Hack the Box: CPTS Exam

Ryan Yager
5 min readFeb 17, 2024

--

On February 25th I received the notification that I have passed the CPTS certification. A video of the below can be found here https://youtu.be/gCtPwmQTYLc.

Hello everyone, I have finished the Certified Penetration Testing Specialist (CPTS) exam by Hack the Box and wanted to write a little review about it. Currently my report is under review so I do not know if I have passed or not yet. Also, as many of you know I am not a Penetration Tester. First and foremost, this was the hardest exam I have taken on my journey so far. I currently have OSCP, eCPPT, eWPT, CRTP (2nd hardest), CeH Pratical and then all of the regular ones like Net+ and Sec+. The exam price is 210 dollars, and you also have to complete the Penetration Tester Job Role Path. The 210 dollars does give you 2 exam attempts, with feedback. So if you fail one attempt as long as you write up the report and send it up, they will have feedback for you. I have a student discount so I was able to complete this path for eight dollars a month. If not you will have to have a silver subscription or buy the cubes, whichever is most cost effective for you.

The Penetration Tester Job Role Path which is found on academy.hackthebox.com has 28 modules, and as Hack the Box lets you know you have hacked around 250 machines, completed over 400 module sections, solved over 500 challenge questions and read over 750,000 words. The entire module took me about three months to complete with a full time job and kids. I usually spent around 3 hours a night working on the modules, and then when I was sent away for work I spent around 12 hours a day, that is when I obviously started to knock everything out very quickly. You do need to complete every module to even be able to start the exam.

Lets continue talking about the modules, they taught me more than any other training I have ever done. I did not read or listen to the videos within OSCP, I did do all of the different things for eCPPT and eWPT, however, HTB goes so much deeper into the different aspects of hacking. Each module does start off simple, such as command injection, trying something like ; | or || and finding command injection, then they continue to go deeper into it and bypassing filters and other things such as that. The modules themselves are difficult, so you can just imagine the test.

The test itself is 10 days, this is a total of 10 days, which means that the report needs to be done within those 10 days as well as the hacking. The student needs to be able to write the report as they are hacking machines. I would highly suggest to look at the report that they give you first, I did not and just figured it was the same as some others, it is not and it is a lot of information (mine ended up being around 110 pages and I put 2 to 4 screenshots per page). The exam environment is also much bigger than the other exam environments I have done before. This was a little overwhelming at first, however, I did it like I do everything else, one problem at a time and worked through it like this.

Many people say that HTB teaches you everything you need to know for the exam, I would have to agree with this. However, it is not the same attacks, meaning if for instance you attack Wordpress within the module, that doesn’t mean that you are going to see Wordpress again with the same attack or something of that nature. At the end of each module HTB also has above and beyond machines, which I have broken down here (https://medium.com/@overgrowncarrot1/htb-beyond-this-module-58ec05a50f2d). I did not do any of these machines, except if I had already done it before starting. I did not go out and actually try any of these before the exam.

So, how does this compare to OSCP. I will start with this, it took me longer to get into the first machine, as an acutal user that can do something, than it did to pass the entire OSCP. Also, I was not sick during this exam, like I was during OSCP (https://medium.com/@overgrowncarrot1/passed-the-oscp-first-try-7614d5ecc4ce). This test will test your hacking skills, and it also tests your emotions and mental endurance. I say this because each time you think you are getting somewhere, something else pops up, or you need to do something else, or you need to move somewhere else. This is a lot of fun but obviously can make your mental state start to scream. However, remember, you have 10 days to hack and the report needs to be done in that same time, so take breaks, plenty of them. This exam was much harder than the OSCP.

Now, something to remember is that for OSCP you have 24 hours, for CPTS, 10 days. So obviously we are working within a bigger network of machines, there are more attack paths, there are harder attack paths, there is more research involved, you are not finding a CVE and changing the web address, you are working on sites that do not have CVE’s because HTB built them. With this said the tests can’t really be comparable. However, the CPTS was the hardest exam I have taken so far. There is so much that goes into it, all the attack paths need to be understood, you need to understand what you are looking for and need to understand how to use something against a system.

Since you have 10 days, I kind of thought to myself I will spend 6 days hacking and 4 days writing the report and making sure everything was the way I wanted it. I ended up spending around 4 1/2 days hacking and around 2 days writing the report, this is obviously with sleeping, work, kids and everything else. I probably hacked for around 4–6 hours a day and did the report around an hour to two at a time. I felt like this was a good breakdown, however, depending on how you are feeling and what type of roll you are on you may spend longer doing either one.

All in all the test was amazing, like I said up top I am still waiting for the review of my submission, however I was able to get 14 out of 16 flags that are necessary to pass. The training for the Penetration Tester Job Role Path is amazing and I learned more throughout that path than anything else I have done so far. It is an accomplishment in itself just to get through that path, so if you do not want to take the test and want to learn a lot more, take that path it truely is an accomplishment. I wish you all the best of luck.

--

--

Ryan Yager

Known on Twitch and YouTube as OvergrownCarrot1 or OGC