CPTS Journey

My Journey to Passing the CPTS Exam

Disclaimer: I'm not a pro, just a curious person trying to understand things. I am writing this to improve my writing skills and share what I did to pass. I’ve skipped some small details to keep it focused.

Damn, I passed the CPTS exam!

I want to share my experience of how I finished one of the coolest exams in cybersecurity. This is my second certificate after CEH v13. I am currently working my very first job in this field, and before this, I had zero prior experience.

I spent about 4-5 months grinding the CPTS path on HackTheBox Academy, putting in around 8-10 hours every weekend. During this journey, I took a lot of notes and practiced the labs “blindly” to train my brain to find vulnerabilities. Also, research skills are a must! You have to constantly Google things to understand what you are facing.

Without further ado, let’s get into the journey.

The Exam Rules

Here is what you have to do to pass:

• The exam is stimulated a real-world network, consisting of 7 differents machines.
• You have 10 days to hack 7 different machines (Linux and Windows).
• There are 14 flags total. You need at least 12 flags to pass.
• You must write a professional, commercial-grade penetration testing report.
• You get 2 attempts. If you fail the first time, you can try again.

The Preparation

After the Academy path, I spent a month on the CPTS track boxes on HTB. I followed along with IppSec’s unofficial CPTS prep playlist. I also spent another month grinding HTB Pro Labs, finishing both Dante and Zephyr.

I learned so much during this path—Active Directory (AD), Windows internals, and how hackers actually pivot across a network. I also learned how to use automated tools efficiently—knowing why and when to use them for specific attacks.

One very important tip: Take notes while you learn. Don’t try to remember every command in your head. I used Obsidian as my “second brain.” I noted down everything I might need later. Writing things down helps you think more clearly and builds a better thought process for the exam.

Even with all this, I didn’t feel ready. I saw people on Reddit saying they got 0/14 flags, and the Imposter Syndrome was real! But I told myself to just go in “unready” and learn on the fly. Then i started the exam :(

The 10-Day Exam

Day 1: I was scared. I got RCE, but I landed inside a Docker container. It was a rabbit hole, not the real way to the flag. I realized I needed to rest, reset my brain, and come back later.

Day 2: I finally found the path to the first flag. Everything started clicking! I began to understand the environment. It felt like learning the weaknesses of a final boss in a video game, hahaha.

Once I figured it out, I got 5 flags on that second day alone. By Day 4, I had 12 flags—enough to pass! I took the next 3 days just for the report.

The CPTS exam focuses heavily on Active Directory. Surprisingly, I had no AD knowledge before I started this path. To pass the CPTS, you have to become a ‘User’ with the highest permissions to achieve total network dominance. But it is not as easy as it sounds—you have to go through many rabbit holes, move back and forth, and hunt down the specific misconfigurations that let you in. Those just are my perspective viewing CPTS exam, others might find it different.

But it didn’t end there. After spending two days on the report, I paused my writing to go back and find the last two flags. I knew if I didn’t get them, they would haunt me every night after the exam! I just had to do it.

Finally, I captured those last two flags. Getting 14/14 flags was incredible, especially since this was my first time taking a practical exam like this.

It was an amazing exam, it taught me a lot.

How I Handled Reporting

Writing the report taught me what real-world pentesting is like. Reporting isn’t “fun,” but it’s necessary.

• Top Tip: Fill out the report as soon as you find a vulnerability. Do not wait until you get to flag 12. By the end of the exam, your brain will be “fried.” If you write as you go, you won’t forget the small details.
• I used Sysreptor for my reporting.
• Resource: This article by Bruno Rocha Moura helped me immensely.

The Final Boss: Failing My First Attempt

HTB is very strict. I failed my first attempt because it was my first time writing a commercial-grade report. I spent 3 days polishing it, but a few weeks later, I got the email: There is room for improvement.

My walkthrough was the issue—screenshots and commands were unclear. HTB wants:

• An executive summary.
• Detailed findings with clear evidence.
• Accurate risk ratings.
• Specific fixes for the target.

On my second attempt, I started from scratch. Since I had detailed notes from the exam, it was quick to replicate the attacks. This time, I took very clear screenshots and added detailed captions.

The Win

In less than a week, I got the email: “Congrats on becoming a Certified Penetration Testing Specialist! 🎓” It was the best moment of my life. I was taking a shower, saw the email, and literally jumped out of the bathroom to celebrate! It felt like I finally beat the game.

I want to give a huge thanks to a senior who gave me a VIP+ account and great advice on reporting. He really helped strengthen my thinking process.

Thanks for reading! I hope you are doing what you love. May you get everything you wish for.

“As long as you live, continuously learning!”

My next destination would be Burp Suite Certified Practioner! mark my words xD.