Community has always played a crucial role in my journey. I received guidance, support, and valuable experience, and this is my opportunity to give back.
Certified Penetration Testing Specialist (CPTS) is a highly hands-on certification that evaluates a candidate’s penetration testing skills. Therefore, the approach to this certification should be as serious as its objectives.
Preparation
This is the stage where most people find themselves, and yet, it is the most confusing part. How much preparation is enough? Should I start with this first?
I began my Hack The Box (HTB) labs in Season 5, consistently pwning new machines upon release. Yes, I collaborate with my teammates, and I also read write-ups—which I highly recommend. Collaboration is not cheating; cheating only occurs when you publicly share solutions online.
Why are labs useful? Because the methodology behind CPTS flags is very similar. You begin with an IP/URL/Host, enumerate to gather information about potential vulnerabilities, exploit them to gain a foothold, escalate privileges to root, and repeat until you reach your final objective.
The number of labs completed is not the most important factor—although the more, the better. What matters most is that labs often require unique exploitation approaches. Sometimes, after doing many labs with different paths, I overcomplicated my enumeration during the actual exam.
The most important—and really the only—way to improve your chances is to commit to the Penetration Tester Role Path. Do not let the description fool you: the workload is massive for a so-called “beginner” course. 28 modules and 495 sections are prerequisites to qualify for the exam. Do not try to cheat by looking for solutions online. This is not an exam you can shortcut—you will learn nothing if you simply copy and paste answers.
Did I do any Pro Labs?
No, I did not. As a student, my budget was tight, so I kept expenses as low as possible. However, you can finish a Season on HTB Labs, which will earn you a discount for the platform. I actually received a discount code but forgot to use it…
That said, I highly recommend Pro Labs because they are the closest experience to the CPTS exam, with a realistic environment where multiple hosts and services run across different networks.
My Tips for You
Exploitation phase
Have at least one Windows 10/11 virtual machine. Some applications will not run on macOS or Linux. If you are using a MacBook like me, consider VMware Fusion. I previously used UTM, but its performance was nowhere near VMware Fusion. If your hacking machine is a VM, always create backups and snapshots.
I had issues with bloodhound-python and BloodHound.py, I would suggest using RustHound-CE and BloodHound Community Edition. They are constantly updating, things moving fast, so be flexible and find alternative solutions when thing does not work properly.
Take detailed notes. Break down problems so you fully understand what you are documenting. This will help with enumeration and later with report writing.
Go outside and take breaks—it matters. Once you get into the flow, it’s easy to fall into endless loops of testing and failing. An exhausted mind will not help you.
Report writing
There is no strict minimum or maximum page limit. However, imagine yourself as the client: would you want to read through 500 pages of bloated content? On the other hand, delivering only 30 pages with a handful of out-of-scope findings would also be unacceptable. Balance is key.
Use AI. The exam allows AI usage, so there is no reason not to. Handling ~30 findings in just a few days (after the exploitation phase) is overwhelming. Use your detailed notes, feed them into AI, and generate findings based on your own template. However, always double-check outputs—AI makes mistakes, and it is your responsibility to correct them.
Do not forget to include figures, tables, and descriptions for every screenshot and command. Tools like mimikatz or rubeus do not explain themselves in a screenshot—you must provide context.
Result
19/08/2025: I have finally passed. Coincidentally, this also marks exactly one year of my CPTS journey. A milestone to remember.