How hard is CPTS really?

It is extremely hard while you are doing it. The difficulty is not just in the technical part, but in staying consistent for 10 days, dealing with dead ends, and figuring out your own workflow under pressure. Once you finish it, it feels more structured in hindsight, but during the exam it can get overwhelming.

Do I need external resources to pass CPTS?

No. Everything needed is inside the Penetration Tester path. External resources are not required, and the exam is designed in a way where the provided material is enough. The real challenge is how well you understand and apply it, not finding extra information.

How important is the course path for CPTS?

Very important. Completing the 28 modules is not just a prerequisite - it is the foundation of the exam. If you rush through it without understanding, you will struggle heavily during the exam. It is long, but it directly maps to what you will face.

Are the CPTS labs enough preparation?

Yes, but they are structured differently than the exam. Labs usually isolate specific techniques, while the exam requires combining multiple things together. That gap is something you need to mentally bridge yourself.

Is CPTS harder than OSCP?

I cannot say for certain since I have not taken OSCP myself. However, based on the experiences of people who have done both, the general consensus is that CPTS is significantly harder. Most people also describe OSCP as more CTF-like, while CPTS is closer to a real-world engagement.

How important is reporting for CPTS?

Extremely important. The report is not optional or secondary - it is a core part of the evaluation. Even if you successfully compromise the environment, the report is what determines the final outcome.

What was the biggest challenge during the CPTS exam?

The biggest challenge was staying consistent over multiple days and dealing with moments where progress suddenly stops for no clear reason. In my case, there were also environment-related issues which added extra frustration and time loss.

How should I approach the CPTS exam?

There is no single correct method, but a few things are critical: enumerate everything properly, don't rely on a single tool, be ready to change approach when something stops working, and document everything as you go. The exam is less about speed and more about consistency and structure.

How many flags do I need to pass CPTS?

You need 12 flags. Anything beyond that is optional and more for personal completion rather than a requirement.

What helped you the most during CPTS preparation?

Consistency with the course material and focusing on understanding instead of rushing through modules. Also, getting comfortable with pivoting, enumeration, and reporting made a big difference compared to just doing isolated labs.

HackTheBox Certified Penetration Testing Specialist (CPTS) Review

Disclaimer

Everything I share here is based entirely on my own personal experience. Others may have had very different experiences with this certification. My observations are subjective and should not be taken as absolute facts or as representative of anyone else's opinion. I am not affiliated with or speaking on behalf of Hack The Box.

What is CPTS?

The Certified Penetration Testing Specialist (CPTS) is a practical penetration testing certification provided by Hack The Box through Hack The Box Academy.

It is designed for intermediate penetration testers and is completely focused on hands-on skills in realistic environments. There is no theory-based testing, everything comes down to actually performing attacks and understanding how systems behave in practice.

To qualify for the exam, you must complete the Penetration Tester path, which consists of 28 modules. This is not just a formality - finishing this path is a challenge on its own and requires serious time and focus.

The content covers areas such as:

•Active Directory enumeration and attacks

•Web exploitation

•Privilege escalation (Linux & Windows)

•Pivoting and lateral movement

•Password attacks

•Reporting

CPTS Exam Overview

•Exam Cost: Depends on Academy subscription tier plus exam voucher.

•Duration: 10 days total - this includes both the penetration test itself and writing the final report.

•Certification Validity: Lifetime.

The exam is a real-world simulation where you are placed inside a corporate environment and expected to fully compromise it and document your work professionally.

HackTheBox Certified Penetration Testing Specialist (CPTS) certification

My Opinion on the Materials

I believe that when it comes to network penetration testing content on the internet, there are no better materials than this. However, that does not mean they are perfect.

The materials are high quality, but:

•They are often very dry and mentally exhausting. Some topics are over-explained and certain things could be explained in a much simpler and more direct way.

•The course itself is a challenge to complete.

•Some parts feel unnecessarily long.

One thing I didn't like is how disconnected the learning process feels.

I think it would be much better if, after every few lessons, there were small lab environments similar to simplified Hack The Box machines, where multiple concepts are combined. Then, as you progress, new lessons could expand those same labs, making them more complex over time.

That way, you would continuously build on what you've already learned instead of having to connect everything yourself later. In my opinion, that would make understanding much easier and more practical.

Also, the Password Attacks module is something I personally didn't like. Running tools like hashcat and waiting 10+ minutes is not really skill, it's just time. It doesn't add much beyond basic tool usage.

Exam Experience

Honestly, this is the hardest certification I've ever done. It pushed me more than anything else so far, and there were multiple moments where I seriously considered quitting.

One thing that bothered me the most was the environment. I had a very unstable experience, and I want to be upfront that this may have been on my side rather than an issue with Hack The Box. I'm sharing it simply because it shaped a significant part of my exam.

I had to reset the environment around 6 to 8 times, and there were situations where I was doing everything correctly but not getting any results. After resetting, the same steps would suddenly start working. Because of that, I lost around 24 hours total just retrying things, resetting, and troubleshooting, while actually being on the right path the whole time.

I've seen people say they had a great experience with the environment and even praise it. Everyone's experience is different.

My progress looked like this:

Day 1NothingEnvironment issues, even though I was on the right path

Day 2Flags 1, 2, 3

Day 3Flag 4

Day 4Flags 5, 6, 7

Day 5 & half of Day 6Completely stuckEnvironment issues, things I was doing correctly were not working until reset

Day 6Flags 8, 9, 10, 11

Day 7Flag 12

I spent around 3 days writing the report, because I tend to write it in a way that even someone without prior experience can follow and fully replicate what I did. In the end, the report was around 120 pages.

After nine days and a few hours, with some time still left, I submitted my report.

Less than 24 hours later, I received the following email:

HackTheBox CPTS exam passed confirmation email

And just like that I passed.

Based on the feedback I received, the report quality was very high. It was described as well-structured, precise, clean, and professional.

I would share the exact feedback, but I'm not sure if that's allowed.

There was also some feedback I'm not sure I fully agree with. Implementing those suggestions would probably make the report significantly longer than 120 pages, and at that point there's a risk of turning it into something too large, which creates its own problems.

Final Thoughts

The exam is very difficult while you are doing it.

But once you get through it, your perspective changes. You realize it wasn't about some hidden trick or missing knowledge. It was about:

•Persistence

•Methodology

•Thinking things through

If you've done Hack The Box machines before, you probably know that feeling.

While you're stuck, it feels impossible. Once you solve it, everything suddenly makes sense.

Additional Learning Materials and Preparation Tips

I didn't use much extra material. Here's what actually helped:

•Enumeration is everything. I used to hate hearing this because everyone kept repeating it. But I ended up becoming that same person. Enumeration really is everything. What I would add is: don't rely on just one tool or one wordlist - always try multiple.

•Use ligolo-ng for tunneling. It's extremely useful. I recommend reading this post about it and actually practicing it before the exam.

•You will get stuck, accept it early. Don't panic. Change your method, change your tool, change your wordlist.

•Practice report writing. This is a huge part of the exam. You can refer to my separate blog post on report writing.

•Practice pivoting and double tunneling. It's easy to mess up and can slow you down a lot if you're not comfortable with it.

Important Tip

Once you reach 12 flags, stop and start writing your report. If you finish the report and still have time, you can always go back and try to get the remaining flags. But if you spend too much time chasing extra flags and run out of time, you won't be able to create more time for the report. You only need 12 flags to pass. Flags 13 and 14 are more of a personal achievement than a requirement.

What I'd Do Differently

If I had to do this again, here are a few things I would change:

•Practice ligolo-ng more before the exam. Don't just follow steps, actually understand how it works. Talk to AI about different setups, read real-life examples, and go through the mentioned blog post. This will save you a lot of time.

•Take notes constantly. Use something like Notion. Every time you get a flag, write down roughly what you did and take screenshots along the way. Later, this makes writing the report much easier. I had situations where I forgot how I got certain flags and what commands I used, so I had to basically rediscover everything.

•If you're stuck for 2 to 3 hours and you've really tried everything, move on. And I mean actually tried everything, not just "I think I tried enough". Different tools, different wordlists, different approaches. There's a chance you're stuck in a rabbit hole and wasting time on something that isn't meant to be exploited that way.

•Take more breaks. I didn't do this enough. I was sitting in a chair for around 10 hours a day, and by the end my hips and feet were hurting like I'm 90, not barely 24. Breaks actually help more than you think.

•If you have any environment issues, contact support immediately. Don't try to fight it for hours like I did. Ask for help or guidance so you don't lose unnecessary time.

•Treat it like you have 20 days, not 10. As far as I know, if you collect a few flags or even just one and submit a report explaining what you did, you can become eligible for a retake. That means in your next attempt you'll have another full 10 days, so think long-term and don't burn everything in one run.

Disclaimer

What is CPTS?

The Certified Penetration Testing Specialist (CPTS) is a practical penetration testing certification provided by Hack The Box through Hack The Box Academy.

The content covers areas such as:

•Active Directory enumeration and attacks

•Web exploitation

•Privilege escalation (Linux & Windows)

•Pivoting and lateral movement

•Password attacks

•Reporting

CPTS Exam Overview

•Exam Cost: Depends on Academy subscription tier plus exam voucher.

•Duration: 10 days total - this includes both the penetration test itself and writing the final report.

•Certification Validity: Lifetime.

The exam is a real-world simulation where you are placed inside a corporate environment and expected to fully compromise it and document your work professionally.

My Opinion on the Materials

I believe that when it comes to network penetration testing content on the internet, there are no better materials than this. However, that does not mean they are perfect.

The materials are high quality, but:

•They are often very dry and mentally exhausting. Some topics are over-explained and certain things could be explained in a much simpler and more direct way.

•The course itself is a challenge to complete.

•Some parts feel unnecessarily long.

One thing I didn't like is how disconnected the learning process feels.

Exam Experience

Honestly, this is the hardest certification I've ever done. It pushed me more than anything else so far, and there were multiple moments where I seriously considered quitting.

I've seen people say they had a great experience with the environment and even praise it. Everyone's experience is different.

My progress looked like this:

Day 1NothingEnvironment issues, even though I was on the right path

Day 2Flags 1, 2, 3

Day 3Flag 4

Day 4Flags 5, 6, 7

Day 5 & half of Day 6Completely stuckEnvironment issues, things I was doing correctly were not working until reset

Day 6Flags 8, 9, 10, 11

Day 7Flag 12

After nine days and a few hours, with some time still left, I submitted my report.

Less than 24 hours later, I received the following email:

And just like that I passed.

Based on the feedback I received, the report quality was very high. It was described as well-structured, precise, clean, and professional.

I would share the exact feedback, but I'm not sure if that's allowed.

Final Thoughts

The exam is very difficult while you are doing it.

But once you get through it, your perspective changes. You realize it wasn't about some hidden trick or missing knowledge. It was about:

•Persistence

•Methodology

•Thinking things through

If you've done Hack The Box machines before, you probably know that feeling.

While you're stuck, it feels impossible. Once you solve it, everything suddenly makes sense.

Additional Learning Materials and Preparation Tips

I didn't use much extra material. Here's what actually helped:

•Use ligolo-ng for tunneling. It's extremely useful. I recommend reading this post about it and actually practicing it before the exam.

•You will get stuck, accept it early. Don't panic. Change your method, change your tool, change your wordlist.

•Practice report writing. This is a huge part of the exam. You can refer to my separate blog post on report writing.

•Practice pivoting and double tunneling. It's easy to mess up and can slow you down a lot if you're not comfortable with it.

Important Tip

What I'd Do Differently

If I had to do this again, here are a few things I would change:

•If you have any environment issues, contact support immediately. Don't try to fight it for hours like I did. Ask for help or guidance so you don't lose unnecessary time.

Table of Contents

HackTheBox Certified Penetration Testing Specialist (CPTS) Review

Disclaimer

What is CPTS?

CPTS Exam Overview

My Opinion on the Materials

Exam Experience

Final Thoughts

Additional Learning Materials and Preparation Tips

Important Tip

What I'd Do Differently

Frequently Asked Questions

Table of Contents

HackTheBox Certified Penetration Testing Specialist (CPTS) Review

Disclaimer

What is CPTS?

CPTS Exam Overview

My Opinion on the Materials

Exam Experience

Final Thoughts

Additional Learning Materials and Preparation Tips

Important Tip

What I'd Do Differently

Frequently Asked Questions