conquer that exam and never really looked back afterward. However, I can confidently say that the course material was excellent—by far the best penetration testing coursework I’ve taken to date.

Since it had been over a year since I last went through the course, I decided to revisit it with fresh eyes to ensure I wasn’t overlooking any details I might have missed or removed from my notes during my previous migration. The second time around was just as amazing—I completed all the challenges again using my own notes, which turned out to be a lot of fun.

One final thing I’ll say about the course is that I highly recommend it, even if you don’t plan to take the exam. It’s truly a top-tier course—an absolute AAA experience without a doubt.

The Exam:

As many of you know, I failed my first attempt because I didn’t reach the required points. Looking back, I realize this happened mainly because I didn’t take enough breaks and was completely mentally burnt out by day seven. You can read about my first attempt below:

Paying the Piper
Hey everyone, sorry it’s been a while since I last posted. I’ve been super busy with my day job and have spent my free time finally attempting the CPTS, which I had been putting off for quite some time. But I’ll rip the band-aid off now—I
DownwithmyDaemonsAlexander

My first attempt thoughts

Fortunately, if you submit a report even without earning enough points to pass, you’ll still receive feedback and a reattempt within the same environment you tested in. So, what does this mean? When I restarted, I was able to progress to Flag 11 quite quickly. With that in mind, I decided to take some time to study and focus on my weak points before attempting the exam again—instead of reacting impulsively and immediately reattempting it.

On my second attempt, with a fresh mindset, I was able to regain the 11 flags and finally capture the 12th in less than a day. Looking back, I realize I was actually quite close to finishing on my first attempt.

After capturing the main flags, I immediately shifted my focus to the report. From my first attempt, I had received very positive feedback—so I knew that if I maintained the same level of quality, I had a good chance of passing. Still, I took no chances and spent two full days incorporating the final flag and perfecting my report. By the end, it was nearly 200 pages long.

Once I submitted my report, I eagerly awaited feedback on my results. To my surprise, I received my official passing email just 24 hours after submission—much faster than usual! I think I may have just submitted at a time when very few others were doing so.

Closing Thoughts/Feedback:

  • HackTheBox Academy is a phenomenal platform
  • The course content is impactful and teaches you a great deal in ways that are easy to retain
  • The exam is fair and truly tests whether you can perform as a penetration tester from start to finish

Feedback:

That said, I was quite surprised that Ligolo-ng wasn’t included in the course material—it’s such a powerful and widely used tool that would fit perfectly within the curriculum.