3 minute read

Today I got my first cybersecurity certification: the Hack The Box Certified Bug Bounty Hunter (CBBH)!

I started the process for this certification around the end of April. Hack The Box has a “Job Role Path” (basically a course) on their Academy website that students must complete before being eligible for the CBBH. The Job Role Path consists of 20 learning modules. Once the modules are done, the student can take the exam and, if they pass, get certified.

For me, completing the modules took about 2 calendar months. That said, I did a few extra modules in that time as well which weren’t part of the path, and I took 2-3 weeks off partway through for an event that I was involved with. So in the end the course was a little less than a month and a half of work.

After I completed the modules, I took a few days to do a bit more study, and then I took the exam. The exam was very hands-on, and was a week long. During that week, the student taking the exam has access to several servers that they need to compromise using the skills that they learned from the course. There were 10 flags to be captured by compromising the various systems, and 8 were required in order to pass the exam.

Along with the 8 flags, the student must submit a commercial-grade report as part of the exam. This report must describe all of the findings including severity scores, vulnerability types, description, impact, and step-by-step instructions on how the vulnerabilities were exploited.

The exam was pretty intense! It took me four days to get all of the flags, working full-time. I took a day off before using the last two days to write the report. My report ended up being 79 pages long.

There is actually a great third-party tool, sysreptor, that would have made the report much faster to create, but I didn’t know about it until after I completed the exam. It is a pentest report generator, and contains templates for the reports required by the various Hack The Box certification exams. I’ll certainly be using it for my next one!

I got my exam result back in just a few days. I think I got lucky, I know some folks waited much longer than that. HTB promises to have the results back in 20 business days or less.

Along with the reporting tool that I’m going to be using next time, there were some pretty great lessons I learned along the way.

Note Taking. I’m still working on this one. But having good notes, lists of “procedures” to try when in a particular circumstance, and quick references to go back to for various technologies is quite important. Also, during the exam, using HTB’s search function and reviewing some of the modules I had taken as part of the course was really helpful, and actually got me unstuck a couple of times.

On that note: Getting Unstuck. I feel like this is one of the more valuable things I gained experience with during the course of the modules and the exam. I got stuck several times. And it can be super frustrating! But it was extremely helpful to experience this, because I started to get used to the feeling, to be ok with the frustration, and to find ways to navigate my way to the other side. Once again, it was helpful to take good notes, be methodical, and continue to try things.

Info Gathering: I learned a lot about fuzzing, bruteforcing, and information gathering in general. I have more to learn, but I gained experience with ffuf as a tool, and searching for things like virtual host subdomains, request parameters, and new paths on the web server.

Vulnerabilities and Techniques. There are several “hard” skills that I learned through the modules as well. Like bypassing character restrictions on command injection using environment variables, using HTTP Verb Tampering to bypass restrictions, exploiting XXE vulnerabilities (which I had never dealt with before), and finding clever ways to escalate LFI to RCE (such as through log poisoning and session poisoning).

In summary, the CBBH course and exam was a great experience, and I feel like I learned and improved a lot. I’m proud of my accomplishments, and excited for the next steps. My goal is to achieve the CPTS next, which is another Hack The Box certification whose Job Role Path has significant overlap with the CBBH (so I’m almost ready to take the exam already). I think it will be a bit harder, but I’m looking forward to digging in!

Updated:

You May Also Enjoy

HTB Machine - Nocturnal Writeup

12 minute read

The Nocturnal machine on Hack The Box has a rating of “easy” and is a Linux server. Although it wasn’t too difficult, I definitely got stuck in a couple of p...

Hack The Box – Underpass Writeup

7 minute read

I’ve been doing some Hack The Box machines, and recently tackled Underpass. It is listed as “Easy”, but it helped to reinforce some basic skills.