Introduction
The Certified Penetration Testing Specialist (CPTS) is one of the most practical penetration testing certifications available today. This post summarizes my experience across two exam attempts, the mistakes I made, and the lessons I learned along the way.
Disclaimer: This post does not contain exam spoilers or confidential information. It only shares my personal experience and general advice.
First Attempt
My first attempt was far from ideal.
I spent almost an entire day solving the first flag. After that, I became stuck on the second flag for four to five days. Looking back, my biggest mistake was assuming the solution had to involve a long and complex attack chain. I kept overthinking the problem instead of stepping back and reconsidering my approach.
The reality was much simpler than I expected.
One of the biggest lessons I learned from this attempt was:
Sometimes you don’t need to dig deeper—you just need to know where to dig.
After finally moving forward, I spent the remaining days working through the other objectives. Flags 3, 4, 5, and 6 were relatively straightforward, and I completed them within two to three days. I wouldn’t describe them as either easy or difficult—they felt somewhere between medium and easy, provided your enumeration was thorough.
I then spent several hours working on Flag 7 before reaching Flag 8, where I eventually got stuck. Unfortunately, I wasn’t able to complete the remaining objectives before my exam time expired.
Second Attempt
My second attempt went much more smoothly.
I solved Flag 8 on the first day and completed Flags 9, 10, and 11 on the second day.
Although Flag 12 took another two to three days to solve, Flag 8 was by far the most challenging objective in the entire exam.
For me, Flag 8 required maintaining a long attack chain where every step depended on successfully completing the previous one. It tested not only technical knowledge but also patience, methodology, and the ability to keep track of the entire engagement from start to finish.
After completing Flag 12, I realized that the biggest challenge was identifying the correct approach. Once I found it, everything became much more straightforward.
The biggest lesson from my second attempt was the importance of enumeration.
Many people immediately start looking for complicated exploits or advanced attack chains. In reality, successful penetration tests often depend on careful enumeration and understanding the information already available.
Good enumeration solves more problems than complicated exploitation.
After completing the remaining objectives, I finished my report, submitted it, and successfully earned the Certified Penetration Testing Specialist (CPTS) certification.
Lessons Learned
If I had to give advice to anyone preparing for the CPTS exam, it would be:
- Never overcomplicate the target.
- Trust your enumeration before searching for advanced exploits.
- If you’re stuck, take a break and return with a fresh perspective.
- Document everything as you go. It makes writing the final report much easier.
- Stay patient and keep moving forward, even when progress feels slow.
If there’s one lesson I took away from both attempts, it’s this:
Enumeration wins exams.
The more accurately you enumerate, the less likely you are to waste hours chasing assumptions or overcomplicating the attack path. Many objectives become much simpler once you identify the right place to look.
Final Thoughts
Passing the CPTS wasn’t just about technical knowledge—it was also about methodology, patience, and persistence.
My first attempt taught me what not to do, while my second attempt proved how much of a difference experience and disciplined enumeration can make.
Earning the certification on my second attempt made it even more rewarding because it reflected the lessons I learned from my first experience.
Good luck to everyone preparing for the CPTS exam. Stay persistent, trust your methodology, and never underestimate the value of solid enumeration.
💚 Thank You, Hack The Box!
Thank you for creating one of the most practical and enjoyable penetration testing certifications available.
The CPTS certification challenged me to think critically, improve my methodology, and become a better penetration tester. The exam was demanding, rewarding, and an invaluable learning experience from beginning to end.
Thank you, Hack The Box, for the valuable experience!
🚀 See you in the labs.