Red Teaming
Hassassin,
Dec 20
2022
It’s official. Our Certified Penetration Testing Specialist (CPTS) certification has its first successful pass! We caught up with William Moody to learn about his experience taking the CPTS certification. He also shares his journey into cybersecurity and tips for beginners who are choosing their next certification.
Fun facts about William Favorite movies: In no particular order: The Shawshank Redemption, Inception, The Matrix, Se7en, No Country for Old Men. Favorite games: I very rarely play video games anymore, but I grew up on Counter-Strike and Minecraft. Favorite tech: Contact lenses. Where would I be without them... Education: BSc Software Engineering from the Technical University of Vienna Hobbies: Weightlifting, motorcycles, and of course, CTFs. |
I came to Austria to study Software Engineering at the Vienna University of Technology. In the fourth semester (out of six) there was a mandatory course called an Introduction To Security. It was led by an Austrian CTF team who participated in many CTFs, and they made the course so captivating that I wanted to learn more about cybersecurity. It was way more interesting than programming (which is something I’m good at and have been doing since fifth grade). I find that cybersecurity is more like a satisfying game - one that rewards you for finding a vulnerability or solving a challenge.
After taking the introductory security course, I was inspired to go for the OSCP certification. I spent three months every day doing a couple of hours of material and labs. I passed on my second try. It was hard for me because I had never used Linux up to that point and was mostly a Windows user. Over the next summer break, I dove right in and tried to learn as much as possible about Linux and security.
By the fifth semester, I was eager to start working so I applied for pentesting jobs and ended up working for one of the largest private data center operators in Austria.
The ultimate pentesting certification
Accelerate your cybersecurity career with the HTB CPTS: The cost-effective, hands-on penetration testing certification that’s valued by employers, prepares you for real-world environments, and gets you job-ready.
I work for Raiffeisen Informatik, one of the largest private data center operators in Austria. We host a lot of data centers for smaller banks in Austria. My day-to-day involves a lot of internal pentesting with relatively few external tests - it’s almost all networking and internal infrastructure. We occasionally do Red Teaming.
Hack The Box has helped because it was my first introduction to the cybersecurity world a couple of years ago and has sharpened my practical skills! But the thing with pentesting is that you have to develop your own methodology, and you develop your own routine.
When you merge your training and learnings together, you have a sum that is greater than its parts. This means that CPTS won’t apply to every pentest you do. Neither will OSCP.
I really enjoyed how realistic the training is. It teaches you to creatively problem solve and think for yourself instead of relying on the work of others, which is critical for any cybersecurity professional.
I say this because I’ve noticed other popular courses and certifications on the market feature unrealistic vulnerabilities that are sometimes overly complicated, based on public CTF style exploits, or use software or environments that you won’t encounter in the real world.
Another great thing about CPTS is the exam and grading process. I completed the exam in five days, but you have ten days in total. It follows the format of an external pentest of an organization with a large Active Directory network, and you need to submit a realistic penetration testing report to complete it. My report was graded the day after submission.
Most of the content is also covered in the modules leading up to the exam, and you can take the exam whenever you want. Regardless of whether you pass or fail, you get personalized feedback for every attempt which is extremely beneficial for learning. The certification is also great value for money when compared to other vendors, especially if you have a student plan.
Most certs will benefit you. If, let’s say you have a limited budget and you have to pick one, choose something that gives you the skills that you need the most.
Your reason behind taking a certification is also important. If you’re doing it just for interviews or because you think you have to, you might not learn much from it because you’ll rush the process. Overall, I think certifications are very useful, but you have to understand why you’re taking a certification or course. Otherwise, you’re less likely to put in the required effort and get the maximum value out of it.
I’ve got a complete guide to taking the CPTS certification, but I'd say:
Pay attention to the modules. All vulnerabilities in the exam are covered in the relevant module.
Use the search function on the Academy to help you find information and answers for your exam.
Take a ton of in-depth notes from modules to prepare for your exam. For example, have important commands ready.
You will already have the necessary knowledge by the time you sit your exam, so take your time enumerating. Once you’ve found everything, you can start to exploit.
Find everything there is to find before you go in-depth on anything. Take it slow. You have ten days.
If I were to hire someone and they did CPTS, I’d value it.
Everything’s explained from the ground up and you have interactive machines that you can practice with. You’ll learn a lot, especially if you’re new to the topics. Most cybersecurity training vendors have this in some way, but I like the way HTB integrates content with interactive elements to be more engaging and help you understand what you learn.
Knowing a programming language is extremely beneficial because you’ll understand what you’re testing from a developer's perspective. If I had to pick one language to learn, I would pick Python, even though it is a scripting language. It’s versatile and enables you to create scripts for automation or exploits. It might seem overwhelming at first, but once you understand one language, it’s easier to learn others. With enough practice, programming eventually becomes a mindset rather than a technical thing because it’s just the syntax that changes.
Finally, if you want to get good at cybersecurity, it needs to be a passion. You should want to learn about cyber. It changes so often, with new vulnerabilities, new attack vectors, etc. that you should like learning. This is one of the biggest assets for a career in IT/cybersecurity.
Everything you need to become a pentester
Master complex concepts with free guided cybersecurity courses on the HTB Academy. (Student discounts are available.)
Prove that you have job-ready cybersecurity skills by taking the CPTS penetration testing certification (you’ll have example reports and pentests to share in interview assignments).
Show your investment in your skills development and earn CPE credits by solving Machines, Challenges, Endgames, and real-world cybersecurity labs.
Author bio: Hassan Ud-deen (hassassin), Content Marketing Manager, Hack The Box Hassan Ud-deen is the Content Marketing Manager at Hack The Box. Combining thought leadership and SEO to fuel demand generation is his jam. Hassan's also fascinated by cybersecurity, enjoys interviewing tech professionals, and when the mood strikes him occasionally tinkers within a Linux terminal in a dark room with his (HTB) hoodie on. #noob. Feel free to connect with him on LinkedIn. |