May 22, 2026

HackTheBox CPTS Exam Review & Tips

Adrian Reategui
Share
HackTheBox CPTS certification exam review and tips.

I recently passed the HackTheBox CPTS certification, and here are my honest thoughts.

The course material

As you probably already know, completing every module in the Penetration Tester path is required before you can sit the exam. From my point of view the material is solid, it gives you a strong foundation for getting into penetration testing, and if you’re already comfortable with the core concepts it works well as a structured refresh where you might still pick up something new. Whether it compares to OffSec’s OSCP material is a fair question, and I think the answer is that they complement each other. Either way, the content is dense. That’s not a criticism, it’s just the reality of the scope it covers.

What background do you actually need?

The exam is built around the techniques covered in the modules, and there are a lot of them. That said, having some experience solving machines without write-ups genuinely helps. Not because the exam goes beyond the course, but because you’ll naturally start building mental scenarios for how to approach each host and more often than not that intuition leads you down the right path and keeps your workflow clean. Sometimes you’ll attempt an attack you’ve done before and it just clicks. That comfort level makes a real difference under exam conditions.

What the exam actually felt like

Ten days sounds like a lot. Whether it is depends entirely on where you’re at. I had done plenty of machines on HackTheBox and went through all of Season 10, but the exam still humbled me. I hit a complete mental blank and spent the first six days without a single flag. On day seven I managed to compromise roughly half the environment but ran out of steam and fell short of the passing threshold, so I had to use my second attempt. Going in with a clearer head the second time around I finished the remaining half in about two days.

Looking back honestly, with better focus and following my own notes properly I could have cleared the whole thing in around four days, assuming eight solid hours a day. That’s on me.

Things that actually helped

  • Enumerate hard. If you land on a web application, try different wordlists, be patient with scans. This is an exam, things aren’t supposed to reveal themselves in thirty seconds.
  • In Active Directory environments, a variety of tools will save you. BloodHound is exceptional, but you know how HackTheBox works, it won’t always be straightforward. bloodyAD specifically will save your life more than once.
  • With AI solving everything these days, my advice is to not use it to solve the exam or automate enumeration. If you know how to exploit something but need a script or need to fix a PoC, then using AI to work smarter with your time is fine. But let the solving be yours.
  • If you forget how something works, go back to the course material. Some common attacks won’t land the way you expect, but what’s explicitly covered in the modules around a specific topic will.
  • Use Sysreptor for the report. The structure is different from a typical write-up but it’s not complicated once you get the hang of it. I’d recommend using AI to polish your writing, not to write the report for you, and always review any changes it makes carefully, you never know when it’s going to hallucinate.
  • If something isn’t working, don’t bang your head against it until you burn out. Step away, rest, come back and think through what might be failing and what other paths exist.
  • Don’t stress about which flags are worth more points. By the time you’ve captured them it won’t matter and you’ll realize it was irrelevant the whole time.
  • The environment is designed to feel realistic, but not entirely. Expect to bypass some protections from the very beginning, that’s part of it.

What I actually took away from it

Definitely some techniques I hadn’t seen before alongside things I already knew well. More than anything, working through the exam reinforced how I approach enumeration, digging deeper and going wider before jumping to exploitation. That shift in patience is probably the most practical thing I’m leaving with.

Final thoughts

The exam is genuinely interesting. You learn things the hard way or the easy way, that’s just how HackTheBox works. A lot of people say that passing the CPTS means you’ll pass the OSCP, and there’s probably something to that given how much overlap exists between the Penetration Tester path and PEN-200. But from my perspective, doing some machines on Proving Grounds before attempting the OSCP is worth it, not for the difficulty, but to understand what to expect from that exam format specifically.

To conclude, the exam it’s worth doing. Just go in with the right expectations.

HackTheBox CPTS Exam Penetration Testing

Table of Contents