CRTP Review
I’m very pleased to announce that I passed the Certified Red Team Professional(CRTP), from Altered Security. It was quite an enjoyable experience, appreciating not only the opportunity to reinforce my existing knowledge but also the newly gained skills.
Throughout this post, I will go through my thoughts about the learning material, the exam experience, and the final conclusion about the certificate itself.
The Training Material and Lab
The format of the learning material is nothing fancy. You will receive a zip file containing all the files, knowledge, etc. that you need in order to pass the exam. No other resources are required (looking at you, Offsec 👀..)If you pay good attention to the videos and complete the lab fully, you should be good to go….However, there are some prerequisites, imo, in order for this to apply to you:
TAKE notes, and do it thoroughly; this means writing down commands, tool syntaxes, short descriptions of topics, and so on. Finally, this is the deciding factor in whether you will succeed or fail.
Think basic, and rely on your GOOD notes.
Understand enumeration in Active Directory using manual tools like PowerView. But learn to use Bloodhound, this will give you a way better overview and save you a lot of time in the end.
Format
Regarding the format of the learning material, as of right now, the videos that are up-to-date are in the format of four 2-3 hours recordings from the Live bootcamps that they offer. This makes it very hard to track your own progress and can be frustrating at times because the instructor will interact with the live audience (kind of felt like a time waste for me). I am much in favor of the model that TCM offers, with an online platform that has short and to-the-point videos with a progress bar.
Content
Even though I disliked the format, I really liked the content and the knowledge presented in the course. It covers everything from simple enumeration in Active Directory to persistence, etc. The instructor does a good job of presenting the content, and it’s up-to-date. It’s not run this tool and see the MAGIC output; he actually goes into explaining the concepts and technologies behind the attacks. Thumbs up for that, 👍
Lab time
The lab is all-round very well built; it’s reasonable stable, a BUNCH of attacks are covered, and there is a great lab manual to support your learning (I do encourage to try and complete as much of the lab as possible without using the lab manual). I opted for 30 days of lab time, which was plenty of time for me, but this might be different, if you come into this certification with very little knowledge of Active Directory. If you are really new to AD pentesting, I would recommend going with 60 days to ensure that you have tried all the attacks at least once or twice.
The exam and reporting
I can’t say much about the exam experience without violating any NDAs. But the exam itself was in a very stable environment, and the customer support was quick and awesome. You have 24 hours to complete the given exam lab and then 48 hours to complete a written report covering your findings, mitigations, etc. I used around 6 hours to complete the lab (including raw notes and screenshots along the way). For the report, I opted to relax a bit, so I spent around 12 hours on that.
I used pwndoc to write my report. I use this tool for all my certifications, as it lets me create a library of findings and custom sections that I can use for the generic findings I discover. It’s only worth it to use pwndoc, if you keep on building your library of findings, since the tool can’t generate anything automated for you.
Conclusion
This certification is really good if you are just getting started in pentesting Active Directory, a blue teamer who wants to understand AD attacks better, or just a pentester looking to reafirm your skills or perhaps gain a few new ones. I would rate the exam level at easy/medium depending on your expereince level, and i would reccommned to everyone considering taking the certifications just to do it. Buy it, set an exam date for yourself and go nuts in the lab.
Good luck and have fun!