Paying the Piper

Paying the Piper

Hey everyone, sorry it’s been a while since I last posted. I’ve been super busy with my day job and have spent my free time finally attempting the CPTS, which I had been putting off for quite some time. But I’ll rip the band-aid off now—I only managed to get 11 out of 14 flags, which means I didn’t pass the technical portion of the exam.

My experience:

I started my exam on a Thursday evening, during a week I had already taken off so I could focus entirely on the exam. Looking back, I wish I had taken the full ten days off, to be honest. I’ll keep my experience vague out of respect for the exam.

From the start of the exam, I didn’t gain a proper foothold until the second day, which was mind-boggling. In my prior experiences with exams like the OSCP, CRTO, and CRTP, the time frame was much more limited, meaning the path forward was usually more direct and designed to be completed quickly.

This delay wasn’t my only stumbling point. At several moments during the exam, I found myself completely stuck and initially got quite flustered. However, I quickly realized this was my own ignorance showing—after all, the exam is meant to simulate a real-world penetration test. Getting frustrated or losing your composure during an actual engagement would likely cost you your job rather quickly.

Moving forward, I had obtained my 11th flag by day seven. However, an issue arose—I had to return to work, and it was time to wrap up my report. Up to that point, I had been vaguely adding findings here and there, along with some general observations. Given the circumstances, most of my remaining time was spent on report writing when I wasn’t at work, with only a few checks and validations here and there. Part of me hoped I’d somehow snag the last flag, but my main focus had shifted—I wanted to give the report a genuine effort.

In the end, I submitted my report with 11 flags documented, hoping to at least qualify for a reattempt within the same environment. As of writing this, I haven’t yet received any feedback.

My honest advice:

Take this with a grain of salt—I didn’t pass, after all.

Take Breaks:
One critical thing that really helped was taking real breaks—not the kind where you just grab a drink or scroll on your computer, but genuine breaks where you step away and decompress.

Write Your Report Along the Way:
Annotating findings isn’t enough—try to write out your steps as you go. This helps ensure you don’t miss any important details and saves you from the mental drain of trying to recall everything after the attempt.

Keep It Simple:
This isn’t an exam meant to emulate an APT. Keep your approach simple and focus on applying what you’ve learned to move forward.

Moving forward:

My plan is to hopefully take some time off to make another attempt once I receive my feedback. I will admit that having a limited timeframe for a reattempt can be quite challenging — completing this twice amounts to about 20 full days, which could easily be someone’s entire PTO. Still, I understand the reasoning behind that structure.

I do have a few ideas on how to move forward, but regardless, I’ll pass when I’m truly ready — and that’s the mindset I’m aiming to embody this time around.