Post

How Proper Note-Taking Helped Me Pass CPTS, CDSA, & CRTO

Posted Updated
By partyh4t
7 min read
How Proper Note-Taking Helped Me Pass CPTS, CDSA, & CRTO

The reason I’m making this post is not to show off, but rather to motivate and help anyone that might be planning on tackling any of these certifications, or any certification in the infosec space in general.

To start off, I’ll talk about the CPTS as that was the first of the three I tackled back in August of 2024. I won’t be going into depth on any of the certifications, but rather giving a brief explanation as to what they are, my experience with them, and what I felt, was the key factor in being able to succeed with relative ease.

CPTS

The HTB CPTS (Certified Penetration Testing Specialist) certification involves completing the CPTS job-role path within the HTB Academy modules, which then grants you the eligbility to attempt the exam. The exam revolves around a 10-day period you’re given, where you must perform a penetration test for an enterprise company and gain atleast 12/14 flags, alongside creating a professional-grade report on the findings.

Long story short, I was able to pass the CPTS on my first attempt. After averaging about 4 flags per day, I was able to knockout all the flags I needed to pass by the third day. Tacking in the report-writing, I had submit my exam by the sixth day (out of the 10 days total I was given). Personally, I felt the exam was relatively straight-forward, avoided any unnecessary rabbit-holes, and overall was extremely fun. No complaints.

CDSA

Noving onto the HTB CDSA (Certified Defensive Security Analyst) certification, this cert also requires that you complete the associated job-role path within the Academy platform, before being able to take the exam. This exam however, is only 7 days. The exam is quite similar to the CPTS in that it also, requires a certain amount of flags to be obtained whilst also providing a professional-grade report on the incidents at hand.

For this exam, I was able to obtain all the flags except one within the first day, and had finished my report by the third. The exam itself was a lot easier than I had anticipated.

CRTO

Lastly, Zero-Point Security’s CRTO (Certified Red Team Operator). This is a 4 day exam, and doesn’t require you to complete the course associated with it to be able to attempt the exam (although I’d of course recommend you do take the course, especially if you’re unfamiliar with Cobalt Strike). The course content and the exam are mainly focused on Active Directory enumeration and attacks, but with the added task of avoiding Windows Defender, something CPTS doesn’t really cover. This however, is made relatively trivial by the provisioning of Cobalt Strike within the course and the exam environment, so its nothing toooo scary.

I was able to complete the exam within the first day in this case, obtaining a total of 6/8 flags (6 being required to pass), and calling it there since I was quite lazy and didn’t bother trying too hard for the 7th and 8th. Oh and also, this exam doesn’t require a report to be produced alongside it.

Notetaking

The one thing that I felt that made such a big difference for me; and not just in within these exams, but in general, was my note taking. Now of course everyone knows note-taking is important, yada, yada. And I understand that everyone has their own different ways of taking notes, and what they consider to be good notes and bad notes. But I think everyone can agree that a good set of notes should generally embody and faciliate the following:

  • Better Retention & Understanding
  • Efficient Review & Revision
  • Organized & Easy To Access

The reason as to why I bring this up is because when I first started taking notes early in my journey into cybersecurity, I kinda neglected taking notes, believing they wouldn’t make much of a difference. I quickly began to realize how much of a mistake this was, especially when you’re learning so many new concepts the way I was since I didn’t really have a background into IT. I would constantly learn something new, forget it the next day, or forget it by the time I encountered a situation where the information would’ve actually proven beneficial.

I understood there wasn’t really any way I’d be able to retain so much new information without forgetting a majority of it, especially when it comes to cli usage/tool syntax and what not, and thats fine! So I began structuring my notes in such a way that made it so incredibly easy for me to quickly reference information and retain key concepts effortlessly.

The platform you use to take notes doesn’t really matter as it’ll mainly come down to personal preference and I wouldnt say any one is better than the other, but the two that seem to be the most popular are “Notion” and “Obsidian”. I’ve tried both, but have opted to use Notion, as Notion better supports my note-taking style, and I like my notes to look somewhat visually pleasing.

So here is an example of the overall structure of my notes:

image

I have each section in its own page, and within each page I’ll typically have some general information accomapnied with subpages for each specific topic. For example, within the Recon page/section, I have subpages for Active, Passive, and OSINT.

image

And then within each of those subpages, say Active, I’ll have even more pages, with each stage kind of delving deeper into a specific topic.

image

Then finally, within say, the Subdomain Enumeration page:

image

It might seem a bit excessive to some poeple, but for me atleast, I find it works great when used in the real world.

Heres a perfect example of what it might look like when say, I run a port scan on a host, and identified that ports 21,22 and 80 were open. I can methodically go through each section, starting with FTP:

image

Okay, seems relatively trivial. Plus, there usually isnt much to do with FTP except read/download some files, or upload a file if a webserver is directly hosting its files via an FTP server, but I digress. Moving onto SSH:

image

Alright, typically cant do much with SSH either unless its running vulnerable version or we have potential creds we can use/bruteforce.

Regardless, you can see where I’m going with this. Having everything structured in such a way makes it so incredibly easy to methodically go through each thing you’re encountering in order.

  • You’re performing subdomain enumeration using Gobuster? Well that’ll be an Active Recon, being performed on the HTTP/HTTPS service/port, targeting Subdomains, using the tool Gobuster:

image

  • You want to perform a Kerberoasting attack from a Linux machine? In this case, we’ll be Exploiting an Active Directory service, to perform a Kerberoasting attack from Linux:

image

image

image

Closing Thoughts

Thats the gist of it. I wrote this kinda just wanted to highlight how valuable I think taking good notes actually is, and I highly recommend that anyone who struggles with taking notes and wants some inspiration on organization and structure to try giving this form of note-taking a go, as I definitely think it’ll help.

You should never expect yourself to perfectly retain all the things you’re learning, especially when it comes to a field like this, where there are countless tools and techniques and cli arguments to perform so many different things. Make sure you genuinely understand the topics you’re learning, treat Google as you’re best friend, and take exceptional notes.

I hope this helps, and if anyone ever has any questions about the certifcations, or just anything in general, I’m more than happy to help.

Informational
This post is licensed under CC BY 4.0 by the author.