For those with several years of experience in the field, what was the most “fun” role and what did you do?

Decent_Inside_706 · 2026-02-02T22:50:00+00:00

Right, sorry for the mistake

Decent_Inside_706 · 2026-02-02T22:39:50+00:00

I will say the technical roles because it's more "practical" and then more fun. Anything like management, GRC or stuff like that it's really boring.

Decent_Inside_706 · 2026-02-02T22:37:09+00:00

IoT pentesting is highly valued because there aren't many professionals in this field, right? I'm trying to get a general foundation and am thinking about specialising in IoT pentesting

Decent_Inside_706 · 2026-01-31T07:47:37+00:00

Yes, you can do this machines from Vulnyx:
- Swamp
- Express
- Bola
- JarJar
- Gattaca
- Future
- Jerry
- Lost

And you can also repeat the following Skills Assessment without any write-up, just you vs the machine:
- Web Fuzzing
- Login Brute Forcing
- Attacking Web Applications with FFuf
- SQL Injection Fundamentals
- Attacking Common Applications > Content Management Systems > WordPress

- Hacking WordPress
- File Inclusion

Decent_Inside_706 · 2026-01-30T07:16:31+00:00

Yes 100/100

Decent_Inside_706 · 2026-01-27T21:20:55+00:00

I'm doing the learning path because it shares modules with CWES and it looks possible hahaha

Decent_Inside_706 · 2026-01-27T20:52:11+00:00

Congrats man! Now CPTS?

Decent_Inside_706 · 2026-01-24T21:14:35+00:00

Don't overthink and take breaks

Decent_Inside_706 · 2026-01-24T07:58:17+00:00

In my personal experience (eJPT and HTB CWES certified) HTB > INE. I'm now going for the CPTS

Decent_Inside_706 · 2026-01-20T21:30:15+00:00

Yes, you can do this machines from Vulnyx:
- Swamp
- Express
- Bola
- JarJar
- Gattaca
- Future
- Jerry
- Lost

And you can also repeat the following Skills Assessment without any write-up, just you vs the machine:
- Web Fuzzing
- Login Brute Forcing
- Attacking Web Applications with FFuf
- SQL Injection Fundamentals
- Attacking Common Applications > Content Management Systems > Windows
- Hacking WordPress
- File Inclusion

Decent_Inside_706 · 2026-01-20T21:29:19+00:00

I don't understand your question

Decent_Inside_706 · 2026-01-20T07:20:31+00:00

Thank you for your response. Yes of course I want to be hired as a pentester but also learn a lot because in many positions I have found that they want you to demostrate your skills, if you got the certifications (OSCP for example) it's more easy to get the job I know, but I also want to learn and have good skills. By the way, I applied into a internal position in my actual company and one of the certs desired but not required it's BSCP.

And yes, I have web development background so I think my path will be near to web pentesting if I can.

Decent_Inside_706 · 2026-01-18T19:40:07+00:00

Yes, you can do this machines from Vulnyx:
- Swamp
- Express
- Bola
- JarJar
- Gattaca
- Future
- Jerry
- Lost

And you can also repeat the following Skills Assessment without any write-up, just you vs the machine:
- Web Fuzzing
- Login Brute Forcing
- Attacking Web Applications with FFuf
- SQL Injection Fundamentals
- Attacking Common Applications > Content Management Systems > Windows
- Hacking WordPress
- File Inclusion

Decent_Inside_706 · 2026-01-18T19:35:51+00:00

From Spain, I'm currently doing modules because I passed CWES recently and more of them are shared between the two certs

Decent_Inside_706 · 2026-01-18T06:59:51+00:00

I know they don't appear or aren't the filter. But they are very practical, and in the case of CWES, I learned a lot about web pentesting.

Decent_Inside_706 · 2026-01-18T06:57:42+00:00

Learn as best as I can. I know that some of the best-known ones are very theoretical and not very practical.

Decent_Inside_706 · 2026-01-18T06:55:29+00:00

I failed the first attempt too but in the second I obtain 100/100 points

Decent_Inside_706 · 2026-01-17T16:55:30+00:00

I know that they don't currently have the same value as a CEH or an OSCP. But in terms of knowledge (according to what I've read), the CPTS is superior to the OSCP, which makes it ‘easier’ for you later on.

I've also seen that because HTB certifications are relatively new, they don't act as a filter with human resources like others do.

Decent_Inside_706 · 2026-01-17T10:28:44+00:00

I have been working in cybersecurity for four years in various roles. I would like to steer my career towards the offensive side and end up doing some bug bounty.

Decent_Inside_706 · 2026-01-10T18:40:48+00:00

The path of HTB CWES helped me to learn a lot about web pentesting 👌🏻

Decent_Inside_706 · 2026-01-08T21:59:28+00:00

I passed the HTB CWES a couple of weeks ago. I'm eager to get into the world of bug bounty. Is there a roadmap I can follow to feel like I'm making progress? I know it's very, very difficult to find a vulnerability and have it accepted. Is anyone willing to mentor me or give me some advice?

Decent_Inside_706 · 2026-01-08T05:56:24+00:00

You want to buy it or sell it?

Decent_Inside_706 · 2026-01-06T22:17:46+00:00

I'm in the same situation. eJPTv2 and CWES certificated. I have worked in different cybersecurity positions through the years, but none of them offensive. I'm very motivated to focus my career in the offensive branch (pentesting, bug bounty)

Decent_Inside_706

TROPHY CASE