cert-journeycweshtbweb

How I Conquered the HTB CWES Exam in 3 Weeks


CWES cert

First of all, I’m proud to say that I’m one of 1662 users who earned CWES certification (also known as CBBH before) from HTB.

From Active Directory to Bug Bounties

So I just got my CRTP cert and was itching for what’s next. I’d been living in the world of Active Directory for a while and wanted to switch it up. Web stuff? Bug bounties? That sounded awesome.

That’s when I saw Hack The Box’s CWES certification. Perfect fit. But then I had a crazy idea: could I do it in just three weeks?

Turns out, I kinda could. I had a secret weapon — I’d already half-finished the Bug Bounty Hunter path on HTB a while back. I was already 50% there! I paid the $218 for the path and exam and locked in.

My Prep: Trusting the Process

My game plan was simple: finish the BBH path. The cool thing is, the same people who made the path made the exam, so you know you’re learning the right stuff.

My real advice:

  1. Actually Learn the Modules — Don’t rush. Get the concept, not just the steps.
  2. Take Your Own Notes — HTB’s cheat sheets are cool, but writing your own stuff makes it stick.
  3. Re-do the Skill Assessments — They teach you the exact mindset you need.

The Exam: Emotional Rollercoaster

The exam has two parts: hacking for flags, and then writing a report. The hacking part has 10 flags, you need 8 to pass.

The First 24 Hours: Pure Panic — I logged in and hit a wall. Nothing. For a full day, zero flags. I was already thinking about how I’d explain failing my first attempt.

The Turnaround — On day two, I forced myself to chill out and look at things differently. Then… BAM! First flag. 20 minutes later, another one. Once I got the vibe, I kept going.

The Big Realization — The key is to think outside the box. If something isn’t working, your first idea is probably wrong. You gotta get creative.

The Win!

I ended up with 9 flags — an 85/100. More than enough to pass. I was so burned out after four straight days that I didn’t even bother with the last flag.

Then came the report. I used Microsoft Word (not fancy tools). The tool doesn’t matter — clearly explaining what you found is what counts.

I submitted and the next day I got the email… I PASSED!

CRTP badge Pass email

Going from AD to web exploitation in a few weeks felt incredible.

Tips for CWES

  • Trust the BBH path — it teaches you what you need
  • Write your own notes
  • Don’t quit when frustrated — the breakthrough is coming
  • Get weird with it — if your first idea fails, try something else

Good luck! You got this.