The Certified Penetration Testing Specialist (CPTS) is an advanced, fully practical certification exam created by Hack The Box (HTB). Unlike multiple-choice tests that measure rote memorization, the CPTS exam is a 100% hands-on assessment.
It is designed to simulate a real-world internal penetration test. Candidates are given access to a corporate network (via a VPN connection) and must enumerate, exploit, and pivot through several machines to reach a final objective (often referred to as the "Domain Controller" or "flags").
Key differentiator: The CPTS exam focuses heavily on Active Directory (AD) attack paths, misconfigurations, and post-exploitation techniques.
Before attempting CPTS, you should be comfortable with the following:
The Certified Penetration Testing Specialist (CPTS) is a practical certification that validates your ability to perform network penetration testing at a professional level. Unlike multiple-choice exams, CPTS is 100% hands-on.
No article about the CPTS exam would be complete without comparing it to the Offensive Security Certified Professional (OSCP) , the long-standing king of practical pentesting certs.
| Feature | CPTS (Hack The Box) | OSCP (OffSec) | | :--- | :--- | :--- | | Price | ~$400 | ~$1,600 (with 90-day lab) | | Exam Duration | 10 days (240 hrs) | 24 hours + 24 hrs report | | Active Directory | Heavy focus (complex chains) | Moderate focus | | Report Writing | Professional template required | Strict, detailed requirements | | Difficulty | High (AD-focused) | High (time pressure) | | Recognition | Growing rapidly | Industry standard (HR favorite) |
Which one should you choose?
The exam blueprint covers the entire penetration testing lifecycle. To pass, you must demonstrate proficiency in:
The failure rate for the CPTS exam is high (estimated 60-70% on the first try). Here is why:
The CPTS exam is arguably the most rigorous, realistic, and cost-effective penetration testing certification available today. It prioritizes raw skill over financial privilege. While it lacks the HR recognition of the OSCP, it more than makes up for it in technical depth, specifically regarding Active Directory attack paths.
If you want to be a penetration tester who can actually hack—rather than one who just reads about hacking—the CPTS is the mountain you need to climb.
Next Step: Go to Hack The Box Academy, purchase the "Penetration Tester" job role path, and start your first module today. Do not wait until you feel "ready." Start the lab, get uncomfortable, and hack your way to certification. cpts exam
Disclaimer: Exam structures, pricing, and syllabi change. Always check the official Hack The Box Academy website for the most current CPTS exam guidelines before purchasing.
The Hack The Box Certified Penetration Testing Specialist (CPTS) is a highly regarded, fully hands-on certification that simulates a real-world enterprise penetration test. It is often compared to the OSCP but is noted for its deeper technical breadth and longer exam duration. Exam Structure & Format The CPTS exam is a grueling, 10-day practical challenge:
Engagement Phase (10 Days): You are given 10 days of unrestricted access to a dedicated lab environment containing multiple subnets and a simulated corporate network.
Points & Flags: There are 14 flags to collect, but you only need 85 points (typically 12 flags) to pass, provided you submit a high-quality report.
Reporting: After the 10-day lab access, you must submit a commercial-grade penetration testing report detailing your findings and remediation steps.
Non-Proctored: Unlike the OSCP, the CPTS is not proctored, reducing some psychological pressure but requiring immense self-discipline. Difficulty and Technical Breadth
Reviewers frequently describe the exam as "brutal" and a "test of persistence".
Comprehensive Material: The exam covers the entire Penetration Tester Job Role Path at HTB Academy, including web attacks, Active Directory, pivoting, and privilege escalation.
Pivoting is Critical: Mastery of pivoting tools like Ligolo-ng is often cited as the most common point of failure, as the exam requires moving through multiple internal network segments.
Realistic Rabbit Holes: Unlike standard CTFs, the environment includes realistic misconfigurations and intentional rabbit holes that require deep enumeration to bypass. Community Perspectives
“CPTS is absolutely THE beginner/intermediate pentesting cert. The attacks aren't overly difficult, but the breadth of the topics covered isn't anything close to what OSCP covered.” Reddit · r/hackthebox · 10 months ago
“No flag was easy or straightforward. I got stuck multiple times for half a day trying to get a technique to work that had worked easily in labs.” Reddit · r/hackthebox · 6 days ago Expert Preparation Tips The Certified Penetration Testing Specialist (CPTS) is an
Master the AEN Module: The Attacking Enterprise Networks (AEN) module is considered the closest simulation to the actual exam. Completing it "blind" (without hints) is highly recommended.
Use the HTB CPTS Track: Hack The Box provides an official CPTS Track on their main platform with 16 machines designed to bridge the gap between Academy modules and the exam.
Prepare Your Report Template: Do not wait until the end of the exam to start your report. Many students use tools like SysReptor to populate findings and screenshots in real-time.
Focus on Enumeration: When stuck, the consensus is to return to enumeration. "Think dumber" and don't over-complicate initial access. If you'd like more details to help you prepare, tell me: Your current experience level with penetration testing. If you've already started the HTB Academy path. If you have a specific target date for the exam.
The Certified Professional Technical Speaker (CPTS) designation is one of the most respected credentials for professionals who bridge the gap between complex technical knowledge and effective communication. Whether you are an engineer, a developer, or a data scientist, earning this certification proves you can command a room and translate "geek-speak" into actionable insights.
Here is a comprehensive guide to everything you need to know about the CPTS exam, from preparation strategies to the core domains covered. What is the CPTS Exam?
The CPTS exam is designed to evaluate a candidate's ability to design, develop, and deliver technical presentations. Unlike general public speaking certifications, the CPTS focuses specifically on the challenges of technical communication, such as managing live demos, explaining intricate architectures, and handling high-level Q&A sessions with subject matter experts. Core Domains of the Exam The exam typically breaks down into four primary pillars: 1. Instructional Design for Technical Content
This section tests your ability to structure information logically. You’ll need to demonstrate how to:
Perform a needs analysis for different audience levels (e.g., C-suite vs. DevOps).
Create learning objectives that align with technical outcomes.
Organize complex data into a "story" that maintains engagement. 2. Visual Aid Development
Technical speaking often relies heavily on slides and diagrams. The exam covers: Best practices for data visualization. Simplifying complex architectural diagrams for clarity. The ethical use of AI-generated content and copyright laws. 3. Delivery and Platform Skills Before attempting CPTS, you should be comfortable with
This is the "performance" aspect of the exam. Candidates are tested on: Vocal variety and body language.
Managing "The Curse of Knowledge" (avoiding over-technical jargon).
Handling technical glitches, such as failed live coding or hardware issues. 4. The Business of Technical Speaking For those looking to go professional, the exam includes: Understanding contracts and riders. Marketing yourself as a technical authority. Ethics in technical consulting. Preparation Strategies
Success in the CPTS exam requires a mix of theoretical study and practical application.
Record Yourself: Most candidates fail not because they lack knowledge, but because of "filler words" or poor pacing. Record a 10-minute technical talk and critique it using the CPTS rubric.
Study the Standards: Familiarize yourself with the latest trends in adult learning theory (Andragogy) and cognitive load theory.
Practice "The Pivot": Be prepared for questions that go off-track. The exam often simulates difficult audience members to see how you maintain control. Exam Format and Logistics The CPTS exam is usually a two-part process:
The Written Component: A multiple-choice or short-answer exam focusing on theory, ethics, and design.
The Performance Component: Many boards require the submission of a recorded presentation or a live virtual session that is graded by a panel of existing Certified Professional Technical Speakers. Why Pursue the CPTS?
In a world where technical skills are becoming a commodity, communication is the true differentiator. Holding a CPTS title can lead to: Higher consulting fees and speaking honorariums. Increased visibility within your industry.
Leadership opportunities, as you become the "bridge" between the technical team and the rest of the business.
Are you planning to take the CPTS exam for a specific industry, like software development or healthcare, so I can tailor some study tips for you?
The CPTS exam is not for beginners. You should only register for this exam if you fit one of these profiles:
Prerequisites: Solid knowledge of Linux, Bash/PowerShell, Networking (TCP/IP), and basic web application vulnerabilities (SQLi, XSS, LFI).
Help us localize this page