I Tried The HackTheBox Certified Pentester Exam

Рет қаралды 131,599

Күн бұрын

Пікірлер: 218

@dimitriosbougioukas6150 Жыл бұрын

John's skillset is both broad and deep. There is nothing to be afraid of regarding the exam. It simulates real-world situations and some critical thinking is, of course, required. Just don't try it while moving places/driving across the country, like John did etc. 😋

@rodnet2703 Жыл бұрын

I failed my first attempt with 20 points. Passed second with 100 points. I made the same mistake of taking time for granted and thinking it was going to be a walk in the park in my first attempt. The second attempt I pretty much took a week off of work and dedicated the entire time to the exam. And even then I submitted the report with 4 hours to spare. The exam is hard. The report is EXTRA hard. But at the end of the day it’s been the best exam I’ve ever taken. I truly felt accomplished passing the CPTS.

@peternavarroiii3944 Жыл бұрын

Could this be done not having to take any time off of work? I'm sure that's why they are giving 10 days.

@rodnet2703 Жыл бұрын

@@peternavarroiii3944 Yeah if you don’t have kids it might be doable. After work if you dedicate about 6 hours to the exam every day. Or if you’re like bmdyy and are already an expert in the field you might not need to take time off. But I’m a SysAd, so it was a bit harder for me. You could attempt the exam on a Friday. That way you have 4 full days (Saturday and Sunday) of test time

@peternavarroiii3944 Жыл бұрын

@@rodnet2703 Oh I see, yea I'm an IT systems analyst so this be pretty difficult for me as well. Now that you mention it I am expecting my first newborn in the next two months lol so maybe I should take the course but hold off on the exam for a few months and just study and wait when it's the right time.

@rodnet2703 Жыл бұрын

@@peternavarroiii3944 Newborns are really hard. It’s time consuming work. You won’t have a lot of sleep for the first 6 months. Maybe more. I’m not sure I would recommend the exam during that time. The exam is really stressful. You could be stuck for days in the exam trying to figure out the next step. It’s not like OSCP where if you’re stuck you can rotate to another machine. In CPTS if you’re stuck you figure it out or fail.

@peternavarroiii3944 Жыл бұрын

@@rodnet2703 thanks for the advice. This is my first newborn so I don’t know what to expect.

@claudiamanta1943 9 ай бұрын

10:57 Of course their certificates never expire. For two reasons: 1. The training paths are continuously assessing attitudes. 2. The knowledge foundation is solid. Man, I absolutely LOVE things well made! 🤓🥰

@LonesomeSoliloquy Жыл бұрын

You've taught me more about pentesting and programming in a short amount of time than I've learned ever before, mainly just by making it interesting. So, regardless of the experience you have, the way you present your content makes it enjoyable to learn things that otherwise can be hard to focus on.

@CesSanchez Жыл бұрын

I appreciate so much the honestity on stating that this is a promotional video. And I'm happy you are back on youtube, doing what we love to see :)

@joeldyer7277 Жыл бұрын

Took me 2 attempts before I passed on my third. It was a great experience and really enjoyed how the exam was set up. Having taken OSCP previously and passed that exam, I felt personally this was a step up in both contents and in the report writing elements. Would love to see more exams of this calibre.

@thehundaltech Жыл бұрын

Is it even tougher than OSCP?

@NahImPro Жыл бұрын

Wow this is wild a step up from OSCP?

@hnielsen123 Жыл бұрын

@@NahImPro haha I mean the oscp is 24 hours and this is 10 days so that makes sense. It'd be wild if this was easier AND they gave you 10x the time to do it

@joeldyer7277 Жыл бұрын

@@thehundaltech OSCP feels tough because of the added time pressure (24 hours), in my experience. It's also a different exam experience, the exam machines are all independent with the exception of the AD set. With CPTS, it does simulate a real-world network and does a really good job of testing you on the course modules. I think the 10 days is a good time period for this, emulates what you would expect in a real-world pen test (I'm not a pen tester - so correct me if I'm wrong!), and gives you downtime to recharge your brain and plan your next move. I follow John and Ippsec and from their channels, I've learnt a lot from them and this is what pushed me towards this exam, and no one should be disheartened from attempting it. Outside circumstances can factor in (my 2nd attempt was foolishly taken over Christmas week) but the hard work will pay off.

@_CryptoCat Жыл бұрын

Damn, this video got me pumped to do CPTS... and I've already done it 😂 As you said it's a great course + exam but not easy. Then again, anybody familiar with HTB probably doesn't associate it with the word "easy". Hopefully you do the exam again and if so, good luck! 🤞

@ThePredator315000 Жыл бұрын

I can 100% relate, easy in HTB does not mean easy (required to be seasoned as a beginner)

@scoopet Жыл бұрын

How much do you need to know about pen testing to attempt the CPTS. I'm pretty much a complete beginner and am just doing the basic HTB boxes. I'm obviously not thinking about it yet, but wonder how good do you need to be to even sort of understand whats going on. Thanks to anyone that replies lol

@nikitaastashenko2328 6 ай бұрын

@@scoopethey bro. How is your HTB journey going?

@JakeL-wr7xr Жыл бұрын

This is a great review. I'm glad I saw this. I currently just started the academy since its really the cheaper version of the modified OSCP course. So far they've really been hard on on two things and thats documentation and information gathering not only externally but internally as well. It seems as if they want to train students to really have that attention to detail when searching for vulnerabilities inside the network. Its everything you've been saying, its a lot of reading so anyone thinking about doing it - take good notes.

@21y4d Жыл бұрын

Thanks John for the great review, and for the great video as always 😄 I would add that it is important to remember that even though the exam is very challenging, the path absolutely prepares you for it and is the only resource needed to pass the exam. Many also don't know about the "Information Security Foundations" path, which contains 12 introductory modules completely free of charge. This path is meant for absolute beginners in the InfoSec field, such that anyone can start pursuing CPTS regardless of their current level, and can complete many modules without paying a penny 🔥 Good luck everyone!

@yaboy7120 Жыл бұрын

thank you I didnt know about the free version 🙂

@hashaamiftekhar Жыл бұрын

This made me confident. I'm currently a beginner practically but theory wise I'm okay. So after watching John's review about CPTS I'm definitely gonna practice harder to take this medal. Even tho I haven't took this cert yet but still I want to point that whatever the case maybe, whether it's CPTS, OSCP, eCPPT, PNPT or any other cert, they are not just HARD. They just want you to try your best on fundamentals because every advance thing is just basically the mixture of different fundamentals.

@andreasmoser9355 Жыл бұрын

I just got started with the HTB Academy and must say that when it comes to Penetration Testing, I'm still at the beginning. Yet, my goal is to take the exam in one year. I know its gonna be quite a hard road, but I think if you really want it, its possible! Thanks John for another awesome video - I already learned alot from your THM walkthroughs!

@PenTest3r Жыл бұрын

Can I add you on HTB? ( if yes my name is already on my profile)

@dylanlevi3574 11 ай бұрын

Did you take the exam?

@SeaTekMonstroso Жыл бұрын

Thanks for sharing your experience. Seeing the people we look up to fail occasionally makes us feel much better about our own setbacks. I'm surprised that the first OSCE3 holder doesn't consider themselves a pentester though.

@AUBCodeII Жыл бұрын

Wait, John's the first OSCE3 holder? How do you know that?

@richmondowusu7337 Жыл бұрын

@@AUBCodeII was here to ask the same question? That's a hell of achievement if it's true

@edwardbrooks5860 Жыл бұрын

Pick better people to look up too

@edwardbrooks5860 Жыл бұрын

Jk🤣🤣🤣 I have some issue where the most dickish thing to say is the first thing that comes to mind. I do agree with you and have struggled with imposter syndrome for years...but I really am kinda faking it 😂

@ExcedriinGB Жыл бұрын

@@AUBCodeII he has a video where he got an email from the CEO of offensive security stating that he was the first

@jasonturley Жыл бұрын

I’m about 15% done with the CPTS course content and this motivates me to keep going! Not looking forward to the report writing at all though lol

@tinoparsons3391 Жыл бұрын

From the time you buy the course did they force an exam date on you or was it for whenever you done with all the material?

@jasonturley Жыл бұрын

@@tinoparsons3391 The exam window does not begin until you redeem the exam voucher. So you are free to complete the course at your own pace essentially.

@randondude2274 Жыл бұрын

@@tinoparsons3391 there is no time limit to take the exam. you can learn as long as you want :)

@codermomo1792 7 ай бұрын

Hope you got it

@DJNuckChorris Жыл бұрын

Lots of respect for you man! Keep it up!

@seclilc Жыл бұрын

Omg I’m going through the material now, about 1/3 through, and now I’m both motivated and nervous. Let’s gooo

@Singsing-js9fl Жыл бұрын

hows u doin now?

@DiscomfortPioneer 4 ай бұрын

How was your exam?

@joshuavega2193 Жыл бұрын

Hey John! Try to give it a try to the CBBH too. It will be amazing to have a review for that one. I guess both HTB certs have an amazing intermediate level. And I hope that the industry will give them the recognition they deserve as some other certs that are out there.

@norvynhill Жыл бұрын

Hey, you are still leaps and bounds better than me and who knows whom else. So major props!

@QuickFixHicks914 Жыл бұрын

John! You were the chosen one!!! I failed the CBBH. I'm going to take it over. Good video!!!!

@nostalgicnow6001 11 ай бұрын

I know I’m no where near ready but you have me so excited 🙌🏾

@atticus3532 Жыл бұрын

I saw an interview with Naham or Chuck or something years ago with John, and I remember thinking that John Hammond needed a bit of upgrading on his youtuber voice.... years later, this dude is killing it

@jimcabezola3051 Жыл бұрын

Excellent, positive attitude! I envy you the adventure upon which you’ve embarked! Continued success!

@SquareZeroGaming Жыл бұрын

When People Click Enter EXAM in CPTS

@DiscomfortPioneer 8 ай бұрын

I love this comment

@Greg-us4rr Жыл бұрын

Yes, you inspired me and gave a good ideas for my future path of learning... :) Thanks a lot, have a great day!

@cracc_baby 6 күн бұрын

holy crap bro. if you failed then im doomed XD im like 70% thru the modules, having fun so far but im worried/excited about the exam!! im glad you pointed out the search box on the page, i never noticed that! got a bunch of bookmarks i mean hundreds

@custard131 Жыл бұрын

not sure if im glad i watched this or not, i just started the training for CPTS yesterday but knowing you failed when i also know you are way better at hacking than me isnt great for the confidence :p, there are some good sounding tips in there and the main thing is i need to make sure i have absolutely nothing else to do in those 10 days when i get up to trying the exam

@PenTest3r Жыл бұрын

Keep the faith 🦾

@eitancollett Жыл бұрын

it feels illegal to be this early, you make great content btw

@chrishears Жыл бұрын

INTENSE! Never seen John this flustered.

@jameshayes1987 Жыл бұрын

Would have been nice if you compared it to other entry/intermediate level certs in the same space like OSEP/OSCP/eJPT or others. Feels more like an ad read on a podcast personally.

@moezrr8046 Жыл бұрын

Cryptocat did a pretty good review on this exam if you'd like to check it out. He compares it to other exams and goes into a bit more detail

@jameshayes1987 Жыл бұрын

@@moezrr8046 Thanks! I will check that out.

@TehCrazyMike Жыл бұрын

As a beginner, I hope to one day watch this video and understand more than 10% of the words you said.

@romanxyz7248 Жыл бұрын

I was literally you 3 years ago.

@0xhhhhff Жыл бұрын

@@romanxyz7248how are you now

@romanxyz7248 Жыл бұрын

@@0xhhhhff Sorry for late reply. I am currently a CRTO and eJPT v.1 holder. I am also currently studying everyday to improve me more and more.

@0xhhhhff Жыл бұрын

@@romanxyz7248 epic. Got any CVEs? Or jobs? Where do you fall on the job market

@claudiamanta1943 9 ай бұрын

The fact that you can estimate that you don’t know 90% of the information is an invaluable skill.

@chucksgarage-us 10 ай бұрын

Friggin' AWESOME review!

@4k4gentleman Жыл бұрын

HTB always will be the medecine of our ego as hackers.

@elmergardner Жыл бұрын

Thanks for sharing your open and honest experience

@Boiga. Жыл бұрын

And here I am shitting myself for my CompTIA Security + exam on Friday! Pentesting is where I want to end up, one day..... Thanks for the run through! :)

@tinoparsons3391 Жыл бұрын

I wanna take the security + too do you have any online sources to study from ?

@Boiga. Жыл бұрын

@@tinoparsons3391 I some how managed to pass.... I used Prof Messer on here, Jason Dion test exams on Udemy and the r/compTIA reddit are all brilliant places to get started :) good luck with your adventure.

@_SebJ1000 Жыл бұрын

You did great John to make it that far, I know you are going to pass one-day, I want to learn more before I go and take the exam - I at the moment am way under-skilled I am just one of those kids who looks through the school computer for vulnerabilities (So that when I leave the school I can tell them things that they might be able to fix to make them more secure haha.) But You did well anyway John - Maybe next time don't move during it haha.

@AA-mc5il 5 ай бұрын

Every now and then I go to listen to other channels but maaan they don’t explain shit like u do So thanks!! 🖖🏾

@jolt06 Жыл бұрын

I'm currently going through it and streaming my progress. I have taken the cheatsheet and made additions and notes to it for my personal use. But the course is great.

@syntaxastral Жыл бұрын

Can I get your contact?

@jolt06 Жыл бұрын

@@syntaxastral you can reach me through dms

@syntaxastral Жыл бұрын

@@jolt06 you have discord?

@jolt06 Жыл бұрын

@@syntaxastral I don't

@labgeek1559 Жыл бұрын

I like the honesty!!

@JuanBotes Жыл бұрын

Thanks for the honest review appreciate your great content \o/

@BramSLI1 Жыл бұрын

I'm a third of the way through the course and I'm hoping to take the exam by the end of May. I'm working full time as Service Desk Level 2 tech, so there's not much time for studying. From what I've seen so far in the material, it's definitely intermediate level. I went through Try Hack Me's ethical hacking course and it's not even close. This is far more thorough than anything else I've seen. I went through the free version of INE's penetration testing course and it didn't prepare me for that exam at all and I failed it twice. I don't think I'll take it again until I pass Hack the Box' penetration testing exam. I'm sure I'll find it to be much easier once I do take it again. Hack the Box really is the best way in my view to get hands on with learning this material.

@bmdyy Жыл бұрын

Mission failed, we'll get em next time

@lout9231 Жыл бұрын

Waaaaay ahead of where I currently am but sounds like something to aim for!

@joshb5500 Жыл бұрын

Let's get a full retry review when ur not driving X country lol . Kudos for stepping to the plate under the conditions you chose tho!! 👊👊

@HadiALHalbouni 8 ай бұрын

Can you please make a comparison video between it and the OSCP?

@ShinigamiGrin Жыл бұрын

Wow, if it's hard for you, with all the certs that you got, including the triple offsec, I can't even imagine what kind of hell this is. I wish so hard to get it some day, I'm trying so hard, but time is my biggest enemy..

@Jebly_5555 Жыл бұрын

I just did one of the starting point aws boxes and wanted to die so it's good to know that feeling never goes away lmao. I will be working hard towards this cert in the coming years.

@weniweedeewiki.6237 Жыл бұрын

Its next on my exam list...Got my CCNA first tho.. just gives the cert more credibility I think retake next john?

@JohnJohnson-ch6xq 11 ай бұрын

It's time to go for the CPTS 🎉

@bulhack Жыл бұрын

Having CPTS to a beginner is such a blessing! People have to understand just how amazing opportunity this is for newcommers to learn and get certified in a non-predatory (offensive...*cough*) way

@StrangeKvol Жыл бұрын

Well, I'm hooked! Complete noob so gonna have to study a lot of basic stuff before I try this out, but super motivated! Do HTB offer any similar certs or was this the first?

@CYBIRD0fficial Жыл бұрын

You can do it . Go for it again with more preparation

@zanidd Жыл бұрын

Alright, Time to try this exam, so I can make a click-bait video called "I'm a better hacker than John Hammond" :P

@slipperyRat-e4q Жыл бұрын

Thanks John, appreciate the honesty... Its still outa my reach to do this at the monent.. I need to work more thru HTB alot before I even delve into thinking abotu the exam.

@PenTest3r Жыл бұрын

Can I add you on HTB? ( if yes my name is already on my profile)

@sinwolf5539 Жыл бұрын

Awesome Video !!!

@typhoonf6 Жыл бұрын

I'm 50% through the pentest path on academy and am aiming to do the CPTS within the next month or two. I'm glad you made this cause now I know I need to concentrate a little more on learning proper report writing techniques. Have you done Dante or any other prolabs? How does the CPTS environment compare?

@peternavarroiii3944 Жыл бұрын

This sounds pretty cool. How does one practice on writing up a report if you have never done one before?

@ATLuh Жыл бұрын

How would you compare this to the OSCP?

@brypleb5792 Жыл бұрын

I don’t know how he would compare it, but I have heard many say in KZbin reviews, and on the hackthebox discord that they consider the CPTS significantly harder than the OSCP. I also believe that John would say the same based off of this video. I plan on taking both this year, so I will see first-hand soon

@_JohnHammond Жыл бұрын

I haven't taken the "new" OSCP that includes Active Directory but I do live with and work with people who have taken the new one -- CPTS is certainly harder than the OSCP that I took in 2018, and I would have a hunch that is still more difficult than the "new" OSCP.

@innerfire369 Жыл бұрын

This cert need to be rated higher on the certification table…

@ltnlabs Жыл бұрын

Next time you take it go through the entire Penetration Tester job role path first. The skills developed in those modules are important.

@JeffNoel Жыл бұрын

Super interesting. This seems like a serious step up from OSCP. I'm pretty much halfway through the modules and it's a big brick to go through, text-wise

@dyepedmusic Жыл бұрын

I also failed 💀

@xAgallochx Жыл бұрын

hey there, when did you take the exam?

@PenTest3r Жыл бұрын

❤️🦾

@ThePredator315000 Жыл бұрын

I failed, before knowing the full story. I was in utter shock.

@TAPCybersec Жыл бұрын

Nice hoodie!

@thehundaltech Жыл бұрын

Is it even tougher than OSCP?

@brypleb5792 Жыл бұрын

from what i've heard, yes.

@_JohnHammond Жыл бұрын

In my opinion, yes

@Kamduras Жыл бұрын

Thanks for video. Do you recommend to do a prolabs like Dante before exam ?

@ohmsohmsohms 9 ай бұрын

Yes

@RandomlyDrumming Жыл бұрын

Hi John, I was wondering what is your opinion in regards to how comparable in terms of difficulty CPTS is to PNPT, since they are very similar?

@cyberneurovirus2500 Жыл бұрын

They are completely different. PNPT is not bad but is not comparable. TCM Security is not HackTheBox, regardless of who it may concern.

@RandomlyDrumming Жыл бұрын

@@cyberneurovirus2500 Completely different? Maybe I'm missing something, but both PNPT and CPTS exams give you multiple days to crack the perimeter and gain an initial foothold, then pivot through multiple machines on the network evading AV and other security mechanisms, and finally compromise the DC and achieve persistence. Both also require you to write a report and do a live debrief where you have to explain your findings. To me it sounds they are pretty comparable. Maybe CPTS covers a bit more, but I'm not sure how much more.

@cyberneurovirus2500 Жыл бұрын

@@RandomlyDrumming when I speak about CPTS being similar or not to PNPT I mean everything. From modules and subjects quality to exam report. I tried both and I can say CPTS is worthy than PNPT if you want to learn more and better. Just my opinion. You can have infinite ways to break in an internal network from external, but it does not mean that one cert is comparable to the other.

@cyberneurovirus2500 Жыл бұрын

Needless to say the size of the CPTS lab and the PNPT one

@RandomlyDrumming Жыл бұрын

@@cyberneurovirus2500 OK, I understand now what you mean. Thanks.🍺

@CB-RADlO-UK Жыл бұрын

you are the best keep going

@hakitajs9669 Жыл бұрын

Jey, Lets Crack the hack.

@thatoneguywithtwothumbs Жыл бұрын

How well does the course prepare you for the actual test.

@MNIU_ 8 ай бұрын

Why do they say certified Pentester if you’re not certified ? But you received a certificate ? Bc it’s only their certificate right it’s not and industry cert?

@rationalbushcraft Жыл бұрын

Okay if you failed then it must be a really good class.

@fahdalawsi2172 Жыл бұрын

Can I start this certification as my first pentest certification? I have definitely studied some courses such as security+ and eJPT but didn’t take any exam yet. Now I am studying hack the box pentesting path but now you made me rethink about it.

@Da-el8nc Жыл бұрын

Hi @fahdalawsi2172, I'm starting right now, I'm very interested in knowing how it went, I don't have experience in pentesting either but I really want to achieve it

@repairstudio4940 Жыл бұрын

Great I was considering this and this is frankly worrisome 😐... @John Hammond failed?!

@labgeek1559 Жыл бұрын

sounds like the OSEP for 10 days?

@wwdevil8771 Жыл бұрын

Thank you!!

@joel9909 3 ай бұрын

When the sage tells you to "sit your a$$ down" to write the exam, you do just that

@AnokataHD 4 ай бұрын

Please do review of the defence one from htb

@ianberdahl108 Жыл бұрын

New goal!!!!

@erekthus Жыл бұрын

After passing, what salary expectations and title equivalent?

@patrickdee7365 Жыл бұрын

Would anyone say that passing the CPTS means passing the OSCP too?

@brypleb5792 Жыл бұрын

Yes, thats what i've heard from people that have taken both on youtube reviews and the hackthebox discord. CPTS is harder and covers everything from OSCP and more except for the buffer overflow. However buffer overflow is just an optional attack vector on one of the OSCP machines nowadays, and there is a binary exploitation skill path on hackthebox academy although it is not part of the CPTS learning path.

@ee79bb3a7 Жыл бұрын

@_JohnHammond if you would have to compare it with let's say OSCP? Is the content similar? Does it have same 'credibility'? etc.

@patrickFREE. 4 ай бұрын

What was the most hardest Certification?

@dedkeny Жыл бұрын

Effective angle they took eluding to the intensity of the exam through public figures; I'm compelled to do this and my career has nothing to do with cyber security.

@defkrogeldiz3197 11 ай бұрын

HTB pentester path in academy is not 40 hours of content. It takes 40 full time days to complete it. Not hours.

@whitenoiseopera5749 9 ай бұрын

Depends on how much you already know honestly it's different for everyone

@defkrogeldiz3197 9 ай бұрын

@@whitenoiseopera5749 on the htb academy website it says 40+ days

@michaelhofmann2925 Жыл бұрын

Hi, I'm asking for advice here. I'm following this course in hope to move from appsec Engineer to junior pentester. Do you think this course is appropriate ? And why? I'd love feedback from experienced pentester who have done this cert and know what is required for a junior pentester (in Europe).

@edwardadonis6825 Жыл бұрын

How much does the exam cost?

@PenTest3r Жыл бұрын

Price is on HTB

@PenTest3r Жыл бұрын

Price is on HTB

@_AN203 Жыл бұрын

Is there a place to be able to freely read a professional report ?

@PenTest3r Жыл бұрын

Ask to a professional for an example

@_AN203 Жыл бұрын

@@PenTest3r I wish... But I don't know the place or the people.. So... Back to the main question..

@claudiamanta1943 9 ай бұрын

I am a total noob, but all my life I have written reports. In my opinion, it’s less about the actual format, and more about the things it must include. The report is the culmination of the pentesting process. Why does a cyber specialist even do this test? Ultimately, it’s for the respective organisation to become aware of their systems’ vulnerabilities and to address them. Therefore, I believe that the report must contain: - The explicit purpose of the test (the *what for*) - The explicit remit of the tester and limits of what is tested (the *what*) - The method(s) of testing (the *how*) - The findings (what are the *vulnerabilities* and what are the *foreseeable consequences of leaving the risks not mitigated* to the maximum possible extent, from economic- financial, legal, and reputation perspectives) - The recommendations for remedial actions. Write the report as you would explain to your former self before learning anything about cyber thingies. Include links to trusted sources (Mitre Att&ck, legislation, publicly available reports of lessons more or less learnt following breaches, models of good practice) to support your analysis and help them learn more (which is both highly preventative and respectful to them). As you can tell, I already know everything (my modesty is proverbial amongst those who know me 🧐) but yeah, ok, any thoughts would be greatly appreciated (seriously).