My Journey to Earning the Certified Penetration Testing Specialist (CPTS) Certification

I recently obtained the Certified Penetration Testing Specialist (CPTS) certification from Hack The Box, and boy, was it a journey. After three months of studying, I went from struggling to complete a single machine without write-ups to learning techniques such as SQL injection, Cross-Site Scripting (XSS), Local File Inclusion (LFI), pivoting, Kerberoasting, and much more.

This certification was challenging but taught me a lot about the fundamentals of penetration testing, and I’m excited to move on to the next certification.

Prerequisites

This certification isn’t one you can simply buy and take. It requires a few prerequisites, including completing the entire course content. Below, I’ve included a picture of the stats for the required course.

The course covers many topics, including Web Exploitation, Active Directory, Reporting, and Pivoting. I found it to be very practical, with numerous hands-on labs to reinforce the knowledge gained. Each topic is covered in depth, allowing students to understand not just how each tool works but also how each exploit functions.

The course goes beyond public proof-of-concept exploits by teaching students how to abuse common misconfigurations in various services. Additionally, it provides a thorough breakdown of Active Directory exploitation, helping students develop a strong understanding of common security weaknesses.

The Exam

The exam was a daunting challenge, spanning 10 intense days. However, everything tested is thoroughly explained in the course. I personally dedicated around 10 hours a day to the exam and ended up finishing a day early.

This exam is very demanding, requiring students to go beyond public exploits and dive deep into misconfigurations, web exploitation, and Active Directory attacks.

Structure

The exam requires the student to obtain 12/14 flags to successfully pass the exam, these flags are located on each machine that must be exploited. Once 12/14 flags are submitted, the student must then submit a commercial-grade report to successfully obtain the CPTS certification. This exam is linear, if the student gets stuck on any part of the exam, they aren’t able to move forward. The environment that the exam takes place in is a simulated enterprise network, which is all linked together through an Active Directory domain. The environment is very large and tests the student greatly on time management. A key component of the exam is the report, which must include an executive summary, a list of findings, remediation advice, and a remediation plan. The report is graded harshly, and many fail due to its quality alone.

My Experience

To obtain the required flags was a challenging task, while I was within the exam I was tested in many ways on my technical ability to successfully exploit a simulated Active Directory environment. I found myself stuck in many stages of this exam which felt like an eternity, this truly made it feel like a mental marathon, however, after 7 days I was successfully able to obtain 12/14 flags and begin the report.

Although hard, the exam was quite fun and I was very impressed with the environment put together by Hack the Box for the exam.

After completing the technical side of the exam, the second stage is writing a commercial-grade report which took me around 2 days and a little over 100 pages. The reporting for this exam is graded harshly so I made sure to include a lot of detail in each section, allowing the reader to understand each step of the attack chain and the remediation that goes along with it.

Final Thoughts

I highly recommend this course to anyone at a beginner-to-intermediate level, as it provides an in-depth understanding of penetration testing tools and techniques. The CPTS exam thoroughly tests the knowledge obtained from the course and proves proficiencies in many skills for Penetration Testing. For anyone looking to take this exam, I would definitely recommend thorough notetaking, making sure that each topic covered within the course you understand and can look back on your notes relating to the topic when you face challenges.