2023-06-25

cbbh review and guide

CBBH Review and Guide

after a few years since i got the oscp in 2021 and a ton of other certs, i decided to start writing reviews and personal guides to how others can succeed.

what is the cbbh

the cbbh or certified bug bounty hunter by hackthebox is a certification that teaches a student web exploitation. this includes all the main topics of web exploitation such as all the injections, inclusions and more.

this really focuses on honing a users skill at identifying flaws and vulnerabilites in a web application and properly reporting it.

the content

the conent is absolutely amazing, it is self paced; however, you have to compelete it. you have to complete 20 modules or so at the time i took the course before being able to attempt the exam. this content is in the form of modules that have submodules that build the skillset from the ground up. this allows someone to start at a newbie level and build up to an intermediate level with any sort of vulnerability. this content is absolutely ground breaking when it comes to the current market. This cert competes with offsec and burpsuite and imo it beats out both of them. Since it doesn’t have to stick to burpsuite as the main tool of compromise then it can expand out and teach a variety of techniques. It also is updated daily so you aren’t stuck with a 2021 exam and course and waiting for a pdf update.

the exam

7 day exam with an idk how long period for a report to write. obviously hacking websites. the goal is code exec on all the websites on the exam. its a nice environment, highly recommend.

who should get the cbbh

anyone that is interested in web exploitation. it is a very fun course and exam and i can confidently say it changed the way i look at webapplications in general. its very very good and will take you skill wise to the next level. I don’t think it will improve your resume at all though at it’s current stage. this is because its not very well known to recruiters so they will probably not understand how intricate and difficult it really is.

how to prep

do hack the box

do all the modules, multiple times over. i had to do all the modules twice. i did them the first time around then went back after finishing them all and did the skill assessments again which are mini exams at the end of each module. this helped me freshen up the older content as the new content usually pushes those out of my brain.

use the search feature

while taking the exam, you can use academy’s search feature to search whatever you like from the course. so if you see and lfi for example you can search lfi and see the many techniques that they teach very quickly.

conclusion

get the cert, its fun, challenging, and rewarding all at the same time.

best, gerbsec