Certified Penetration Tester Specialist

I just got passed CPTS!!

Even though I didn’t complete it on my first take, I conquered it on my second. On my first attempt, I struggled a lot with troubleshooting and went deep into a few rabbit holes - ended with 5 flags.

On my second take, despite catching a fever (probably from the weather and lack of sleep 😅), I pushed through and finished strong with 7 flags.

This certification was one of the toughest I’ve taken so far, but I’m beyond thankful for the experience and the lessons it taught me.

Tips that helped me:

1. Finish the module path.
2. Do the AEN and practice Sysreptor for reporting.
3. Practice pivoting with Dante ProLabs.
4. Prepare a Tools Directory so you know where to pull from when using Evil-WinRM.
5. I used Ligolo for pivoting - made it so much easier.
6. I didn’t use the Sliver C2 framework; instead I added a user with admin access and enabled RDP to access the machine when needed.
7. Always check important directories.
8. Always check if there is an IP in the 172.x.x.x range during recon - it often hides internal/subnet targets.
9. Always take notes.
10. If you’re stuck for days, step outside, get fresh air, and clear your mind before jumping back in.
11. If an IP isn’t pingable, take that as a sign to rest - it’ll usually be reachable after a few minutes.
12. Always take a snapshot of your VM.

Note: I think this will be my first and last certification for 2025, and I’m hoping to pass OSCP or CRTO next year!