What is HackTheBox Certified Penetration Testing Specialist (CPTS)

Hack The Box Certified Penetration Tester Specialist (HTB CPTS) covers several key penetration testing topics, and to prepare for the exam, you should focus on machines that test your skills in areas like web application security, network exploitation, and Active Directory (AD) exploitation. Below are categories of HTB machines that are useful for CPTS preparation, along with a list of specific machines you can practice on to simulate the exam’s difficulty and scope.

HTB CPTS is designed around real-world scenarios, with a heavy emphasis on modern penetration testing techniques. It covers a wide range of topics, including web application exploitation, Active Directory (AD) attacks, network exploitation, and reporting. It is highly practical and uses the Hack The Box (HTB) platform to challenge candidates with realistic, enterprise-like environments.

Target Audience

  • Junior Penetration Testers
  • Penetration Testers
  • Security Analysts
  • Vulnerability Analysts
  • Incident Handlers
  • IT Security Personnel

About HTB CPTS Exam

From HackTheBox:

The candidate will have to perform blackbox web, external and internal penetration testing activities against a real-world Active Directory network hosted in HTB’s infrastructure and accessible via VPN (using Pwnbox or their own local VM). Upon starting the examination process, a letter of engagement will be provided that will clearly state all engagement details, requirements, objectives, and scope. All a candidate needs to perform the required penetration testing activities is a stable internet connection and VPN software. HTB Certified Penetration Testing Specialist is the most up-to-date and applicable certification for Penetration Testers that focuses on both penetration testing and professionally communicating findings.

What Does HTB CPTS Cover?

The HTB CPTS Specialist exam is designed to test your ability to perform penetration testing in realistic environments. It includes:

  • Practical Labs: Focused on web application and network-based challenges.
  • Active Directory Exploitation: Many HTB labs involve Active Directory, which is essential to understand.
  • Reporting: After compromising systems, you need to provide professional reports with technical and business-level explanations.

Tip: Familiarize yourself with the types of environments (web apps, networks, Active Directory) that HTB specializes in.

  • Information Gathering: Using tools like Nmap, Recon-ng, and Burp Suite for discovery and reconnaissance.
  • Vulnerability Analysis: Identifying vulnerabilities in both web apps and network systems (e.g., SQL injection, RCE).
  • Exploitation: Practice exploiting vulnerabilities with Metasploit, manual techniques, and writing custom exploits if necessary.
  • Post-Exploitation: Lateral movement, privilege escalation (both Linux and Windows), and persistence.

How to Prepare for HTB CPTS Exam

  • First make sure to cover the exam objectives discussed above.
  • Get yourself familiar with the below tools:

Nmap: For network discovery and port scanning.

Burp Suite: For web application testing and vulnerability exploitation.

Metasploit: For automated exploitation and payload management.

BloodHound: Essential for mapping out Active Directory trust relationships and potential attack paths.

Impacket Tools: For various Active Directory attacks.

John the Ripper/Hashcat: For password cracking.

Gobuster/Dirbuster: For directory brute-forcing.

  • Reporting is key aspect of this exam:

One unique aspect of the HTB CPTS exam is the emphasis on reporting. You are expected to create detailed penetration testing reports, including:

  • Technical Findings: Description of vulnerabilities, how they were exploited, evidence of exploitation (e.g., screenshots), and impact analysis.
  • Mitigation Recommendations: Solutions for addressing the vulnerabilities discovered.
  • Business Impact: A clear explanation of how the vulnerabilities affect the organization’s security posture.

Machines to practice

Active Directory environments are a significant part of the CPTS exam, focusing on common AD vulnerabilities and exploitation techniques. These machines will help you practice privilege escalation, lateral movement, and AD-specific attacks like Kerberoasting or Pass-the-Hash.

  • Forest: A comprehensive machine focusing on AD enumeration, Kerberoasting, and privilege escalation.
  • Nest: This box requires deep knowledge of AD and focuses on SMB shares and misconfigurations leading to privilege escalation.
  • Monteverde: Involves AD exploitation and Kerberoasting. Excellent for practicing the exploitation of Windows environments.
  • Escape: An AD-focused machine that requires understanding Kerberos and custom exploit development.
  • Ypuffy: Targets AD misconfigurations and requires knowledge of LDAP queries and the BloodHound tool.

Get a Copy of HackTheBox Certified Penetration Testing Specialist (CPTS) Study Notes

Table of content:

– About the CPTS exam

– Tips to prepare

– Recommended HackTheBox machines to practicse

– Information Gathering & Enumeration

– Network & Web Exploitation

– Linux Hacking

– Windows Hacking

-Active Directory Hacking

-Password Cracking

Page Count: 875

Format: PDF + Markup

Testimonials (LinkedIn)

How to buy the study notes?

You can buy the booklet directly by clicking on the button below

HackTheBox Certified Penetration Testing Specialist (CPTS) Study Notes

After you buy the booklet, you will be able to download the PDF booklet along with the markup files if you want to import them to Obsidian software.

HTB CPTS vs OSCP

1. Focus and Content

  • HTB CPTS:
    • Focus: HTB CPTS is designed around real-world scenarios, with a heavy emphasis on modern penetration testing techniques. It covers a wide range of topics, including web application exploitation, Active Directory (AD) attacks, network exploitation, and reporting. It is highly practical and uses the Hack The Box (HTB) platform to challenge candidates with realistic, enterprise-like environments.
    • Active Directory Exploitation: A major focus of HTB CPTS is Active Directory exploitation, which is critical in modern enterprise penetration testing.
    • Real-World Labs: HTB CPTS focuses on practical labs inspired by real-world environments, rather than solely theoretical knowledge or basic systems.
  • OSCP:
    • Focus: OSCP is more foundational in nature, covering the basics of penetration testing. It emphasizes learning core exploitation techniques and manual exploitation, which includes network scanning, enumeration, exploitation, privilege escalation, and basic buffer overflow attacks.
    • Manual Exploitation: OSCP stresses the importance of performing tasks manually, often discouraging automated tools like Metasploit, except in limited cases.
    • Broad but Fundamental: While OSCP provides solid groundwork for penetration testing, its scope is generally broader but not as specialized in areas like AD exploitation compared to HTB CPTS.

2. Exam Structure

  • HTB CPTS:
    • Practical Focus: The HTB CPTS exam is completely practical, where candidates are required to exploit vulnerabilities in a simulated enterprise environment, which includes web applications, network services, and Active Directory.
    • Duration: The exam is usually spread across a few days (e.g., 10 days) to allow candidates time to complete all tasks, perform post-exploitation, and write the report.
    • Reporting: A significant part of the exam is writing a professional penetration testing report detailing your findings and recommended mitigations. The quality of the report is critical for passing.
    • Realism: Since the exam uses HTB’s labs, which are known for their realism and complexity, the exam challenges are closely aligned with modern enterprise environments.
  • OSCP:
    • Practical Focus: The OSCP exam is also hands-on and practical, requiring candidates to compromise a set number of machines (usually 5) in a 24-hour time window, with varying levels of difficulty.
    • Duration: The exam is 24 hours long, followed by an additional 24 hours to submit the exam report. Candidates must score 70 points out of 100 to pass.
    • Reporting: Candidates must provide a comprehensive report detailing their exploitation methods and the vulnerabilities discovered. Clear documentation is critical for passing the exam.

3. Difficulty Level

  • HTB CPTS:
    • Difficulty: HTB CPTS is considered challenging due to the real-world complexity of the labs. The focus on modern techniques (especially Active Directory exploitation) makes it more challenging for candidates who lack experience in enterprise environments.
    • Advanced Topics: AD attacks and some web exploitation methods in HTB CPTS can be more advanced compared to what is typically found in OSCP.
    • Practicality: If you’re already comfortable with HTB-style challenges, the learning curve might be less steep, but the real-world enterprise environment can still be tough.
  • OSCP:
    • Difficulty: OSCP is often seen as a more foundational, entry-level certification for penetration testers. It is challenging due to its time constraint (24 hours) and the emphasis on manual exploitation.
    • Basic Techniques: While OSCP tests core penetration testing concepts and techniques, it does not delve as deeply into advanced topics like Active Directory or modern post-exploitation techniques.
    • Buffer Overflow: The inclusion of buffer overflow exploitation, while not common in HTB CPTS, is a key part of OSCP. This could be challenging for those unfamiliar with this technique.

4. Preparation Materials

  • HTB CPTS:
    • Platform: Preparation for HTB CPTS is centered around the Hack The Box platform. Candidates should be familiar with HTB-style machines and challenges.
    • Focus on Labs: The preparation typically involves solving Active Directory, network, and web exploitation challenges from HTB’s machine repository.
    • Hands-on Experience: The best preparation for HTB CPTS is hands-on practice with HTB labs, specifically focusing on realistic penetration testing scenarios.
  • OSCP:
    • PWK Course: The OSCP is paired with the Penetration Testing with Kali Linux (PWK) course, which provides instructional videos, a PDF guide, and access to the PWK labs.
    • Structured Curriculum: OSCP candidates follow a structured curriculum that covers the basics of penetration testing, from information gathering to exploitation and reporting.
    • Practice: Candidates can practice using both the PWK labs and external platforms like TryHackMe, VulnHub, or HTB, although OSCP labs are designed to align directly with the exam objectives.

5. Target Audience

  • HTB CPTS:
    • Best suited for individuals who already have some experience in penetration testing or cybersecurity and want to focus on real-world enterprise environments. If you are aiming to work in large organizations, especially those that use Active Directory, HTB CPTS is a strong choice.
    • Ideal for those who have already worked with Hack The Box and want certification that reflects their skills in modern and realistic penetration testing.
  • OSCP:
    • More suited for beginners or individuals with limited penetration testing experience who are looking to get a foothold in the field. OSCP is an excellent entry-level certification that proves your ability to think critically and solve basic exploitation problems.
    • OSCP is widely regarded as a benchmark certification for getting into penetration testing, making it great for newcomers to the field.

6. Industry Recognition

  • HTB CPTS:
    • Recognition: While newer compared to OSCP, HTB CPTS has rapidly gained recognition, especially in communities focused on practical skills and modern penetration testing techniques. It’s seen as a specialized certification, especially for its focus on realistic environments and Active Directory attacks.
    • Growing Popularity: Hack The Box’s popularity in the penetration testing community has made the CPTS certification highly relevant, especially among experienced testers who are familiar with HTB’s challenging labs.
  • OSCP:
    • Recognition: OSCP is one of the most well-known and respected certifications in the cybersecurity field. It is widely recognized by employers and is often considered a baseline certification for penetration testers.
    • Industry Standard: OSCP has been an industry standard for years, and many job listings in cybersecurity specifically mention OSCP as a preferred certification for penetration testers.

7. Cost

  • HTB CPTS:
    • The cost for HTB CPTS may vary depending on whether you have an existing HTB VIP subscription or need access to specific preparation materials. According to this page, the cost as of this writing is 490$
    • Generally, the exam and preparation are considered more affordable, especially if you are already an HTB user.
  • OSCP:
    • OSCP is generally more expensive, with the exam and PWK course package starting at around $1,499 (including 30 days of lab access).
    • Additional lab time costs extra, so if you need more time to prepare, this can increase the overall cost.

8. Renewal and Continuing Education

  • HTB CPTS:
    • HTB CPTS is relatively new, and Hack The Box has not yet formalized a renewal process or continuing education requirements for the certification. However, staying active on HTB and solving new challenges is a natural way to keep skills sharp.
  • OSCP:
    • OSCP does not require renewal, but Offensive Security does offer continuing education through their advanced certifications like OSCE (Certified Expert) or OSWE (Web Expert). Keeping current with new techniques and continuing to learn will ensure that your OSCP remains valuable.

What about the notes updates?

if you have been watching my YouTube Channel, you definitely know that those who subscribe to the second tier of my channel membership they instantly get access to a vast catalog of cybersecurity, penetration testing, digital marketing, system administration and data analytics notes catalog for 10$ along with the ability to receive all notes updates as long as they are subscribed so what does that mean?

This means if you want to stay up to date with the changes and updates to the notes and get access to other categories, I encourage to join the channel membership second tier instead. However, if you are fine with downloading the current version of this section of the notes then you can buy this booklet instead for a one-time payment.

Will the prices of this booklet change in the future?

Once another version of this booklet is released, which it will, the price will slightly change as the booklet will include more contents, notes and illustrations.

Free Cyber Security Training Courses

Checkout the playlist below on my YouTube channel for free Cyber Security Training