CPTS

HackTheBox

HTB Certified Penetration Testing Specialist

Advanced Practical 10-day exam + professional report Pass: Passing report $210

Comprehensive practical exam covering the full pentest lifecycle. Requires professional-grade report writing.

Official Page

IssuerHackTheBox

FormatPractical 10-day exam + professional report

Duration10 days

Pass ScorePassing report

Overview Syllabus (8) Tools (7) Cheat Sheets (2) Labs (1)

Recommended Tools

BloodHound Essential

Active Directory

AD attack path analysis

installsudo apt install bloodhound

usagebloodhound-python -d domain.local -u user -p pass -c all

CrackMapExec Essential

Active Directory

AD swiss army knife

installpip3 install crackmapexec

usagecme smb 10.10.10.0/24 -u user -p pass

Impacket Essential

Active Directory

AD protocol attacks

installpip3 install impacket

usageGetUserSPNs.py domain/user:pass -dc-ip DC_IP -request

ffuf Essential

Enumeration

Web fuzzer

installsudo apt install ffuf

usageffuf -u http://target/FUZZ -w /usr/share/seclists/Discovery/Web-Content/raft-medium-directories.txt

Gobuster Essential

Enumeration

Dir/DNS brute forcer

installsudo apt install gobuster

usagegobuster dns -d domain.com -w subdomains.txt

Nmap Essential

Enumeration

Network scanner

installsudo apt install nmap

usagenmap -sC -sV -p- --open -oA scan target

Evil-WinRM Essential

Exploitation

WinRM shell

installgem install evil-winrm

usageevil-winrm -i target -u user -p pass

Metasploit Essential

Exploitation

Exploitation framework

installsudo apt install metasploit-framework

usagemsfconsole -q

Hashcat Essential

Password Attacks

Password cracking

installsudo apt install hashcat

usagehashcat -m 13100 hashes.txt rockyou.txt

Chisel Essential

Pivoting

HTTP tunneling

installgo install github.com/jpillora/chisel@latest

usagechisel server -p 8888 --reverse

ligolo-ng Essential

Pivoting

Layer-3 tunneling

installgo install github.com/nicocha30/ligolo-ng/cmd/proxy@latest

usage./proxy -selfcert; ./agent -connect attacker:11601

LinPEAS Essential

Post-Exploitation

Linux privesc enum

installcurl -L https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh -o linpeas.sh

usagebash linpeas.sh

WinPEAS Essential

Post-Exploitation

Windows privesc enum

installDownload from github PEASS-ng

usagewinpeas.exe

Burp Suite Essential

Web Attacks

Web proxy

installDownload portswigger.net

usageConfigure proxy 127.0.0.1:8080

SQLMap Essential

Web Attacks

SQL injection automation

installsudo apt install sqlmap

usagesqlmap -u "http://t/?id=1" --dbs --batch