CRTP — Certified Red Team Professional Review

Introduction:

Greetings, Cyber enthusiasts! Sanaullah Korai, a Cybersecurity Consultant at Rewterz, here to share my firsthand experience with the Certified Red Team Professional (CRTP) certification. In this detailed timeline review, I’ll walk you through the course structure, lab access, exam challenges, and valuable tips for success.

Before CRTP:

Before diving into the CRTP certification, I opted for the on-demand version of the course, which included 30 days of lab access for a reasonable $249. The course, an integral part of the Attacking and Defending Active Directory Lab by Altered Security, promised a fully hands-on experience. After purchasing, I recommend taking the time to complete the course first before delving into the lab.

Course Material:

The course, divided into four videos, each spanning 3 to 4 hours, is instructed by Nikhil Mittal, the founder of Altered Security. Nikhil’s teaching style is beginner-friendly, making it accessible to individuals regardless of their familiarity with Active Directory or PowerShell. The course covers critical topics such as domain enumeration, local and domain privilege escalation, lateral movement, and defense strategies.

Lab Experience:

The heart of the CRTP lies in its lab environment. Accessible via VPN or browser, the lab is a fully patched Windows infrastructure with multiple domains and forests. With 30 days of access, the lab proved to be a valuable resource. All required tools are pre-installed, and the environment offers 40 flags to discover. I emphasize the importance of spending ample time in the lab, not just for exam preparation but for truly understanding the nuances of exploiting an Active Directory environment.

CRTP Exam:

The exam is the culmination of the skills acquired during the course and lab sessions. With a 24-hour window, candidates aim to achieve OS command execution on all target servers without relying on administrative privileges or patchable exploits. The exam environment mirrors the lab setup, providing a seamless transition.

Exam Day (Sunday, 10:00 AM):

- Local privilege escalation was straightforward.
- Initial hiccups gaining shell on the first machine but overcome with thoughtful consideration.
- OS command execution achieved on three servers within two hours.
Stuck on the fourth server, realized the importance of proper enumeration.
- Compromised all five machines in around four hours with screenshots and draft report.
- Took a break, went for dinner, and a walk.
- Report included detailed descriptions, access gained, steps to reproduce, PoCs, remediation, and references for all vulnerabilities.
- Submitted the report around 11:00 PM (Sunday).

CRTP Certificate:

Successfully completing the exam resulted in the well-deserved CRTP certificate.

Tips for Success:

1. Go through the course at your own pace; make notes on all covered topics.
2. Understand all commands used in the lab manual.
3. Create a cheatsheet with commands used during the practice lab.
4. Stay calm and focus on enumeration.

Conclusion:

The CRTP certification, coupled with the Attacking & Defending Active Directory Lab, offers an affordable and invaluable learning experience. Highly recommended for anyone venturing into Active Directory exploitation. Kudos to Nikhil and the team for providing a top-notch course.

If you’ve stuck around until now, thank you for reading! Have a fantastic day!