John's skillset is both broad and deep. There is nothing to be afraid of regarding the exam. It simulates real-world situations and some critical thinking is, of course, required. Just don't try it while moving places/driving across the country, like John did etc. 😋
I failed my first attempt with 20 points. Passed second with 100 points. I made the same mistake of taking time for granted and thinking it was going to be a walk in the park in my first attempt. The second attempt I pretty much took a week off of work and dedicated the entire time to the exam. And even then I submitted the report with 4 hours to spare. The exam is hard. The report is EXTRA hard. But at the end of the day it’s been the best exam I’ve ever taken. I truly felt accomplished passing the CPTS.
@@peternavarroiii3944 Yeah if you don’t have kids it might be doable. After work if you dedicate about 6 hours to the exam every day. Or if you’re like bmdyy and are already an expert in the field you might not need to take time off. But I’m a SysAd, so it was a bit harder for me. You could attempt the exam on a Friday. That way you have 4 full days (Saturday and Sunday) of test time
@@rodnet2703 Oh I see, yea I'm an IT systems analyst so this be pretty difficult for me as well. Now that you mention it I am expecting my first newborn in the next two months lol so maybe I should take the course but hold off on the exam for a few months and just study and wait when it's the right time.
@@peternavarroiii3944 Newborns are really hard. It’s time consuming work. You won’t have a lot of sleep for the first 6 months. Maybe more. I’m not sure I would recommend the exam during that time. The exam is really stressful. You could be stuck for days in the exam trying to figure out the next step. It’s not like OSCP where if you’re stuck you can rotate to another machine. In CPTS if you’re stuck you figure it out or fail.
Damn, this video got me pumped to do CPTS... and I've already done it 😂 As you said it's a great course + exam but not easy. Then again, anybody familiar with HTB probably doesn't associate it with the word "easy". Hopefully you do the exam again and if so, good luck! 🤞
How much do you need to know about pen testing to attempt the CPTS. I'm pretty much a complete beginner and am just doing the basic HTB boxes. I'm obviously not thinking about it yet, but wonder how good do you need to be to even sort of understand whats going on. Thanks to anyone that replies lol
10:57 Of course their certificates never expire. For two reasons: 1. The training paths are continuously assessing attitudes. 2. The knowledge foundation is solid. Man, I absolutely LOVE things well made! 🤓🥰
Took me 2 attempts before I passed on my third. It was a great experience and really enjoyed how the exam was set up. Having taken OSCP previously and passed that exam, I felt personally this was a step up in both contents and in the report writing elements. Would love to see more exams of this calibre.
@@NahImPro haha I mean the oscp is 24 hours and this is 10 days so that makes sense. It'd be wild if this was easier AND they gave you 10x the time to do it
@@thehundaltech OSCP feels tough because of the added time pressure (24 hours), in my experience. It's also a different exam experience, the exam machines are all independent with the exception of the AD set. With CPTS, it does simulate a real-world network and does a really good job of testing you on the course modules. I think the 10 days is a good time period for this, emulates what you would expect in a real-world pen test (I'm not a pen tester - so correct me if I'm wrong!), and gives you downtime to recharge your brain and plan your next move. I follow John and Ippsec and from their channels, I've learnt a lot from them and this is what pushed me towards this exam, and no one should be disheartened from attempting it. Outside circumstances can factor in (my 2nd attempt was foolishly taken over Christmas week) but the hard work will pay off.
Thanks John for the great review, and for the great video as always 😄 I would add that it is important to remember that even though the exam is very challenging, the path absolutely prepares you for it and is the only resource needed to pass the exam. Many also don't know about the "Information Security Foundations" path, which contains 12 introductory modules completely free of charge. This path is meant for absolute beginners in the InfoSec field, such that anyone can start pursuing CPTS regardless of their current level, and can complete many modules without paying a penny 🔥 Good luck everyone!
@@tinoparsons3391 The exam window does not begin until you redeem the exam voucher. So you are free to complete the course at your own pace essentially.
Thanks for sharing your experience. Seeing the people we look up to fail occasionally makes us feel much better about our own setbacks. I'm surprised that the first OSCE3 holder doesn't consider themselves a pentester though.
Jk🤣🤣🤣 I have some issue where the most dickish thing to say is the first thing that comes to mind. I do agree with you and have struggled with imposter syndrome for years...but I really am kinda faking it 😂
This is a great review. I'm glad I saw this. I currently just started the academy since its really the cheaper version of the modified OSCP course. So far they've really been hard on on two things and thats documentation and information gathering not only externally but internally as well. It seems as if they want to train students to really have that attention to detail when searching for vulnerabilities inside the network. Its everything you've been saying, its a lot of reading so anyone thinking about doing it - take good notes.
You've taught me more about pentesting and programming in a short amount of time than I've learned ever before, mainly just by making it interesting. So, regardless of the experience you have, the way you present your content makes it enjoyable to learn things that otherwise can be hard to focus on.
Would have been nice if you compared it to other entry/intermediate level certs in the same space like OSEP/OSCP/eJPT or others. Feels more like an ad read on a podcast personally.
This made me confident. I'm currently a beginner practically but theory wise I'm okay. So after watching John's review about CPTS I'm definitely gonna practice harder to take this medal. Even tho I haven't took this cert yet but still I want to point that whatever the case maybe, whether it's CPTS, OSCP, eCPPT, PNPT or any other cert, they are not just HARD. They just want you to try your best on fundamentals because every advance thing is just basically the mixture of different fundamentals.
Hey John! Try to give it a try to the CBBH too. It will be amazing to have a review for that one. I guess both HTB certs have an amazing intermediate level. And I hope that the industry will give them the recognition they deserve as some other certs that are out there.
I just got started with the HTB Academy and must say that when it comes to Penetration Testing, I'm still at the beginning. Yet, my goal is to take the exam in one year. I know its gonna be quite a hard road, but I think if you really want it, its possible! Thanks John for another awesome video - I already learned alot from your THM walkthroughs!
Wow, if it's hard for you, with all the certs that you got, including the triple offsec, I can't even imagine what kind of hell this is. I wish so hard to get it some day, I'm trying so hard, but time is my biggest enemy..
And here I am shitting myself for my CompTIA Security + exam on Friday! Pentesting is where I want to end up, one day..... Thanks for the run through! :)
@@tinoparsons3391 I some how managed to pass.... I used Prof Messer on here, Jason Dion test exams on Udemy and the r/compTIA reddit are all brilliant places to get started :) good luck with your adventure.
I don’t know how he would compare it, but I have heard many say in RU-vid reviews, and on the hackthebox discord that they consider the CPTS significantly harder than the OSCP. I also believe that John would say the same based off of this video. I plan on taking both this year, so I will see first-hand soon
I haven't taken the "new" OSCP that includes Active Directory but I do live with and work with people who have taken the new one -- CPTS is certainly harder than the OSCP that I took in 2018, and I would have a hunch that is still more difficult than the "new" OSCP.
not sure if im glad i watched this or not, i just started the training for CPTS yesterday but knowing you failed when i also know you are way better at hacking than me isnt great for the confidence :p, there are some good sounding tips in there and the main thing is i need to make sure i have absolutely nothing else to do in those 10 days when i get up to trying the exam
Why do they say certified Pentester if you’re not certified ? But you received a certificate ? Bc it’s only their certificate right it’s not and industry cert?
Yes, thats what i've heard from people that have taken both on youtube reviews and the hackthebox discord. CPTS is harder and covers everything from OSCP and more except for the buffer overflow. However buffer overflow is just an optional attack vector on one of the OSCP machines nowadays, and there is a binary exploitation skill path on hackthebox academy although it is not part of the CPTS learning path.
I'm going to burn this video to my brain, currently studying for it, and now I know TIME matters, and PAY ATTENTION. Just started but good to have that mindset going into this since it's important to actually grasp the information. Great video!
and it is laughable to ask for a sponsor video but dont ask him to make all the requirements... because that's the real problem, the requirements... it is like for someone who want to pass eJPT they must watch the 142hrs of videos or they cant pass the exam lmao
Effective angle they took eluding to the intensity of the exam through public figures; I'm compelled to do this and my career has nothing to do with cyber security.
I saw an interview with Naham or Chuck or something years ago with John, and I remember thinking that John Hammond needed a bit of upgrading on his youtuber voice.... years later, this dude is killing it
I'm a third of the way through the course and I'm hoping to take the exam by the end of May. I'm working full time as Service Desk Level 2 tech, so there's not much time for studying. From what I've seen so far in the material, it's definitely intermediate level. I went through Try Hack Me's ethical hacking course and it's not even close. This is far more thorough than anything else I've seen. I went through the free version of INE's penetration testing course and it didn't prepare me for that exam at all and I failed it twice. I don't think I'll take it again until I pass Hack the Box' penetration testing exam. I'm sure I'll find it to be much easier once I do take it again. Hack the Box really is the best way in my view to get hands on with learning this material.
Well, I'm hooked! Complete noob so gonna have to study a lot of basic stuff before I try this out, but super motivated! Do HTB offer any similar certs or was this the first?
I'm currently going through it and streaming my progress. I have taken the cheatsheet and made additions and notes to it for my personal use. But the course is great.
You did great John to make it that far, I know you are going to pass one-day, I want to learn more before I go and take the exam - I at the moment am way under-skilled I am just one of those kids who looks through the school computer for vulnerabilities (So that when I leave the school I can tell them things that they might be able to fix to make them more secure haha.) But You did well anyway John - Maybe next time don't move during it haha.
@@cyberneurovirus2500 Completely different? Maybe I'm missing something, but both PNPT and CPTS exams give you multiple days to crack the perimeter and gain an initial foothold, then pivot through multiple machines on the network evading AV and other security mechanisms, and finally compromise the DC and achieve persistence. Both also require you to write a report and do a live debrief where you have to explain your findings. To me it sounds they are pretty comparable. Maybe CPTS covers a bit more, but I'm not sure how much more.
@@RandomlyDrumming when I speak about CPTS being similar or not to PNPT I mean everything. From modules and subjects quality to exam report. I tried both and I can say CPTS is worthy than PNPT if you want to learn more and better. Just my opinion. You can have infinite ways to break in an internal network from external, but it does not mean that one cert is comparable to the other.
I'm 50% through the pentest path on academy and am aiming to do the CPTS within the next month or two. I'm glad you made this cause now I know I need to concentrate a little more on learning proper report writing techniques. Have you done Dante or any other prolabs? How does the CPTS environment compare?
I just did one of the starting point aws boxes and wanted to die so it's good to know that feeling never goes away lmao. I will be working hard towards this cert in the coming years.
Can I start this certification as my first pentest certification? I have definitely studied some courses such as security+ and eJPT but didn’t take any exam yet. Now I am studying hack the box pentesting path but now you made me rethink about it.
Hi @fahdalawsi2172, I'm starting right now, I'm very interested in knowing how it went, I don't have experience in pentesting either but I really want to achieve it
Hi, I'm asking for advice here. I'm following this course in hope to move from appsec Engineer to junior pentester. Do you think this course is appropriate ? And why? I'd love feedback from experienced pentester who have done this cert and know what is required for a junior pentester (in Europe).