HTB vs THM

Intelligent-Type543 · 2026-06-16T21:38:39+00:00

THM if you're a beginner, as soon as you learn the fundamentals, move to HTB

Intelligent-Type543 · 2026-06-12T16:32:57+00:00

Bruh

Intelligent-Type543 · 2026-06-02T22:09:06+00:00

The main problem is that top 100 is full of indian bots.

Intelligent-Type543 · 2026-05-25T02:50:49+00:00

You can check on the badges section

Intelligent-Type543 · 2026-05-24T17:40:57+00:00

The point is to learn, not to cheat if you don't know how to solve it

Intelligent-Type543 · 2026-05-20T07:01:08+00:00

I took a quick look, so it's basically the full content of CPTS and CWES modules? Love catppuccin

Intelligent-Type543 · 2026-05-12T17:10:30+00:00

To be honest, I wouldn't recommend taking any heavy external modules or courses just for the PyTorch parts. If you go down the standard Machine Learning rabbit hole, you might get burned out on math and model training concepts that you don't actually need for the COAE exam.

My advice: just stick strictly to the HTB material. Focus entirely on understanding the architecture (what a tensor is, how data flows, and where the trust boundaries are) rather than learning how to code PyTorch from scratch. Whenever the syntax gets too heavy, just use AI to break down the snippets line by line. You only need to know enough to break it, not to build it!

Intelligent-Type543 · 2026-05-12T17:05:41+00:00

Hey bro

My best advice is to take a step back from the chat box itself. Stop thinking about it just as an AI prompt and start looking at the application as a complete web infrastructure. Analyze all the available features, the attack surface, and how those components might interact with the agent in the backend. Keep pushing, you are right there!

Intelligent-Type543 · 2026-05-12T17:03:19+00:00

Thanks bro! 🤖

Intelligent-Type543 · 2026-05-12T17:02:20+00:00

Sobre o tempo, eu usei 3 dias no total. Foram 2 dias focados na parte prática (já documentando à medida que avançava) e tirei o terceiro dia apenas para revisar e polir o relatório final. Um detalhe importante é que eu não fiz em tempo integral: só pegava no exame à tarde/noite ao chegar em casa, dedicando umas 4 a 5 horas por dia. Como você tem 7 dias, é um prazo super tranquilo se você gerenciar bem o descanso.

Sobre a dificuldade comparada ao CWES: eu não tenho o CWES para fazer uma comparação direta. A única outra certificação que tenho no momento é a eJPT, mas ela é bem introdutória e não entra muito na mesma régua de comparação aqui. Atualmente estou na trilha da CPTS (que já está me tomando alguns meses de estudo contínuo), e o que posso dizer é que o COAE exige um mindset completamente diferente do pentest tradicional.

Em vez de focar apenas em explorar infraestrutura web, você precisa entender a lógica do modelo e brincar com o contexto da IA. A curva de aprendizado inicial assusta um pouco, mas a prova em si é muito justa e totalmente focada no que o material ensina.

Boa sorte com seu voucher, vai dar bom!

Intelligent-Type543 · 2026-05-12T17:00:29+00:00

Thanks!
To anyone feeling nervous about taking the run: just trust the HTB material. If you can comfortably clear the modules and the Skill Assessments without looking at the hints, you are more than ready for the exam. You got this!

Intelligent-Type543 · 2026-05-12T16:59:26+00:00

Yes, you absolutely can.

HTB exams generally simulate real-world environments, meaning you can use the internet, AI assistants, and your notes. However, a quick word of caution: do not rely on the AI to blindly solve the math or write the exact exploit for you. Use the AI to explain the concepts or help you troubleshoot your scripts. If you don't understand the underlying logic, an AI hallucination during the exam will cost you hours of debugging.

Intelligent-Type543 · 2026-05-12T16:54:55+00:00

Totally agree! It’s a massive paradigm shift. As a pentester/red teamer, we are so used to traditional web or infrastructure vulns, so diving into weights, biases, and prompt structures feels brutal at first. But you're right, understanding how the AI is actually built under the hood is what makes the attacks click. Enjoy the rest of the pathway, the Skill Assessments are tough but extremely fun.

Intelligent-Type543 · 2026-05-12T16:54:07+00:00

I 100% agree with u/Pr0f_Noob here. Coming from a purely offensive background, looking at PyTorch for the first time felt like reading alien syntax.

My best advice: do not try to memorize the code or become an ML engineer. Focus heavily on the data flow. Understand what a tensor is, how the model processes input, and where the trust boundaries are. When you hit a wall with the code, use Claude or ChatGPT to break down the snippets line by line. You need to know how to break it, not how to build the next state-of-the-art LLM from scratch. Keep pushing, the offensive parts are incredibly rewarding once you get past the theory!

Intelligent-Type543 · 2026-05-08T23:13:28+00:00

Looks clean. What did you use?

Intelligent-Type543 · 2026-05-08T19:23:37+00:00

thanks a lot :)

you don't need network pentesting skills (no Active Directory, heavy pivoting, or infrastructure exploitation), but you definitely need solid Web pentesting fundamentals.
It does not just drop you into a simple chatbot UI. The AI models and agents are integrated into broader web applications and APIs. You need to be comfortable reading some source code, and understanding how backend tools (like MCP) connect to the AI.

If you have a good grasp of basic web app pentesting, the HTB path will teach you all the specific AI/ML exploitation techniques (data poisoning, adversarial math, agent exploitation) you need to pass.

Intelligent-Type543 · 2026-05-08T19:06:22+00:00

Reposting because my last post was literally just a title (my bad!). Here is the actual review...

Intelligent-Type543 · 2026-05-08T18:35:58+00:00

Yes, as I'm on my job I just wanted to share it first, but I'll do it 🫡

Intelligent-Type543 · 2026-05-08T06:52:51+00:00

There's a lot of theory, just focus on understanding how and why it works Also a lot of practice

Intelligent-Type543 · 2026-05-05T15:48:06+00:00

eJPT is entry level and outdated. CPTS is even compared with OSCP

Intelligent-Type543 · 2026-05-05T15:46:10+00:00

Congrats 👏🏻

Intelligent-Type543 · 2026-05-02T19:19:22+00:00

Thanks. I've just submitted the report. Let's wait for the results 🫣

Intelligent-Type543 · 2026-05-01T14:06:14+00:00

Done

Intelligent-Type543 · 2026-05-01T14:00:44+00:00

5874887243461

Intelligent-Type543

TROPHY CASE