Hi, Im Rian glad that you showed up i will compare OSCP with CPTS. Enjoy <3
This article is a recount of how the path unfolded and why the comparison between OSCP and CPTS actually matters. The aim is not to sell you a route or tell you which cert is the best in the abstract. The aim is to show what each cert taught me, how they differ in practice, and which one helped me get the skills and the confidence to move into real world pentesting. Before i can tell you.. I need to start at:
How it started
The spark came from listening to Darknet Diaries and from being someone who always loved computers. Building my first PC at fourteen and spending years gaming gave a lot of practical familiarity with Windows and hardware but not with professional security work. That curiosity slowly turned into obsession and then into study. In early 2023 Hack The Box Academy kept appearing in searches for how to learn real penetration testing and it looked like a place to follow a structured path with practical labs.
The CPTS path felt like the right first move because it taught fundamentals with guided labs and clear progression. It did not hide the hard parts behind shortcuts. Progress was visible and that kept motivation high. By the time 60% of the path was completed enumeration made sense, privilege escalation stopped being voodoo and Linux was no longer scary. Hack The Box Academy gave a real foundation and set the mental model for how to approach a target.
The OSCP decision
In December 2023 a Learn One OSCP deal dropped in price and that changed the plan. The discount made the decision easier and it felt like the right moment to level up 2500$ was reduced to 2000$ for LearnOne (1 year of access and 2 trys) next would be 1 Year later… I couldt wait. The CPTS foundation helped a lot but OSCP was an escalation in expectations and in the type of thinking required. The OffSec learning path gives structure but it does not hand you everything on a plate. To pass the exam you need to pull in other recourses, fail a lot, find writeups, watch people work through machines and then repeat the process until it becomes second nature.
The study strategy was simple in description but brutal in practice. Practice was the priority. The TJ Null machine list became a daily roadmap. IPPSEC videos were used to see how experienced operators think about problems. Obsidian was used for notes and the SIREN method was used for consistent structure. Study group sessions helped with motivation. At one point about fifty people were in the group and later only five of us reached OSCP. That shows how much attrition there is between interest and completion.
Active Directory was the hardest shift because it was completely new and it felt like learning a new language. The pivot from loving Linux boxes to dealing with AD took time and errors. The funny outcome is that AD became one of the most enjoyable parts of the learning curve after a lot of practice.
The OSCP preparation grind
The eight months of preparation were intense. There were five to seven hour study days most days. The routine was to chain machines, document every step and to re run techniques until they were reliable. Hack The Box boxes forced more creativity because they often require thinking outside of common scripts. Proving Grounds complemented HTB because of its focus on enumeration and realistic networks.
Note taking was not optional. Obsidian and SIREN kept things searchable and consistent. Neat notes saved hours in both the exam and the labs because the time spent writing a clear command log and a screenshot plan pays back tenfold during reporting. Watching IPPSEC and reading writeups made the practical difference. Learning to read other peoples thought processes quickly becomes the fastest way to learn new techniques.
The material provided by OffSec is useful but incomplete. That means the candidate must build the missing pieces by combining other free and paid materials. That is part of what makes OSCP a good filter because it rewards people who can self teach and who can find the right direction when the official path is not explicit enough.
The OSCP exam experience
The exam took place in August 2024. A foothold came in about four hours and the whole exam was effectively closed after about fourteen hours by personal timekeeping. The structure is intense. The first hours are about calm and methodical enumeration and not panicking when a target resists simple techniques. Getting that foothold felt big but the exam is about more than one machine.
Several things mattered on exam day. The first was discipline in note taking. The second was stamina. The third was the ability to stop and switch to a different approach when a machine seemed blocked. Breaks are part of the strategy. Water and short rests kept focus. The decision to push for full points rather than stopping after the pass threshold came from wanting to leave no regrets.
Obsidian notes became the backbone of the final report. The report was completed under the exam rules and submitted for review. The pass email arrived on the first attempt and that feeling of relief and satisfaction is hard to describe. The months of repetition had paid off and the practical muscle memory made the difference more than textbook knowledge.
Returning to CPTS and finishing the loop
About a year after starting the initial CPTS work the remainder of the path was completed. Then the CPTS exam was taken. In hindsight CPTS was one of the hardest assessments faced because it simulates an enterprise engagement over a long period and expects broad competence across many areas. It is a very different pressure compared to OSCP. CPTS teaches patience and the end to end flow of a professional engagement. That flow and the complexity of the enterprise network scenarios are what make CPTS such a valuable learning experience.
Finishing CPTS after OSCP felt like closing a loop. CPTS had taught practical skills that were often modern and relevant. OSCP had pushed problem solving, endurance and the skill to work under proctoring conditions while following strict reporting rules. Both certifications contributed distinct and valuable skills.
CPTS vs OSCP content comparison
CPTS content is modern and structured with a strong emphasis on practical labs that are built to teach specific techniques. The course covers modern attack paths and gives deep practical exposure to topics that beginner to intermediate students need to master. This makes CPTS an excellent place to learn how to perform manual exploitation step by step without over reliance on copied proofs of concept.
OSCP content includes solid fundamentals and some newer modules like AWS and phishing that are useful. The official material does not always contain every single step needed to pass the exam and that forces the learner to find additional materials. That is a double edged sword because it encourages self learning and creativity but it also increases the workload before you can pass.
From a pure content quality perspective CPTS wins because it is comprehensive and modern. OSCP wins for the exam design and industry recognition. The content alone does not tell the whole story.
Labs comparison
The CPTS labs on Hack The Box Academy are easy to spin up and repeat. They are stable and designed to teach. That makes them great for practicing the same technique until it is comfortable. The labs have guided structure which helps when learning a new concept.
The OSCP challenge labs and Proving Grounds offer realistic scenarios that reward deep enumeration and chained exploitation. Hack The Box machines are often harder and encourage unconventional approaches and creative research. Those HTB boxes were the places where improvisation and reading widely made the biggest difference.
In my view OSCP labs provide a strong bridge to real world engagements while HTB boxes push creative problem solving. The best preparation used both.
Exam format and difficulty comparison
CPTS is a long running exam that simulates a grey box enterprise pentest. The exam length and the nature of the tasks make you feel like you have very little idea of anything at times. That is a humbling experience that teaches resilience and thoroughness. There is no proctoring for CPTS which changes the psychological pressure compared to OSCP.
OSCP is a timed proctored exam with twenty four hours to compromise machines and an additional twenty four hours for the report. Tool restrictions are in place which forces a discipline of knowing the basics. The OSCP exam is intense but focused and it has a different type of stress than CPTS because of the proctoring and the concentrated time pressure.
If the goal is to prove operational endurance CPTS is harder in duration. If the goal is to prove speed and methodical operations under direct observation OSCP is the more stressful environment (also due to the fact that is cost a liver to get a retry).
Reporting comparison
Reporting is one of the hardest parts of pentesting and both CPTS and OSCP make you do it, but they do it in very different ways. The OSCP report is basically a clear walkthrough of the machines you compromised. It needs to be accurate and professional but the structure is simpler and it is focused on reproducing the exploitation steps. That makes it easier to produce if you have good note taking while you work.
CPTS report grading is a different level. The CPTS exam expects an enterprise grade engagement document and the markers grade it much more strictly. You need an executive summary that is actually useful to non technical stakeholders, a risk rating that makes sense, remediation guidance that a dev or admin can follow, and technical appendices that stand up to scrutiny. The level of polish required means the report often takes days to complete and it must read like a real client deliverable. If your screenshots are messy or your evidence is not clear you will lose marks. That stricter grading is brutal but it trains you to write reports that are market ready right away.
In short CPTS forces you to deliver a consultancy level report while OSCP checks that you can reproduce and explain your exploitation steps. Both skills matter but CPTS pushes reporting to a much higher place.
I learned the hard way that CPTS grading is unforgiving. On my first CPTS report I failed because I made a stupid mistake. I forgot to correctly sort the CVSS scores in the findings section. Everything else was solid and I had tested the report ten times before submitting it but that one detail cost the entire attempt. They do not overlook anything and they do not pass you because the work looks good overall. It has to be perfect. Learn from that. Check every single requirement carefully before submitting because CPTS reports are not just checked, they are dissected.
Price and accessibility
The price difference matters. CPTS content on Hack The Box Academy is available for a subscription model that lowers the barrier to entry. OSCP Learn One is a significant financial investment even when discounted. For many people the price is the deciding factor.
If money is tight then CPTS offers a lot of modern and practical learning for a much smaller initial investment. If a person can afford OSCP then the certification recognition can help open doors in job searches but it should be entered knowing that additional study resources will be needed beyond the official materials.
What each cert taught that the other did not
CPTS taught modern techniques in a guided way and provided repeatable labs that built confidence in specific attack paths. It created a broad base of modern pentesting skills.
OSCP taught self sufficiency, creative problem solving when the official material did not provide a full answer, endurance and discipline under proctoring rules. OSCP forced a level of independent troubleshooting and report discipline that is very close to real contract style engagements.
Together they complement each other because CPTS teaches the what and how in a modern framework while OSCP teaches the independence and the grind to apply that knowledge under pressure.
Which one should you choose
If starting from scratch then CPTS is the smarter first choice. It will teach practical skills and give you the confidence to tackle intermediate machines. The structured lessons are very helpful in building a learning path.
If the primary goal is to get a job and to have a widely recognised certification then OSCP is the better one for job adverts. The industry still puts weight on OSCP and many roles explicitly list it as a desirable certification.
If possible do both. Start with CPTS then use that foundation to accelerate OSCP prep. That path worked in practice because CPTS gives the targeted skills and OSCP seals the ability to apply them under pressure.
Study tips that helped
Taking notes in an organised way saved time later. Watching IPPSEC videos and then replicating the steps on a lab is far more effective than passive watching. Using a machine list like TJ Null gives direction and prevents paralysis by choice. Joining a study group helps keep momentum but most of the work is solo discipline. Practice is the most important part.
After the certs what changed
Passing OSCP on the first attempt gave a significant confidence boost and a clearer view of how to approach employer conversations. Finishing CPTS afterwards made the skill set feel complete and exposed areas to improve like („advanced“ more or less haha) AD techniques. The plan now is to focus on real world pentesting work and to continue learning more and more.
Closing thoughts
This was not a short route and it was never easy. The combination of CPTS and OSCP worked because they taught different but overlapping skills. CPTS is modern teaching that builds muscle memory for exploitation steps. OSCP is the gatekeeper that rewards persistence and the ability to stitch knowledge together when the path is not defined.
If you are starting then be patient. A little consistent effort stacks into competence. Pick a learning path, take detailed notes and practice every day. Invest in hands on time rather than certificates alone. If you can afford both start with CPTS and move to OSCP. If you can only pick one then choose based on whether you need the skill base first or the widely recognised certification sooner.
Thanks for being here and reading this long post. If you want more on the specific study schedule, notes templates or the exact machine lists and video channels used then say so and that can be written up next. If anything in this story does not match your expectations tell me and it can be adjusted.
Imagine not using AI for this one 🙂
If you guys search for a good Active Directory Pentesting Group for CAPE feel free to join: