Skip to content

CPTS

Hack The Box - Certified Penetration Testing Specialist

Introduction

The Certified Penetration Testing Specialist (CPTS) certification is designed to provide a thourough understanding of the essential skills and techniques required for penetration testing.

The certification covers the following knowledge domains:

  • Penetration testing processes and methodologies
  • Information gathering & reconnaissance techniques
  • Attacking Windows & Linux targets
  • Active Directory penetration testing
  • Web application penetration testing
  • Manual & automated exploitation
  • Vulnerability assessment
  • Pivoting & Lateral Movement
  • Post-exploitation enumeration
  • Windows & Linux Privilege escalation
  • Vulnerability/Risk communication and reporting

This wide range ensures you gain experience across many areas, from enumeration to exploitation and reporting. However, if you are only looking for web related technologies you might want to look at the Certified Bug Bounty Hunter (CBBH) certificate from Hack The Box. The focus on that cert has a much more narrow than the CPTS.

Modules

Before you can even take the exam you will have to complete the entire Penetration Tester Job Role path. There are 28 different modules in the path that prepare you for taking the exam. From the purpose of the exam I do like the fact that all the modules are required, though some may feel this limits the exam's popularity.

What I really liked about the modules was the interactive part. Once you get through all the reading of a section, you get to practice the skills introduced from that section, and at the end of every module there is a skills assessment that forces you to stretch that knowledge even further.

It can feel like drinking from a firehose when starting off on the Penetration Tester Job Role path, as it covers a lot. Taking notes on each module/section will further enhance your ability to retain and recall everything the path contains. There are note taking tools out there like Obsidian, Notion, CherryTree, OneNote, and more. Find one that you like. Personally I like to use Obsidian as it has some nice plugins, it is offline, and all the files are in markdown.

Exam Preparation

That is what the Penetration Tester Job Role path was for, preparation for the exam. It should be all that anyone needs to be prepared for the exam. I know we can all have exam jitters and not feel confident before taking the exam, so what can you do? IppSec was kind enough to provide a list of machines to complete in his unofficial CPTS YouTube playlist. You can also do some Pro Labs on the HTB platform such as Dante or Zephyr. Review all the modules again, or at least the ones you feel least comfortable with.

If you have not already done the Attacking Enterprise Networks (often referred to as AEN) module, do it blind. Blind? Yes, that means do not look at anything for the module, the whole module is a walkthrough with spoilers. It goes step by step and is the closest environment to the actual exam you are going to get. Just scroll all the way down to the end of the module page, start the instance, grab the IP and do not look at anything else in the module, not even the questions. Do not go back to the module until you have compromised the domain.

While you are doing the AEN module, write a report for it to get a feel of what the report for the exam is going to be.

Exam

The exam is a ten (10) day long, open book, unproctored exam. You must obtain not only enough points to pass, but also submit a commercial grade report that is reviewed by the examiners.

What is nice is that you can start the exam at any time, no need to schedule with Hack The Box to start. Depending on your prior experience you might need to schedule time off from work, or figure out a good time on when to start the exam. If you come from little or no experience, I highly suggest you make as much time as possible available to you when you do take the exam. There have been people that have finished the exam quickly (less than 5 days), and there are people that need both exam attempts.

You can expect everything that was taught in the modules to be in the exam, so if you are feeling stuck go back through the modules.

When writing the report you can use SysReptor. It makes writing the report so much easier when using their template than using the basic template provided by HTB in Microsoft Word. Be sure to learn the tool before starting the exam if this is the route you are going to take.

Tips for taking the exam:

  • Clear your schedule and environment from distractions
  • Drink plenty of water
  • Take plenty of breaks
  • Make sure you actually get sleep
  • Cook meals up ahead of time
  • Review your notes (you took notes, right?)
  • Write your report as you go
  • Submit a report

If you feel like you are going to fail the exam, submit a report no matter what! If you do not submit a report you forfeit your second attempt that comes with the voucher!

Exam Feedback / Review

The review process can take up to twenty (20) business days which translates into waiting nearly a whole month for feedback on the status of your exam.

Feedback from the exam is personalized for everyone. The examiner will not provide anything for the environment, but just for the report itself. If one is missing a section or is not up to the standards HTB expect the examiner will provide notes where improvement is needed. Should a candidate fail, they have fourteen (14) days to begin the exam again after receiving the feedback.

Price

There are a few different options that you can choose when it comes to purchasing the certification. The exchange of currency to cubes can be a bit confusing so I have provided some different ways to do it. There is one other way not outlined below and that is to purchase the cubes directly. While this is not the most expensive way to obtain the cubes needed, it is certainly not the cheapest.

Silver Annual

The easiest way would to purchase the Silver Annual subscription, as that unlocks all the needed modules and includes one (1) voucher to take the CPTS exam. This subscription not only includes CPTS modules but also all Tier 2 and below modules, covering paths like CBBH and CDSA!

If you are looking to take more than one certification or just completing other modules in addition to the CPTS, this is the way to go. Something they added to only the Silver and Gold Annual subscriptions after I completed CPTS is write-ups for all the modules.

Price: $490/year (Voucher included)

Monthly Subscription(s) + Voucher

The best option if you are just looking to get the exam and complete the required path is to obtain one (1) month of the Platinum monthly subscription, then one (1) month of the Gold monthly subscription. There is plenty of content, you do not need to worry about purchasing direct cubes or waiting for the next month subscription to kick in to keep you busy the entire time. When you are ready you can purchase the CPTS exam voucher.

Price: $68 Platinum + $38 Gold + $210 Voucher

Student Monthly Subscription + Voucher

If you are a student this is the best route possible, similar to the Silver Annual is the Student monthly subscription. It makes all the Tier 2 and below modules available, which the Job Role paths for CPTS, CBBH, and CDSA are a part of. The catch is you have to be enrolled to a university or academic institution. When you are ready you can purchase the CPTS exam voucher.

Price: $8/month + $210 Voucher

Conclusion

Overall I really did enjoy the experience from finally completing all the modules required, to taking the exam. It was a long journey from start to finish but well rewarding in the end. I feel that Hack The Box poured in a lot of time and effort to make sure the exam aligned perfectly to the path. To me it is clear that Hack The Box has built an educational platform that elevates the quality of professionals in this field. I cannot wait for HTB to release their advanced Active Directory certificate!

If you are looking to learn more about cyber security or strengthen your skills I absolutely recommend the Certified Penetration Testing Specialist certificate. The price point is great, and the material is amazing. Best of luck on your journey.

FAQ

These questions seem to pop-up a lot on the HTB Discord server for the CPTS certification.

Does the Student Subscription come with write-ups?

The only way to obtain write-ups for the modules is through the Silver/Gold Annual subscription.

Can I wait till the last possible moment to take the exam if I have an Annual subscription?

No, you will want to give yourself about two (2) months before the subscription expires to take the exam.

When does the voucher for the exam expire if I have an Annual subscription?

One (1) year after the date of purchase, but see the prior question as you do not want to wait for the last moment to take the exam.

Do I have to complete all the modules in the path before I can take the exam?

Yes.

Do I get to keep all the modules I have completed if my subscription expires?

Yes, but only fully completed modules.

How long will it take to complete the path so I can take the exam?

The website says forty-three (43) days, but... everyone is different and everyone goes at their own pace, it could be 3 months, it could be a year, or longer. I can understand setting expectations for the near future, but just like the exam, this is a marathon, not a race.

Are the modules enough or do I need to do other things to prepare for the exam?

While certainly the modules do cover everything and prepare you for the exam, I do suggest having as much time on the keyboard as possible. That can be going back through the modules trying out different methods such as manually exploiting instead of using metasploit, doing the boxes outlined in IppSec's unofficial CPTS list, or Pro Labs. Note the last two suggestions are an additional cost and are not required.

How does CPTS compare to OSCP?

I have no idea, from what I have read it completely over prepares you for OSCP.

What is the average review time to get feedback for the exam?

There is no average time, as said before it takes up to twenty (20) business days, they grade in batches.

What modules should I focus on for the exam?

All of them, all the modules are required, expect to be tested on every single one.

I have no IT background can I take this exam?

Yes BUT, you will want to check out the Information Security Foundations path before attempting the Penetration Tester Job Role path, and you will want experience with Windows and Linux to aid you along the way.

Are there videos available for the modules?

No, it is all text based with hands on interaction.

Are there any restrictions or can I use...?

It is an open exam, you can search through the Academy modules, use your notes, ChatGPT, and use any tool you want.

After completing CPTS what level of boxes can I complete?

That is a tough question to answer since everyone is different. The modules follow the main platform difficulty so you could expect easy and medium boxes, but each box has its own unique aspects. If you apply what you have learned from the CPTS journey an insane box could be obtainable.