Cart
Register
Sign in
HTB
Certified Penetration Testing Specialist (CPTS)

Instructor-led training
(12 sessions)
€ 1.910

Are you looking to level up your penetration testing game? Do you want to enter the penetration testing world with little to no prior experience?

This course will equip you with everything you need to conduct a professional penetration test.

I want to become a HTB Certfied Penetration Testing Specialist

Fill in the following form and we'll notify you when registration opens.

You want to train your team?

Get a quote

Master Vulnerabilities!

This course emphasizes on creative thinking, teaching you how to chain multiple vulnerabilities for maximum impact and deliver actionable remediation steps. By the end of the course, you will be equipped to produce professional-grade pentesting reports and provide valuable insights for strengthening organizational security.

HTB Certified Penetration Testing Specialist (CPTS) is a highly hands-on certification that assesses the candidates’ penetration testing skills. Certified Penetration Testing Specialist certification holders will possess technical competency in the ethical hacking and penetration testing domains at an intermediate level. They will be able to spot security issues and identify avenues of exploitation that may not be immediately apparent from searching for CVEs or known exploit PoCs. They can also think outside the box, chain multiple vulnerabilities to showcase maximum impact, and actionably help organizations remediate vulnerabilities through commercial-grade pentesting reports.

What You’ll Learn:
✅ Penetration testing processes and methodologies
✅ Information gathering & reconnaissance techniques
✅ Attacking Windows & Linux targets
✅ Active Directory penetration testing
✅ Web application penetration testing
✅ Manual & automated exploitation
✅ Vulnerability assessment
✅ Pivoting & Lateral Movement
✅ Post-exploitation enumeration
✅ Windows & Linux Privilege escalation
✅ Vulnerability/Risk communication and reporting

Become a HTB Certified Penetration Testing Specialist, boost your career and earn more money!

Level:
Entry to
Intermediate

Class schedule:
TBA

Duration:
6 weeks
(8h/week)

Start date:
TBA

Level:
Entry to intermediate

Class schedule:
TBA

Duration:
8 weeks (8h/week)

Start date:
November 18th

Ideal for:

Penetration Testers 

Security and Vulnerability Analysts

Security Engineers and 
IT Security Personnel

Opt-in now

Student Pack Includes:

> 1 year access to HTB Academy’s labs and content.

> Instructor available for technical support during the office hours (1h/week).

> Exam voucher includes two (2) exam attempts.

> Course materials such as slides, links to further reading, code snippets, lab exercises, etc.

> HTB Penetration Testing Specialist Certification after successfully passing the exam.

HTB Academy Access Includes:

Access to HTB Academy’s content and labs is vital for your participation in this course. A discount voucher will be provided to you upon registration via e-mail, which you can use to activate your subscription to HTB Academy.

Access includes:
> Direct Access to all modules up to (including) TIER II

> Direct Access to the entire Bug bounty Hunter role path

> Step-by-step module solutions

> Unlimited Pwn Box usage

Note: In case you already have a HTB Academy subscription please contact us

Join us now

and boost your career with a world-class certification.

I want to become a HTB Certfied Bug Bounty Hunter

CBBH course includes:
+ Access to HTB Academy

+ 12 instructor-led sessions
+ Exam Voucher

Final Price
€ 1.910
REGISTER NOW

I want to become a HTB Certfied Penetration Testing Specialist

Fill in the following form and we'll notify you when registration opens.

FAQs:

Accordion Content

A certification is not a mandatory prerequisite to become a Penetration Tester or practice any other cybersecurity role, but a great asset if you are looking to learn new skills in a structured way and prove your knowledge to potential employers. Here is our take:

  • IT Security certifications do not define an individual, but they verify their skills for a specific job role.
  • A well structured and highly practical training program that results in a certification can greatly flatten the steep learning curve related to cybersecurity topics/domains and also provide you with hands-on experience.
  • A certification from a credible cybersecurity certification vendor could be used to prove to a potential employer that both your skills and professionalism have been successfully put to the test.
  • A certification can be an incentive to remain on track and focussed during your studying.

A certification is not a mandatory prerequisite to become a Bug Bounty Hunter or practice any other cybersecurity role, but a great asset if you are looking to learn new skills in a structured way and prove your knowledge to potential employers. Here is our take:

  • IT Security certifications do not define an individual, but they verify their skills for a specific job role.
  • A well structured and highly practical training program that results in a certification can greatly flatten the steep learning curve related to cybersecurity topics/domains and also provide you with hands-on experience.
  • A certification from a credible cybersecurity certification vendor could be used to prove to a potential employer that both your skills and professionalism have been successfully put to the test.
  • A certification can be an incentive to remain on track and focussed during your studying.

Hack The Box is a trusted, highly respected, and community-backed IT security training vendor, with a long history in the domain. The training standards of the company are set quite high and this applies to all offerings, machines, challenges, Pro Labs, and now, the certifications.

Through the years, Hack The Box has been a training partner of major organisations, government/military agencies, and academic institutions worldwide. We plan to continue being a trusted training partner, and also provide certification services from now on, while retaining the same level of content-excellence, quality, and integrity.

To prepare effectively for the CBBH program, consider the following recommendations:

  • Familiarity with HTB Academy
  • Setting Up a Lab Environment: Install virtualization software such as VMware or VirtualBox. Set up a few virtual machines, including both Windows and Linux environments, to simulate real-world testing scenarios.
  • Reviewing Networking and Application Fundamentals: If you’re not confident in your fundamentals , it’s advisable to review key concepts such as common protocols, web application stacks, etc.
  • Ensuring Reliable Internet Access: As the course involves online demonstrations and hands-on exercises, a stable and fast internet connection is essential

  • Academy Modules Review:

    1. Review the Introduction to Academy” module

    2. Go through the “Getting Started” module

While a programming background is not required, it can be beneficial. The course will introduce some scripting and automation techniques, but these are explained from the ground up, making it accessible even to those with limited programming experience.

Prerequisites for successful certification include:

  • Fundamental Cybersecurity Concepts: A basic understanding of cybersecurity principles such as encryption, firewalls, and intrusion detection systems.
  • Basic Knowledge of Operating Systems:
  • Basic knowledge of both Windows and Linux operating systems, including command-line usage.
  • Basic Understanding of Networking: Familiarity with networking concepts such as IP addressing, routing, and protocols (TCP/IP, DNS, HTTP)
  • Basic Web Application Knowledge: Familiarity with web application architecture, including understanding of HTTP/HTTPS, HTML, JavaScript, and common web vulnerabilities (e.g., SQL injection, XSS).
  • Prior Experience with Scripting or Programming (Optional): While not mandatory, basic scripting or programming skills (e.g., Python, Bash) can be helpful.

Participants have access to a dedicated support team for any technical issues, as well as access to instructors during designated office hours for questions related to the course material. Additionally, you can reach out to your instructor during office hours for personalized assistance.

The course includes simulated real-world scenarios in a controlled lab environment. You will not be conducting tests on live, unauthorized systems, but you will gain the skills needed to perform real-world penetration tests in a professional setting.

Unfortunately we don’t record our sessions therefore you’ll need to catch up with the rest of the group. The support team can help you to catch up with the previous sessions and guide you on the materials that you need to read.

Yes, you can access all Tier 0 modules of the Penetration Tester job-role path completely free of charge. This means that you can start the path for free, and once you get going and feel like the rest of the path suits your learning objectives, you can choose any of the available pricing options.

No, all individuals who desire to obtain HTB CPTS must complete the entire Penetration Tester job-role path, which consists of 28 modules. Each module comes with its own hands-on exercises and skills assessment (at the end) that you must complete to prove your understanding of the presented topics, before going for the exam.

HTB certifications are on Credly! By the time you successfully complete the HTB CPTS exam and claim your certificate, CPTS’s digital badge will arrive on your email. Accept it and share it on your social media, so that third parties can verify your obtained skills!

Subscribe to our insights and offers today!

Individuals

Teams

Cyber Helmets

Legal

2025 © Cyber Helmets, All rights reserved

Syllabus:

Intro to GCP

  • GCP Hierarchy
  • Google Workspace
  • gcloud config
  • Basic Hacking Techniques

Exploitation of GCP Services

  • IAM
  • KMS
  • Secrets 
  • Storage
  • Compute Instances & VPC
  • Cloud Functions
  • CloudSQL
  • Pub/Sub
  • App Engine
  • Google APIs
  • Cloud Shell

Methodologies

  • White box

Security Services

  • GCP Logging & Monitoring

Syllabus:

Intro to AWS

  • AWS Organization
  • AWS Principals
  • Basic Hacking Techniques

Exploitation of AWS Services

  • IAM
  • STS
  • KMS
  • Secrets Manager
  • S3
  • EC2 & VPC
  • Lambda
  • RDS
  • SQS
  • SNS

Methologies

  • White box

Common Detection Mechanisms

  • CloudTrail

Syllabus:

Azure Basics

  • Azure Organization
  • Entra ID
  • Azure Tokens & APIs
  • Basic Enumeration Tools

 

Exploitation of Azure Services

  • Entra ID IAM
  • Azure IAM
  • Azure Applications
  • Azure Key Vault
  • Azure Virtual Machine & Networking
  • Storage Accounts
  • Azure File Share
  • Azure Table Storage
  • Azure SQL Database
  • Azure MySQL & PostgreSQL
  • Azure CosmosDB
  • Azure App Service
  • Basic Azure Research Technique
  • Azure Function Apps
  • Static Web Apps
  • Azure Container Registry
  • Azure Container
  • Instances, Apps & Jobs
  • Azure Queue
  • Azure Service Bus
  • Azure Automation Account
  • Azure Logic Apps
  • Azure Cloud Shell
  • Azure Virtual Desktop

 

Methologies

  • White box
  • Black box
  • Pivoting between Entra ID & AD

 

Common Detection Mechanisms

  • Azure & Entra ID Logging & Monitoring
  • Microsoft Sentinel
  • Microsoft Defender for Cloud & Microsoft Defender EASM

Fundamentals and Setup

  1. Overview of Android’s architecture and ecosystem dynamics.
  2. Exploration of security features native to Android using Java, Kotlin, C++, and Rust.
  3. Mobile Application Threat Model
    a) Differences between mobile and web application threat models.
    b) Applying threat modeling techniques specifically to mobile applications.
    c) Case studies highlighting potential threats and vulnerabilities.
    d) How do we secure and test cross platform apps (e.g. ReactNative, Xamarin, etc).
  4. Introduction to industry mobile security standards
    a) OWASP Mobile Application Security (MAS) project
    b) Effective usage of the Mobile Application Security Verification Standard (MASVS).
    c) Effective usage of the Mobile Security Testing Guide (MSTG).
    d) Overview of the OWASP top 10 for mobile.
  5. Setting up and preparing a mobile security testing lab
    a) Configuration of industry-standard tools and guidance on their appropriate use.
    b) Setup of virtual mobile devices using Corellium, including its advantages.
    c) Introductory exercises to familiarize with the tools.
  6. Secure Coding Overview
    a) Exercises to identify vulnerabilities in code examples
    b) Discussion of the appropriate mechanisms for remediation
    c) Practical session on remediation and re-testing the app
  7. Secure storage
    a) Overview of application storage mechanisms.
    b) Introduction to cryptographic storage solutions on Android.

Advanced Techniques and Practical Application

  • Mobile penetration testing methodology
    a) Methodologies used in real-world scenarios with practical tips and tricks.
  • Identifying issues with backend APIs
    a) Examination of client-side trust issues.
    b) Analysis of insecure communications including certificate validation and pinning.
  • Cryptography in Android apps
    a) Utilization of Android’s Crypto APIs.
    b) Implementation of native cryptography using libraries like libnacl and OpenSSL.
    c) Management of cryptographic keys.
  • Authentication and Authorization
    a) Testing client-side authentication mechanisms, including secure usage of biometrics.
    b) Strategies to detect and bypass authentication flaws.
    c) Security measures for API authentication.
  • Android IPC
    a) Detailed exploration of Intents, deep links, Binders/services, and broadcast receivers.
  • Webviews
    a) Identifying and resolving common security issues in Android Webview configurations.
  • Software Composition Analysis (SBOM)
    a) Techniques to determine the components of an Android app.
    b) Identifying known vulnerabilities within these components.
  • Mobile Device Management (MDM)
    a) Introduction to Mobile Device Management: definition, core features, and its role in enhancing organizational security.
    b) Discussion on the benefits and practical applications of MDM in controlling and securing mobile devices across an enterprise.
  • Mobile Application Management (MAM)
    a) Overview of Mobile Application Management: what it entails and its significance in enterprise environments.
    b) Exploration of how MAM contributes to managing and securing applications specifically, detailing its utility for enterprise security strategies.

Advanced Techniques and Practical Application

  • Mobile penetration testing methodology
    a) Methodologies used in real-world scenarios with practical tips and tricks.
  • Identifying issues with backend APIs
    a) Examination of client-side trust issues.
    b) Analysis of insecure communications including App Transport Security issues & certificate pinning.
  • Cryptography in IOS apps
    a) Utilization of iOS’s CryptoKit & CommonCrypto APIs.
    b) Implementation of native cryptography using libraries like libnacl and OpenSSL.
    c) Management of cryptographic keys and leveraging the secure enclave.
  • Authentication and Authorization
    a) Testing client-side authentication mechanisms, including secure usage of Local Authentication (biometrics).
    b) Strategies to detect and bypass authentication flaws.
    c) Security measures for API authentication.
    d) Using Device Check and App Attest
  • iOS IPC
    a) Detailed exploration of URL schemes, deep (universal) links, and extensions.
  • Webviews
    a) Identifying and resolving common security issues in iOS Webview configurations.
  • Software Composition Analysis (SBOM)
    a) Techniques to determine the components of an iOS app.
    b) Identifying known vulnerabilities within these components.
  • Implementing App Integrity
    a) What to look for
    b) How to implement
  • Mobile Device Management (MDM)
    a) Introduction to Mobile Device Management: definition, core features, and its role in enhancing organizational security.
    b) Discussion on the benefits and practical applications of MDM in controlling and securing mobile devices across an enterprise.
  • Mobile Application Management (MAM)
    a) Overview of Mobile Application Management: what it entails and its significance in enterprise environments.
    b) Exploration of how MAM contributes to managing and securing applications specifically, detailing its utility for enterprise security strategies.

Fundamentals & Setup

  1. Overview of iOS’s architecture and ecosystem dynamics.
  2. Exploration of security features native to to iOS using Objective-C, Swift, and C(++).
  3. Mobile Application Threat Model
    a) Differences between mobile and web application threat models.
    b) Applying threat modeling techniques specifically to mobile applications.
    c) Case studies highlighting potential threats and vulnerabilities.
    d) How do we secure and test cross platform apps (e.g. ReactNative, Xamarin, etc).
  4. Introduction to industry mobile security standards
    a) OWASP Mobile Application Security (MAS) project
    b) Effective usage of the Mobile Application Security Verification Standard (MASVS).
    c) Effective usage of the Mobile Security Testing Guide (MSTG).
    d) Overview of the OWASP top 10 for mobile.
  5. Setting up and preparing a mobile security testing lab
    a) Configuration of industry-standard tools and guidance on their appropriate use.
    b) Setup of virtual mobile devices using Corellium, including its advantages.
    c) Introductory exercises to familiarize with the tools.
  6. Secure Coding Overview
    a) Exercises to identify vulnerabilities in iOS code examples
    b) Discussion of the appropriate mechanisms for remediation
    c) Practical session on remediation and re-testing the app
  7. Secure storage
    a) Overview of application storage mechanisms.
    b) Introduction to cryptographic storage solutions on iOS.