+------------------------------------------------------------+ | 10-Day CPTS Engagement | +------------------------------------------------------------+ | Days 1–10: Network Exploitation & Flag Collection | | • Deep Scanning & Enumeration | | • Internal Network Pivoting | | • Full Active Directory Forest Compromise | | • 14 System/User Flags to Recover | +------------------------------------------------------------+ | Days 1–10: Commercial-Grade Reporting (Concurrent) | | • Documentation of Vulnerabilities | | • Step-by-Step Remediation Strategies | | • Executive Summary & Technical Breakdown | +------------------------------------------------------------+ The Rules of Engagement
The CPTS exam is the final component of the Hack The Box Academy Pentester Job Role Path. It is designed to emulate a real-world, black-box penetration test. 100% Practical (No multiple-choice questions).
The scenario often requires lateral movement and privilege escalation across a Windows domain.
The exam mimics real-world penetration tests, including complex network segmentation, rather than just solving isolated machines. cpts exam
Given the exam's difficulty, a structured preparation strategy is essential. The HTB Academy path itself is your primary resource, but here are key strategies recommended by successful candidates:
The CPTS exam is . You should only register for this exam if you fit one of these profiles:
9.5/10 (Deducted half a point for the emotional damage to my family, who watched me stare at a Burp Suite window for 14 consecutive hours). The scenario often requires lateral movement and privilege
The has historically served as the cybersecurity industry standard. However, the CPTS has shifted the landscape by emphasizing methodical, deep dive technical skills over time-restricted testing windows. OffSec OSCP Exam Duration 10 Days total (Simultaneous testing & reporting) 24 Hours testing + 24 Hours reporting Lab Coverage 28 Modules (Penetration Tester Path) Guided course text and standalone lab boxes Environment Style Large, interconnected Active Directory forests Small standalone targets + 1 Active Directory set Primary Metric Professional methodology and pivoting Enumeration speed and exploitation execution Proctoring Unproctored (Trust-based) Live proctored via webcam and screen-share Reporting Standard Commercial-grade, formal technical report Basic compliance reporting of compromised hosts 3. Core Technical Pillars Evaluated
: Avoid vague fixes like "update your software." Provide actionable code patches, secure configuration lines, or group policy adjustments. How to Prepare Efficiently
The CPTS certification path covers roughly 30 modules. While the exam does not test every module, you must master the following domains to pass: The HTB Academy path itself is your primary
Take screenshots of your terminal showing the command run, the output, and the flag file. If you exploit a machine but forget to screenshot the process, you may struggle to write a passing report.
: Vulnerabilities should be classified objectively using CVSS metrics rather than arbitrary threat levels.
Work 8 to 10 hours a day, eat well, and sleep. You have 10 days; do not try to pull a 48-hour marathon.
You will begin with limited information and must enumerate services, gain a foothold, and map the network.
I used Obsidian with tags for every technique (e.g., #win-privesc , #kerberoast , #pivot-ssh ). When I hit a dead end, I searched my notes instead of the internet. That speed matters.
