Preparation
This certification focuses on web hacking and will provide us with a solid and comprehensive foundation on this type of asset, its vulnerabilities, and how to exploit them.
Web Penetration Tester
There is a learning path on HacktheBox in the Academy HTB section.
If you don't have a HackTheBox account yet, here is my referral link: https://referral.hackthebox.com/mz9ceuq
When you log in to your account, make sure you are in Academy HTB.
In the Dashboard, in the side menu, you will find the Paths section. When you open it, there will be two options. Select Job Role Paths.
We will find the different paths for roles or positions that can be found in the cybersecurity sector. In the case of this certification, we will choose Web Penetration Tester.
Next to the title, we see the difficulty level, the sections, the cubes we will earn, and the number of days it usually takes to complete it. At the bottom, next to the action buttons, the cost of the path in cubes will appear, because each module is unlocked with cubes, which is the platform's internal currency.
In my case, I had cubes available for having completed certain machines. There are modules in the course that also provide cubes when completed, but they will not be enough to purchase all the modules.
The course has modules focused on each type of web vulnerability, different techniques, and methodologies. Each module has both a theoretical and practical part to test the knowledge you are acquiring.
Prices
Until the learning path is 100% complete, you cannot purchase the exam voucher, so you will need to get a subscription to have cubes for all modules and then pay for the voucher.
In my opinion, the best strategy, and the one I am going to follow, is to purchase the Platinum monthly subscription (€58/month + 21% VAT = €70.18/month) to complete all the modules. At first, you will not have enough cubes to unlock all the modules, but as you complete them, you will receive more cubes that you can use to unlock the rest.
The exam voucher costs a total of €217.80. You cannot purchase it until you have completed 100% of the learning path.
Learning Path
Within the Bug Bounty Hunter learning path, there are 20 modules covering different topics. From how the web back-end works to different types of vulnerabilities.
At the end of each module, there is a Skills Assessment, which is a lab where you have to apply everything you have learned in the module to find flags and answers to questions you are asked.
You can find the guides for each of them in the WRITEUPS section.
How the exam works
The exam lasts seven days. It is designed to take the same amount of time as you would spend on your job.
It also consists of a report, for which the HackTheBox platform itself provides a template: https://www.hackthebox.com/blog/certification-templates
Feedback on the report is provided during the correction process. The score required to pass the “technical part” is 80 out of 100.
One way to write a good report would be to take notes on everything we do during the exam so that when we finish the technical section and have to write the report, it doesn't take us so long and is as easy as possible.
Since we have to write a report, in addition to taking notes on what we are doing, I would recommend taking screenshots of the entire procedure.
Extra - Machines to prepare for the exam
If you are like me and like to play it safe, sometimes even too much, here is a list of machines prepared by J4ckie0x17 on Vulnyx, geared towards the CWES (CBBH) exam:
Express
Bola
JarJar
Gattaca
Future
Jerry
Lost
The WriteUp uploaded for each machine is linked to its name.
I passed!
If you're still not convinced, I'll share my experience with you and explain how it went.
Última actualización