Four days ago, I finished my HTB CJCA exam, which is my first exam in the security field. After 30 days of intensive study, luckily I managed to get 10/10 flags.
At first, I wanted to write this after the official result came out, but it turns out the report review from HTB takes around 20 days (yeah, I know… that’s looong lol). So I decided to write it now while the emotions are still fresh.
Honestly, the exam was quite tough. It took me 4 intense days, and I had trouble sleeping properly, especially since the exam duration is 5 days.
In the early stage of the exam, I also struggled with network issues. We were given two options: using Pwnbox (HTB’s remote VM) or connecting through VPN. I tried Pwnbox, but it felt laggy because of the remote VNC, so I decided to use the VPN instead. Unfortunately, the VPN often had packet loss. Because of this, the results during recon and enumeration were sometimes inconsistent. This was quite stressful, since enumeration is the key part of everything, if you miss something during enumeration, you can easily lose your foothold.
I was able to solve this by switching the VPN protocol from UDP to TCP. Even though this added some latency overhead, the connection became much more stable, and in the end, it was totally worth it.
After finishing it, I realized the exam is actually quite straightforward. In the beginning, I thought this was a black-box exam, but later I understood that it iss a grey-box exam -- we are given hints from the SIEM to identify how the system was compromised. Once I realized this on day 2–3, my progress became much faster.
This exam is not only about penetration testing skills. Even if you get 10/10 flags, it doesn’t guarantee you will pass, because there is also a blue team assessment. We have to triage SIEM alerts (ELK) and write a commercial-grade report.
For the report, I used SysReptor. After reading Reddit, many people recommended it for report writing. It uses Markdown, and since I’m very comfortable with Markdown, I really enjoyed using SysReptor.
Overall, I really enjoyed the modules and and the exam experience. What I like the most is that they successfully show the big picture of how people in this field think and act -- and thats exactly what I needed. Thanks to Hack The Box and the team.
Thanks for reading this short story. Keep learning and happy hacking!
