What is HTB Certified Active Directory Pentesting Expert (CAPE)

HTB CAPE stands out as an advanced certification built to comprehensively cover all elements of Active Directory exploitation. It fills the gap left by foundational certificates like HTB CPTS, aiming to simulate real-world red teaming and penetration testing environments with a focus exclusively on AD.

HTB CAPE is an advanced-level certification created by Hack The Box, focused specifically on Active Directory (AD) penetration testing. The certification includes hands-on labs, 10 days to compromise a lab environment, and a 24-hour report-writing phase, following a structure similar to OSCP or CRTE. It targets professionals with prior pentesting experience, especially those interested in lateral movement, privilege escalation, and domain domination in Windows environments.

HTB markets it as a progression beyond their CPTS certification and an entry into red team-level Active Directory engagement, integrating real-world infrastructure and adversary simulation exercises.

HTB CAPE Target Audience

CAPE is beneficial not just for red teamers but also blue and purple teamers. Knowing how attacks work makes for stronger defenders. Its recommended to paire the CAPE course with relevant Hack The Box labs and utilizing the Academy’s cross-referencing tools.

HTB CAPE Exam

The CAPE exam provides 10 days to compromise a lab environment and submit a full commercial-grade report. Learners are encouraged to take notes, use frameworks, and even utilize AI tools cautiously. Report writing should ideally occur simultaneously with lab work to avoid last-minute confusion.

Format: Candidates are required to conduct penetration tests on multiple real-world and heterogeneous networks, followed by submitting a professional-grade report.

HTB CAPE Skill Areas

HTB CAPE certification holders will demonstrate proficiency in:

  • Advanced AD Exploitation: Understanding and exploiting misconfigurations in components such as Active Directory Certificate Services (ADCS), Windows Server Update Services (WSUS), Exchange, and domain trusts
  • Authentication Protocol Attacks: Executing sophisticated attacks abusing protocols like Kerberos and NTLM.
  • Post-Exploitation Techniques: Utilizing Command and Control (C2) frameworks for operations post-compromise.
  • Tool Proficiency: Leveraging specialized tools to exploit AD environments from both Linux and Windows platforms.

What tools are recommended for the exam?

Key tools include:

  • BloodHound
  • SharpHound
  • Mimikatz
  • Impacket suite
  • CrackMapExec
  • PowerView
  • Rubeus
  • Covenant / C2 frameworks

HTB CAPE Course Content

The certification path includes 15 modules that cover a wide range of topics essential for AD penetration testing. These modules provide both theoretical knowledge and practical exercises to reinforce learning.

  • Multiple realistic AD setups.
  • Manual exploitation preferred over automated tools.
  • Focus on AV/EDR evasion using LOLBAS and native tools.
  • Real-world AD misconfigurations and chained attack paths.

HTB CAPE Cost

HTB CAPE pricing stands at $1260 for the bundle, with 90 days lab access. While some could justify the price by pointing to the quality of the labs, others may contrast it unfavorably with:

  • CRTP ($249) and CRTE (~$450–700).
  • Other low-cost alternatives with better community or instructor support.

HTB CAPE price could be seen as as “enterprise-style”, reflecting HTB’s direction to target businesses and institutions more than individuals.

HTB CAPE vs CRTP/CRTE

FeatureHTB CAPECRTPCRTE
FocusAD Red TeamAD Pentest FundamentalsAD Red Team
Duration90 days labs + 48h exam30 days labs + 24h exam90+ days labs + 48h exam
DepthModerate to HighIntroductoryHigh
Price$1260$249~$499–699
SupportHTB Forums/ChatEmail/TicketsEmail + Discord
Hands-on✅✅✅✅✅✅✅✅✅

Get a Copy of HTB Certified Active Directory Pentesting Expert (HTB CAPE) Study Notes

The HTB Certified Active Directory Pentesting Expert (HTB CAPE) study notes is a comprehensive manual focused on mastering Active Directory (AD) security, enumeration, exploitation, and post-exploitation within a Windows environment, specifically tailored for Hack The Box’s CAPE certification. 

Who Is This Guide For?

  • Aspiring penetration testers eager to build a strong foundation in web application security.
  • Security enthusiasts and professionals seeking a structured approach to web exploitation.
  • Hackers preparing for the HTB CBBH exam who want a reference that goes beyond theoretical concepts.

Topics Covered

Intro & Requirements: CAPE assumes solid Windows internals, networking, and prior pentesting experience—ideally from HTB CPTS.

AD Concepts: Covers domain structure, OUs, trusts, and authentication protocols like Kerberos and NTLM for foundational understanding.

Enumeration Toolkit: Manual and scripted enumeration using tools like PowerView, ldapsearch, and smbmap to discover AD objects.

SMB & RPC Recon: Techniques for share discovery, RID brute force, and querying domain users and groups via rpcclient and crackmapexec.

BloodHound/SharpHound: Visualization of attack paths using AD object graphs, showing privilege inheritance and escalation paths.

Exploitation Scenarios: Practical demos of SeBackupPrivilege, DCSync, ADCS misconfigurations, PAC forging, and service abuse.

Persistence Techniques: Use of SIDHistory, Group Policy nesting, and admin script deployment for long-term access.

Kerberos Attacks: Golden Ticket, AS-REP roasting, TGT forging, and SPN enumeration for exploiting domain auth flows.

Exam Structure: Real-world AD environments tested over 10 days with commercial-grade report submission requirement.

Post-Exploitation: Certificate dumping, registry hive extraction, and credential harvesting across multiple machines using WinRM and WMI.

Table of Contents

  • About HTB CAPE
  • Key Subjects to Focus on
  • AD Foundations
  • AD Basics
  • AD Enumeration
  • AD Exploitation and Privilege Escalation
  • AD Credential Harvesting & Persistence
  • AD Post Exploitation & Lateral Movement

Page count: 157

Format: PDF

blank
blank
blank

Testimonials (LinkedIn)

How to buy the study notes?

You can buy the booklet directly by clicking on the button below

After you buy the booklet, you will be able to download the PDF book.

What about the notes updates?

if you have been watching my YouTube Channel, you definitely know that those who subscribe to the second tier of my channel membership they instantly get access to a vast catalog of cybersecurity, penetration testing, digital marketing, system administration and data analytics notes catalog for 10$ along with the ability to receive all notes updates as long as they are subscribed so what does that mean?

This means if you want to stay up to date with the changes and updates to the notes and get access to other categories, I encourage to join the channel membership second tier instead. However, if you are fine with downloading the current version of this section of the notes then you can buy this booklet instead for a one-time payment.

Will the prices of this booklet change in the future?

Once another version of this booklet is released, which it will, the price will slightly change as the booklet will include more contents, notes and illustrations.

Free Active Directory Penetration Testing Training

Checkout the playlist below on my YouTube channel for free Active Directory Penetration Testing Training

HTB CAPE Review

The good aspect about HTB CAPE is the practical, lab-based learning approach. The exam and training are seen as realistic, with a clear simulation of real corporate environments, including multi-domain forests and domain trusts.

However, threre could be gaps in depth and novelty, compared to:

  • PentesterAcademy’s labs
  • Sektor7 or APT-level labs

Another concern was content overlap with what seasoned testers already know. The HTB CAPE may be better suited for intermediate practitioners, not advanced experts.

Conclusion

HTB CAPE stands out as a rigorous and practical certification for professionals aiming to deepen their expertise in Active Directory security. Its comprehensive curriculum and hands-on approach ensure that candidates are well-prepared to handle real-world challenges in AD penetration testing.

FAQ

Who should pursue the HTB CAPE certification?
It’s ideal for penetration testers, red teamers, and security professionals with prior experience in AD environments and looking to demonstrate expertise in advanced AD exploitation.

Are the study notes beginner-friendly?
No. The notes assume prior knowledge of AD, basic pentesting, and tool usage. It’s recommended for those who’ve completed HTB’s CBBH or similar certifications.

Is there a lab component to study for HTB CAPE?
Yes. The CAPE track includes hands-on AD labs on Hack The Box to reinforce concepts through practical scenarios.

How should I prepare for the exam?

  • Complete all modules in the HTB CAPE track
  • Take notes and practice each technique
  • Review real-world AD attack paths
  • Build and exploit your own lab environment
  • Learn to document and report findings clearly

Is reporting required to pass HTB CAPE?
Yes. A detailed penetration test report is mandatory and contributes to your final evaluation. It must demonstrate professional documentation, including exploitation paths and mitigation recommendations.