kmaron1n's Note
Thorough HTB CPTS Certification 2025 Review

Thorough HTB CPTS Certification 2025 Review

Tran Duc Anh's photo
Tran Duc Anh
·

4 min read

Table of contents

Introduction

I just receive my certificate few days ago - after 2 weeks of waiting.

In this article, i will go through two main areas: the Leaning Process, and my experience with the main exam.

HTB CPTS Overview

HTB Certified Penetration Testing Specialist (HTB CPTS) is a highly hands-on certification that assesses the candidates’ penetration testing skills. I consider it an entry-level certificate in the field offensive security, similar to OSCP.

I chose this certification because it is significantly more affordable—approximately $300 for both the learning materials and exam voucher, compared to OSCP's $1749—while still offering a comprehensive learning experience. The Learning Path provides an extensive knowledge base that is essential for anyone starting out in penetration testing. For those interested in pursuing this certification, I recommend linking your educational email to your HTB Academy account and opting for the Student Monthly Billing plan, which grants access to all the necessary modules.

Learning Process

Penetration Tester Path

In order to take the exam, you need to finish Penetration Tester Path of HTB Academy first.

The course offers a solid, comprehensive, and in-depth foundation of knowledge essential for aspiring penetration testers. It covers a wide range of topics, including reconnaissance, enumeration, port forwarding, pivoting, Active Directory, privilege escalation, and more. Each section is followed by hands-on labs that provide practical experience.

Because I have a full-time job and am in my senior year at university, it took me six months to complete all of the content—and during that time, the material was updated several times. While learning, you might feel overwhelmed and exhausted due to the extensive amount of material and the need for additional side research on some topics.

The key is to have a structured schedule. For example, dedicating about 4 hours a day to HTB Academy and then switching to activities like jogging or another form of exercise can help prevent burnout. In my experience, the most time-consuming modules were Active Directory Enumeration & Attacks and Password Attacks. The challenges weren’t just due to the content itself; VPN issues sometimes caused errors during password brute-forcing and file transfers, leading to false positives or corrupted files when moving data between the attack host and the target.

Practice on main app

Just do some easy and medium live machine on hackthebox main app all by yourself, and you will be fine : ). Before the exam, i just do about 7 or 8 machine. Or you can purchase VIP subcription and do retired machine like Forest, etc.

I also think IppSec’s CPTS prepare playlist is worth it.

Main Exam Review

When you purchase your exam voucher, you have 365 days to take the exam. If you fail on your first attempt, you'll get a second chance after a 14-day waiting period. Once you start the exam, you’ll receive an engagement package that includes assets in scope (IP, domain, CIDR) and a report template. To pass, you must submit a detailed report outlining how you compromised the target, along with capturing 14 flags (you need at least 12 out of 14). You have 10 days to compromise the target and complete the report.

Exam Details

  • Entry Point:
    You will be provided with the IP address of an entry point machine (Linux). From this machine, you must navigate through two CIDRs and compromise a total of 8 machines to score the full 100 points.

  • VPN and Resources:
    Unlike the Learning Path, the VPN during the exam is very reliable. It’s advisable to keep a tab open for the Learning Path or your personal notes from the course, as you’ll likely need to reference them throughout the exam. Key areas to review include Pivoting, Tunneling, Port Forwarding, and Active Directory Enumeration & Attacks. Additionally, familiarity with tools like CrackMapExec and BloodHound is essential.

  • Strategy and Tips:
    You must compromise the initial entry point machine first to progress to other machines. Getting stuck at the entry point can be nerve-wracking, so it's crucial to extract as much information as possible once you establish a foothold through deep reconnaissance. Understand your payloads, proofs of concept, and exploits thoroughly, and experiment with different approaches. Be prepared to encounter some unexpected challenges along the way.

This revised version improves clarity and readability while maintaining the detailed insights of your exam review.

Conclusion

You have 10 days to complete the exam, so it’s important to maintain your normal routine—eat well, sleep well, and take breaks—to stay focused and manage stress. Remember, effective information gathering is key; concentrate on that aspect. Since this is an entry-level certification, the exploitation techniques will be relatively straightforward.

Although the HTB CPTS isn’t as widely recognized as the OSCP in the industry, HTB’s reputation is growing, and the CPTS is emerging as a solid credential. Additionally, it provides learners with a robust foundation of essential knowledge. I highly recommend giving the CPTS a try.

On the way to next targets: OSCE3

Certificationhtb-cpts