CPTS Exam

Last week I attempted the CPTS exam. It was, without a doubt, the hardest exam I have ever taken and I do not think it is close. The exam takes you through a full penetration test, where you must compromise a simulated business network, tackling very complex topics such as web exploitation, lateral movement, privilege escalation with a heavy focus on Active Directory. The ten day exam period might seem overkill, but I guarantee it is not, the exam environment is massive and if you are not prepared, you will fail.

The Path

To qualify for the exam you must first complete the entire penetration tester path which covers all the modules that you need to tackle the exam. At first I was not taking proper notes or simply skipping some “boring” modules without giving it a second thought. I came to understand that the modules I felt were boring were not because the content was lacking or badly explained it was in fact because I was not properly understanding basic concepts. After completing the path I knew I was not even close to being ready. After completing all the path for a second time I felt a lot more confident. I believe the entire process took around 5 months studying about three hours per day.

I would really recommend to take proper notes, write them in your own words and do not simply copy paste. I used obsidian but you can use your preferred notetaking app. You most likely will only need the commands when the exam comes around but personally, I sometimes liked to read what the command would do in detail and the context of when and why it was used.

The Exam

The exam is extremely challenging, both mentally and skill wise, impostor symptom is inevitable when you get stuck for days. The lack of progress can be discouraging but do not lose hope. I failed my first attempt on flag 8 where I got stuck for 4 days, but after two hours within my second attempt, I got it, I used the break in between to revise my methodology and that got me through. I was extremely happy when I got my 12th flag but there is another section of the exam, the report.

The report is where many people fail, it is really strict. The full walkthrough has to be extremely detailed and the executive summary must be easy to understand for someone with no tech experience. I found the findings section to be more lax, but it is still important to explain each one in detail. My final report was 143 pages long, yes its long, but take into account that the structure of it makes you repeat the information quite a bit.

Tips and Tricks

I do not think I am saying anything new since many people have already talked about this. It is very important to understand the contents of the path and what a better way to test your skills and preparation by attempting the last module (Attacking Enterprise Networks) completely blind, meaning, spawn up the initial IP and try to get Domain Admin. If you are able to do so you are decently prepared, this does not mean you can ace the exam but things are looking good. After completing the last module I REALLY recommend takin the new CPTS track in the HTB’s main platform. You can find it here

Many people recommend IPsecs unofficial playlist but it is outdated since it was meant for the previous exam iteration which was changed around april of this year. I still think its quite good but not as relevant I would recommend the official track over it. Here are some more concise tips.

1. If you are stuck, ENUMERATE, use other tools, draw on a whiteboard, sleep, take a walk
2. Write the report as you go, this also helps when you are stuck.
3. Use the sysreptor template for reporting, it makes it a lot easier to write findings or sections and its intuitive.
4. Take screenshots as you go, I wasted a lot of time going back to compile information for the report
5. Save every bit of information, notes, passwords, you never know when they will be useful
6. If something does not work, try again later and with another tool.

A big part of the exam relies on pivoting, it is a complex topic and for this exam I cannot recommend Ligolo-ng more. It simplifies the entire process, providing an interface were you can manage your pivots and port forwarding.

Whats next?

I do not really know myself. I think I will attempt CompTIA’s Security+ in the upcoming month, maybe OSCP some time later. If you found any of this info useful please leave some respect on my HTB account.