5 minute read

HTB CPTS

As I write this post I am currently 49% through HackTheBox’s Penetration Tester path in preparation for their Certified Penetration Tester Specialist (CPTS) exam. What is this course and why am I taking it?

I will try to answer this question and also give my opinion on what I like, dislike, and who I would recommend to also take this course and obtain the CPTS certification.

What is the HTB CPTS?

The CPTS is a pentesting certification that requires you to demonstrate your pentesting skills in a strenuous 10 day exam against a real world Active Directory computer network. Passing this exam requires not only that you completely compromise the AD domain controller but also the creation of a professional pentesting report both with vulnerability findings and remediation recommendations. All the skills that are required for the exam are taught in the Penetration Tester pathway in the HTB Academy. Completion of this course is also mandatory before taking the exam.

The CPTS is a relatively new certification that many HR departments may not recognize as readily as the OffSec Certified Professional (OSCP) but it’s quickly getting on the radar of those involved in cybersecurity. In fact, many are of the opinion that obtaining the CPTS is not only harder but also demonstrates a higher level of competency than the OSCP. But why is a long time bug bounty hunter like myself trying to get it?

The bug bounty hunting conundrum

When I quit my IT job and started my full-time bug bounty journey in 2018 I was extremely excited. I finally found a niche for myself where I could satisfy my interest in offensive security and also get paid for it. It was awesome getting notifications on my phone that the account takeover exploit I reported had been triaged and even better when I got that reward. But there were also the moments in between bounties. The times where self-doubt would begin to creep in.

Am I really good enough to keep doing this?

Will I be able to make a living with bug bounties?

Will after six years I can say to the latter that yes, I did make a living from bug bounties, but the former question is one that is harder to answer.

Imagine working at a gold mine. You can choose wherever you dig but you will only get paid if you find gold. Oh and by the way, there are thousands of other workers looking in the same places for gold you are looking for. That’s the situation for bug bounty hunting. It doesn’t matter the amount of hours you put into testing a web application or enumerating its endpoints. If you did not find a vulnerability that no one else reported already you get nothing.

The other problem with bug bounty hunting is the challenge of communicating skill when applying to different roles in cybersecurity. How does a future employer gauge your skills when the majority of the security findings you’ve made in fortune 500 companies are subject to NDAs? Even when browsing my hackerone profile hardly any detail can be seen about all of the reports I’ve filled over the years.

For these reasons and more I’ve decided that the CPTS can be my pathway to technical skill development and a more traditional cybersecurity position.

What I like so far

Initially when I started the course I was taken back by the lack of videos. Especially the beginning modules were just mountains of text! But as the course progressed and got into the practical side of penetration testing, I grew to like this approach. Honestly, the amount of materially covered really couldn’t be realistically covered through videos. The text-based approach of the course also makes copying and pasting essential information like commands much easier.

What I especially enjoy in this course are the practical lab assignments you have to do after many of the chapters. For example, there is a chapter that mentions how to transfer files using the Python http.server module. You can then access via VPN a lab environment in which you can practice using this command and others you’ve learned to transfer files from one host to another. And since many modules build on the skills you previously learned, each lab assignment gives you the opportunity to mix different commands and approaches all while continually reinforcing your practical skills.

What I did not like

If you’ve done much research on this course you may have already heard about the dreadful Password Attacks module. That’s not to say that the educational content in that module is subpar or anything because it really is quite useful. The problem with this module are the labs included which often require the “luck” of finding the right list of passwords and users for bruteforcing. Now it wasn’t as bad as I feared but I recommend that anyone going through those labs make free use of searching the HTB forums. You may end up getting a hint to solve the labs in this way and while that may seem unfair, keep in mind that spending hours or even days on such exercises is really not worth it in the long run.

Who I recommend take this course

If you are an absoulte beginner with cybersecurity I would advise you to first avail yourself of the free resource available at https://tryhackme.com . I haven’t gone this route myself but from what I hear from others the CPTS is actually quite an intermediate course for those without at least some foundational cybersecurity knowledge. I couldn’t imagine for example being able to understand all the linux command chaining and network pivoting concepts without the knowledge I’ve attained through my intense interest in hacking as a teenager and my experience as a bug bounty hunter.

If you do have such foundational knowledge then I definiately recommend this course. The best deal currently is if you have an .edu student email address. Then you can activate a discount and pay about 8 dollars a month to access the course. The exam is a separate fee of 210 dollars. Feel free to use my referal link if you would like to help support me.

The Future

I am hoping to keep the ball rolling and complete this course and pass the CPTS exam this year. Hopefully that qualification will allow me to transition from a bug bounty hunter to a more formal role in cybersecurity. I also have my eyes on other certifications from HackTheBox such as the HTB Certified Web Exploitation Expert (HTB CWEE)

I hope my experience so far in taking this course has has been useful to you and has helped you to make a decision about whether you would like to take it as well.

Updated: