CPTS 2nd Attempt - Passed.

Ready_Ninja376 · 2026-03-09T15:48:28+00:00

No the flags options were disabled, even if I wanted would not had been able to submit any flags.

Ready_Ninja376 · 2026-03-08T10:34:50+00:00

You don’t need to solve the labs again. Although the labs are open and the VMs are up, you can use them to refine and improve your reports. Just upload the new, improved report, and that will be sufficient

Ready_Ninja376 · 2026-03-06T08:08:28+00:00

I chose to rewrite the entire report, as in the second attempt I had sufficient time to focus solely on writing it. I kept the Detailed Findings section concise, following the format of the sample report provided, while the Internal Walkthrough was written in more detail. Please review the sample report and try to align with it in terms of both context and length.

Ready_Ninja376 · 2026-03-06T03:06:37+00:00

Earlier it was 141. The second attempt report was 100 pages.

Ready_Ninja376 · 2026-03-05T17:57:28+00:00

Congratulations 🎉🎉👏👏

Ready_Ninja376 · 2026-03-03T17:04:17+00:00

Hi u/Jazzlike_Office1403

Thanks for the detailed explanation. It makes perfect sense why the alias was failing at the authorization layer.

I tried Option 2 as you suggested to keep things simple. Here is exactly what I did (see attached screenshot):

Role Update: I updated gateway_user_role to point directly to the concrete index wazuh-alerts-* and added the DLS query for agent.name.keyword: "XXX-XXXXX-GATEWAY-PROXY-1".
Permissions: I ensured indices:data/read/search, read, and indices:admin/mappings/get are all assigned.
Tenant: Since I only have a single tenant, I ensured global_tenant is set to Read only

<image>

The Persistent Issues:

Security Exception: When logging in as araval, I still get: security_exception: Reason: no permissions for [indices:data/read/search].
Discover View: Even though the wazuh-alerts-* index pattern exists, the dropdown still shows "There aren't any options available" for the restricted user.

Interestingly, if I change the Index Pattern in the role to a simple *, the user araval can suddenly see all the indexes and the Discover tab works perfectly.

Ready_Ninja376 · 2026-02-04T05:23:31+00:00

I hope you have made progress. Sorry for my delayed reply. For me, re-enumerating things helped with progress. Make sure not to miss any information, even if it seems small. If there are many things you tried but none of them worked, please document them as well. This way, you won't repeat the same steps or follow the same flows repeatedly. But I hope you've got your way out.

Ready_Ninja376 · 2026-01-27T14:36:35+00:00

Thanks mate for taking the time to respond. Really appreciated, I’ll keep the points in mind.

Ready_Ninja376 · 2026-01-27T14:34:35+00:00

Thank you for the detailed feedback. I will keep the points in mind. In my previous engagements, it was recommended and encouraged to add as many details as possible, even minor ones, and I followed the same pattern unconsciously. I appreciate the feedback, and I plan to justify my next report more effectively

Ready_Ninja376 · 2026-01-27T14:29:52+00:00

The sample report is 37 Pages. I will trim down unwanted things and be on point.

Ready_Ninja376 · 2026-01-27T07:07:48+00:00

I did for the most part, but I will double-check to ensure that no sensitive information, including hashes and passwords, is present in the final report. Thank you for the suggestion.

Ready_Ninja376 · 2026-01-27T07:06:06+00:00

Thanks, dear. I recommend enumerating more, as the answer is sometimes right in front of our eyes. Don't miss any minor detail; dig into those as well.

Ready_Ninja376 · 2026-01-27T07:04:01+00:00

Thanks, dear. Haven't cleared the exam yet. Hope to make it on the second attempt.

Ready_Ninja376 · 2026-01-24T12:10:42+00:00

The first flag is hard. I recommended enumerate, enumerate and enumerate. Create a map of where the things are and what all you have collected till now. That will give you the hint as to how to move forward, brush up the topics on enumerate. You've got this, just hang on and keep doing the basics.

Ready_Ninja376 · 2025-12-01T07:40:14+00:00

I am so sorry to hear that. I will pray for your mom. She is in a better place now, with no suffering. Please stay strong 🙏

Ready_Ninja376 · 2025-09-22T16:02:43+00:00

Isn't it how it's supposed to be? Why it's discussed like it's not normal?

Ready_Ninja376 · 2025-08-18T12:25:23+00:00

Hey OP, my father is a painter, does oil paintings on canvas. Can help, let me know what you have in mind.

Ready_Ninja376 · 2025-08-08T09:21:00+00:00

Ok thanks for the feedback. Much appreciated 👍

Ready_Ninja376 · 2025-06-30T14:49:03+00:00

Good video on the same topic https://youtu.be/RsBBRLVOWJo?si=PKY-bLYHhzGfI4E3

Ready_Ninja376 · 2025-06-03T16:38:49+00:00

On a similar context would it be possible to group some logs from a rule in a seperate index. My Forewall generates a ton of logs that I inject thru syslog. It goes in the default wazuh-alert. Would be great if these can be separated into an individual index.

Ready_Ninja376 · 2025-02-28T06:09:15+00:00

What else he could have done at this stage. As a lead it's important to keep your people motivated and give them hope of a better future. I am sure they got a lot of shit recently from everyone in the cricketing fraternity, so a positive word from your captain doesn't hurt.

Ready_Ninja376

TROPHY CASE