• HTB
  • Exam
  • Certification

CPTS Review


I have finally passed the Certified Penetration Testing Specialist exam provided by HackTheBox on 1st July 2026 with a score of 85/100! I’m very proud of myself, especially since this was my third attempt.

My first attempt was back in 2024. I took the exam mostly because I felt like trying it; I had a voucher from my HTB Academy subscription and figured that since I had two attempts, it would be good to just see how I did. I didn’t take any time off work during that first attempt and was still working close to 10-hour days, so I was cooked each time I even approached the exam environment. I made at least 50% progress overall but ultimately didn’t pass—and fair enough; I gave it a half-assed attempt. The second attempt was taken a month later, but this time I put my full focus into it and took time off work to accommodate the exam. I got 100 points in the environment and conquered every machine available; however, I still did not pass because of issues with my report. This included not redacting secrets, writing my attack summary as incomplete bullet points, and providing remediations that were not up to par. These were fair critiques, so it’s understandable why I failed. Having never performed a “professional” penetration test—regardless of passing other exams that require professional reports—I had never written one outside of an exam environment. For me, failing the report made a lot of sense because I have ZERO EXPERIENCE with this, so I wasn’t too beat up about it.

The third and passing attempt took a long time to come around. Frankly, investing more money and time into a certification is hard to justify when other bills and personal life events are happening. It’s not always possible to make the investment, and that’s just life sometimes. However, the time between attempts was not wasted; I spent time doing HTB machines fairly regularly when time permitted, as well as a few other short-term software development spikes for fun and learning. I can say with confidence that completing all the machines in the HTB CPTS Preparation track, while supplementing them with Ippsec’s YouTube videos and CPTS playlists, provides great additional learning to go along with the main CPTS course.

The exam environment was incredibly stable and was accessed from my machine using openvpn which, if you are already familiar with HTB, you’ll be pretty comfortable with. I had no issues with latency or machine responsiveness during my exam. HTB provides a really nice portal to interact with the exam environment, such as restarting the set of machines and submitting flags and your report at the end. It also clearly outlines the scenario and Rules of Engagement (ROE). While the flags are just proof of your work used to calculate the passing score, the report is the true deliverable and the ultimate goal of this exam.

I used Sysreptor to write my report because it has a template you can download that accurately matches what HTB expects upon submission. It saves you from having to pull apart the .docx template they provide, or worse, writing it in MS Word…

It’s hard to explain whether the exam is difficult or not. I think it’s equivalent to how HTB does it’s difficulty ratings where the rating scales up with how complex or how many steps are required to complete the box. In which case, this exam is tiers above legendary difficulty. However, saying that, anything in the course material is potentially exam content, so if you thought any of the content was hard, then the exam is hard, and vice versa.

So far, out of all the exams I have taken, this is my FAVOURITE exam! Not only was the examination process incredibly smooth, the course content leading up to it was incredible quality and depth, and to top it off, the exam itself was fun. It’s incredibly satisfying being able to step into an environment and utilise all the skills you’ve learnt and just continuously make progress. Even when the exam throws curveballs, they’re designed to get you to use the course content creatively to solve the problems.

I don’t know whether the certification is valuable yet, as I’ve still never been employed in penetration testing like I hope to one day, but I can say with absolute certainty that I’m proud I can pass an exam as thorough as this, and the course content is DEFINITELY worth the money. I got the silver tier annual subscription which gives you a couple of exam vouchers with the subscription which are transferable for whatever exam you want to take I think. The content is invaluable and hopefully the certification, CPTS, along with my existing PJPT and eJPT make me more desirable to employers.

If you are thinking of taking CPTS, I would absolutely say go ahead and do it; the skills are invaluable and machines on HTB will seem a lot easier for you with the skills learnt.

My plans now are to tackle the Certified Offensive AI Expert (COAE) exam offered by HackTheBox. I’ve been very fascinated by AI and the evolving security landscape in this regards, so that’s my plans for the next couple of months.