A Swing and a Miss

Time Was My Enemy

Hack the Box, in my personal opinion, has been making some of the greatest strides when it comes to upskilling the future cyber security workforce. Their curriculum is thorough, their exercises are hands on, and after taking their culminating Certified Penetration Testing Specialist (CPTS) Exam, I am nothing short of impressed at the level of integrity they hold their students to. That being said, preparation and determination are necessities to succeed once you undergo the Penetration Tester job role path. There is one other aspect that some may not consider in such high regard, however. The true factor to prioritize above all else, is time.

Preemptive Strike

I decided to sign up for a Silver Tier membership from HTB so I could gain the job role path curriculum, and a voucher with chance to retake the CPTS Exam upon its completion. At the time, I was still earlier in my cyber studies, and I struggled greatly with determining a discipline to specialize in. That being said, my lifelong learner brain was absorbing every knowledge nugget from every job role, all while trying to maintain work life balance with my current 7:30-16:00. I would do a few modules in the CPTS, and then learn more blue team skills for a while. Most times I was fighting for a job interview in-between and prioritizing my application time. If I'd have realized then what I do now, who knows... I may have had a different outcome.

The enemy of a self-study path is time. If you go into it thinking you can "study when you can," you may not retain the most you can from the curriculum. The true phrase, I've learned, is "study as you should." The world does not slow down for you just because you start school, or undergo a strenuous career change... if anything, it speeds up at an exponential rate. My mistake in the CPTS journey was overestimating the time I was allotted.

The Silver Tier membership is an annual $490, and provides free access to the level II courses including the entirety of the Penetration Tester job role path (necessary to take the CPTS Exam). Considering the financial struggles we all face in this horrible excuse for an economy, I did not have the budget for a renewal on that subscription. Realizing the time I had left (a little too late), I knew I had to kick my learning into fast gear in order to finish the path and take my test before the Exam voucher expired. The exam voucher is only valid for a year since purchase, and considering how much one costs alone, I couldn't simply let this one I purchased lapse. Thus began my CPTS attempt.

To adhere to the NDA signed before taking the test, I will not be discussing any of the information regarding the exam, and only my after action reflection and experience. Long story short, I did not pass. I actually got zero points overall on my first attempt, but because I submitted a complete report, I was allowed a second attempt. I had slight hope that I would prevail the second time around, but by the 7th day on my second attempt, I had so much tunnel vision I couldn't see a possibility of succeeding this time around. I concluded my report with an honest message to the HTB Grader, and concluded my test. To this day, I am still waiting to hear back about my exam review.

Moving Forward

I was not ready by any means. This was not due to the HTB curriculum, their test, or any outside factor other than my own disregard for the time I was allotted to finish the course. HTB suggests 45 days can be dedicated to complete the job role path, and I know for certain it can take way less than a year. I did not adequately prepare, I rushed the back 3/4 of the path, and I did my absolute best to overcome the struggles of web application enumeration I have. My next attempt must come at a later time, as this was rushed and premature.

The HTB CPTS hard for a beginner, especially if it is the first exam you undergo. We have all heard by now that the OSCP is the gold standard (especially for HR), and there is an internet battle about obtaining either that or the CPTS. When I made the decision for the CPTS, I considered cost primarily and the few reviews that were out on YouTube at the time. After attempting it, I can honestly say I agree that it is a way more realistic test than from what I hear about the OSCP, as your goal is a penetration test and not just compromise root or domain admin. The vulnerabilities you find must all be reported in a professional manner and not a single stone is to be left unturned. Did this contribute to my tunnel vision? Absolutely not, that is a struggle I battle on every box I attack on the HTB Labs platform. However, in my personal opinion, I believe this test does an awesome job at assessing proper professional knowledge necessary to succeed as a penetration tester.

I have decided to focus on a more beginner certification now, the PJPT by TCM Security. I am taking on the curriculum to regain knowledge of the fundamentals of enumeration, and strengthen my skillset by attacking this Practical Ethical Hacking course from a more scheduled standpoint. It helps that I am an auditory learner as well, so maybe this will yield better retention in my mind of key concepts (HTB is all reading and no video or sound). Not to mention, different companies have different methodologies, and I believe I have a lot to gain by diversifying my learning platforms and instructors. Altogether, I know I need to stay on schedule, take more specified notes, and prepare WELL in advance before taking any culminating exam, and I can promise I will be a more refined candidate when I take the CPTS again in the not too distant future.

Lessons Learned

I have a solid understanding of my next steps moving on in my learning path, and here are the key takeaways that truly stuck with my after being humbled my the CPTS exam twice:

• "Study when you should" - Any school you go to, there is always a schedule and an allotted time to pass a course. Self-study is not different in any way, and needs to be scheduled in order to successfully absorb the course curriculum.

• Web Application Testing - I definitely need work on web app hacking, as I found myself running out of ideas, or not testing every possible parameter to its fullest. I struggle with finding where an injection point would be, and I will be practicing on PortSwigger in order to refine this knowledge gap and increase my enumeration skills.

• Web Application Understanding - One idea that was preached throughout the job role path was that it is important to understand how an application functions. This includes clicking around, watching requests and the actions there perform, the responses from the web app itself, and learning the technology stack behind it all. I did not do a good job at this, and my tunnel vision sank me into rabbit holes for days at a time. This method of understanding will be a priority in my methodology moving forward, as it will be key to discovering injection points with ease.

• Report Writing - As per my feedback from my first attempt, my report writing is pretty solid so far! There are a few minor formatting corrections that would make the presentable data flow better, but overall I am happy with the way I can communicate findings I do come across. I know currently there are a few sections on my portfolio that could use some writeups (If a title is on the list, I completed the box and have notes already), but I feel that I have a solid grasp on portraying the information regarding vulnerabilities to the proper parties in a language they are fluent in (i.e. corporate speak).

I will complete the PEH so I can take the PJPT, I will be attacking the Pro Labs on HTB, and I will be practicing web app hacking on PortSwigger in order to close the knowledge gap I currently possess. I am not happy with how my first attempt went, and I am kicking myself over a few things I should have known better. However, I know that progress does not come without failure, and what I take away from this is a matter of perspective. I learned even during the test and that is what counts. I have my path set, my schedule tuned, and not too far from now I know you will be reading my next post about how I overcame these struggles and got the certifications to my name.