Course Foundation (HTB Academy)
The Certified Penetration Testing Specialist (CPTS) is HTB Academy's flagship certification. It covers the complete penetration testing lifecycle—from reconnaissance to exploitation, privilege escalation, pivoting, and professional reporting—in a realistic enterprise environment.
Core Topics
A modern, all-encompassing curriculum for real-world pentesting:
Info Gathering & Recon
Passive/Active recon, Subdomain enumeration, DNS attacks, and OS detection.
Exploitation Fundamentals
Buffer overflows, Web exploits (SQLi, XSS, SSRF), and misconfigured services.
Privilege Escalation
Windows (Token abuse, Kerberos) and Linux (SUID, Kernel exploits) privesc techniques.
Lateral Movement
SSH tunneling, Proxychains, Ligolo-ng, and pivoting across segmented networks.
Web & Network Attacks
Attacking Active Directory, SMB/RDP/VPN misconfigurations, and API exploitation.
Post-Exploitation
Credential dumping (Mimikatz), Persistence techniques, and Data exfiltration.
Exam Format
10-Day Exam Window
10 days total: 5 days (120 hours) for the practical exam + 5 days for reporting.
Enterprise Environment
Compromise a realistic enterprise network with multiple domains and segmented hosts.
Professional Report
Submit a comprehensive commercial-grade report documenting your findings.
Important Notes
- Prerequisites: Strong Linux/Windows skills, networking basics, and familiarity with pentesting tools.
- Tools: Nmap, Burp Suite, Metasploit, BloodHound, Mimikatz, Ligolo-ng.
- Recognition: Considered one of the most practical and modern pentesting certifications available.