Certified Red Team Professional (CRTP) - Review 🚀

Foued SAIDI Lv4
  2023-12-22 15:24:36 2023-12-22 15:24:36 Created   2024-12-27 11:42:46 2024-12-27 11:42:46 Updated    

CRTP Overview

Hello Everyone, I am Foued SAIDI. I work as a Security Engineer @Security Impossible.
I have just passed the Certified Red Team Professional (CRTP) exam and I would like to share my feedback about this Certification and a few tips for those who plan on passing it.

Everything that is mentioned in this blog post or this blog is only for educational purposes

Certified-Red-Team-Professional-CRTP
Certified-Red-Team-Professional-CRTP

First of all, The Certified Red Team Professional (CRTP) is a completely hands-on certification. To be certified, a student must solve practical and realistic challenges in our fully patched Windows infrastructure labs containing multiple Active Directory domains and forests with Server 2022 and above machines within 24 hours and submit a report. The certification challenges a student to compromise Active Directory by abusing features and functionalities without relying on patchable exploits.

I consider achieving this certification to be a worthwhile investment. It is reasonably priced at $249, which includes a 30-day lab access and one exam attempt. In case of failure, the retake fee is also reasonable, at $99.

I decided to take this course because I wanted to get more in-depth into the world of Penetration Testing and Red Teaming since Active Directory is widely used by many Large Companies.

Course Contents

Regarding the course contents, we learned about Active Directory, its’ features, AD Enumeration, tools used for exploiting it and how to mitigate the risks and vulnerabilities.
The course was easily understandable and comprehensive and I really enjoyed it. It made me understand some concepts that were really difficult when I tried to get to know Active Directory on my own.

Course Lab

As for the provided course lab (duration of 30 days with the 249$ plan), I really liked how stable it was. I didn’t encounter any issues while targeting the lab environment and the connections to the remote servers were smooth (just make sure to connect to your closest server geographically).
One more thing I want to mention is how responsive the AD Lab support team was. They typically answer in anywhere between 15mn to 45mn which is really great, and keep following up until your issues are resolved.

Exam Environment

The exam is a 24 hours completely hands-on experience. Once started, the exam lab runs for 25 hours. You get an additional hour to compensate for the lab setup time of 10-15 minutes.
The exam lab has 5 target servers which are spread across domains and have different configurations and applications running on them.
The goal of the exam lab is to get OS command execution on all the the target servers, not necessarily with administrative privileges.
You must submit a detailed report within 48 hours of your exam lab time expiry.
The report must contain detailed walk-through of your approach to compromise a box with screenshots, tools used and their outputs.
You may also use any other tools of you choosing, even custom tools, but you need to explain it all in your report. Extra points will be given to your report if you include practical mitigations, talks, blogs posts and articles. That is what I did.

As for me, I managed to hack the whole infrastructure in only 4.5 Hours, and then an additional 4 Hours to write a detailed report about it. So it took me around 9 Hours overall.

Time Management

One thing that those who think of passing the CRTP exam should give a really good thought to, is time management. Since you only have 24 hours to compromise the infrastructure and make screenshots of the steps you have taken.
Personally I am not the best to ask on this point since it took me around 9 Hours to compromise the exam lab and to write the report on it.
But one thing I could advise you to do, is to try and avoid rabbit holes and don’t get too stuck on a single endpoint or vulnerability (or something you might think is vulnerable), everything on the course material will be on the exam lab and you don’t have to look for any vulnerabilities that you did not study for.
You have 5 targets and if you feel that sometimes you’re not getting anywhere, just restart the infrastructure as some misconfiguration or error might occur.

Practical Tips

Some tips that will help you alond the way:

  • Take notes, they will REALLY help you while studying.
  • If you feel too stuck, try restarting the machines. Errors may occur.
  • Remember to get some sleep or to take a 10mn walk if you feel stuck, it can really refresh your mind.
  • Review your course notes and lab notes before passing the exam, also keep them open on the side for easy access
  • Stay hydrated :=)

Personal Opinion

I really loved the CRTP exam. Great course material, responsive lab support team, stable infrastructure both for the course and exam lab. It is a great Certification for anyone looking to get into Active Directory Security as it includes everything you need to get started.
And I will totally be going for the CRTE (Certified Red Team Expert) Certificate also from Altered Security really soon.
Stay tuned for my series about Active Directory Security on my blog. Hope you enjoyed this blog post, and see you soon!

  • Title: Certified Red Team Professional (CRTP) - Review 🚀
  • Author: Foued SAIDI
  • Created at : 2023-12-22 15:24:36
  • Updated at : 2024-12-27 11:42:46
  • Link: https://kujen5.github.io/2023/12/22/Certified-Red-Team-Professional-CRTP-Review/
  • License: This work is licensed under CC BY-NC-SA 4.0.
On this page
Certified Red Team Professional (CRTP) - Review 🚀
  1. CRTP Overview
  2. Course Contents
  3. Course Lab
  4. Exam Environment
  5. Time Management
  6. Practical Tips
  7. Personal Opinion