=

Course Foundation (HTB Academy)

The Certified Penetration Testing Specialist (CPTS) is HTB Academy's flagship certification. It covers the complete penetration testing lifecycle—from reconnaissance to exploitation, privilege escalation, pivoting, and professional reporting—in a realistic enterprise environment.

Core Topics

A modern, all-encompassing curriculum for real-world pentesting:

Info Gathering & Recon

Passive/Active recon, Subdomain enumeration, DNS attacks, and OS detection.

Exploitation Fundamentals

Buffer overflows, Web exploits (SQLi, XSS, SSRF), and misconfigured services.

Privilege Escalation

Windows (Token abuse, Kerberos) and Linux (SUID, Kernel exploits) privesc techniques.

Lateral Movement

SSH tunneling, Proxychains, Ligolo-ng, and pivoting across segmented networks.

Web & Network Attacks

Attacking Active Directory, SMB/RDP/VPN misconfigurations, and API exploitation.

Post-Exploitation

Credential dumping (Mimikatz), Persistence techniques, and Data exfiltration.

Exam Format

10-Day Exam Window

10 days total: 5 days (120 hours) for the practical exam + 5 days for reporting.

Enterprise Environment

Compromise a realistic enterprise network with multiple domains and segmented hosts.

Professional Report

Submit a comprehensive commercial-grade report documenting your findings.

Important Notes

  • Prerequisites: Strong Linux/Windows skills, networking basics, and familiarity with pentesting tools.
  • Tools: Nmap, Burp Suite, Metasploit, BloodHound, Mimikatz, Ligolo-ng.
  • Recognition: Considered one of the most practical and modern pentesting certifications available.