Certified Azure Red Team Professional (CARTP) - Review 🚀

Foued SAIDI Lv4
  2024-12-27 12:16:16 2024-12-27 12:16:16 Created   2024-12-27 12:16:16 2024-12-27 12:16:16 Updated    

Introduction

Hey again everyone! This is Foued SAIDI: I am a Security Engineer, holder of CRTP and CARTP professional certifications, ranked within the top 100 WorldWide on Hack The Box platform for the year 2024.

I have recently just passed my Certified Azure Red Team Professional (CARTP) certification and I would like to share my feedback regarding it along with a few tips for anyone planning on passing it.

CARTP Overview

Certified Azure Red Team Professional
Certified Azure Red Team Professional

First of all, the Certified Azure Red Team Professional (CARTP) is a completely hands-on security certification. In order to be certified, the student must solve practical and realistic challenges in a multi-tenant Azure cloud environment.

What I really like about Altered Security certifications, is that they only rely on real-life misconfigurations and vulnerabilities and feature abuse. Not some unrealistic “CTFy” stuff.

I consider achieving this cert a huge worthwhile investment as it is reasonably priced at 449$ (compared to some other pricy certifications with less provided value) which includes a 30-day lab access alongside lifetime access for the course material and 1 exam attempt. In case of failure, the retake fee is also a reasonable 99$.

Course Content

Regarding the course content, we were provided with access to an Altered Security platform which has google drive and onedrive links to all the contents: Course videos, learning objectives walkthroughs, a full Lab Manual, course pdf, diagrams describing all attack paths for the course and finally a zip file containing all the necessary tools for the lab.

Course Lab

As for the provided course lab (duration of 30 days with the 449$ plan), I really liked how stable it was. Every issue I thought I had with the lab, turned out to actually be a mistake from my side haha. I would also like to really thank the support team, they are REALLY available 24/7, the latest they have ever answered me was after 45mn. They are really helpful, respectful, patient and know what they’re doing.
I didn’t encounter any issues, latency or lag whatsoever (just make sure to choose the closest location to you geographically when choosing your server access).

Exam Environment

The exam is a 24 hours completely hands-on experience. Once started, the exam lab runs for 25 hours. You get an additional hour to compensate for the lab setup time of 10-15 minutes.

“The exam lab has 5 Azure resources, 2 Azure AD Users and 2 Enterprise Applications which are spread across two tenants. You get access to a VM and that VM doesn’t count as a valid target.”

You can reboot your exam machine that you’re using or the lab environment (maximum 2 tries).

The goal of the exam lab is to compromise all the resources and get the final flag.

A detailed report of the engagement must be reported withing 48h of the exam attempt ending (which is a very good time to allow you to get some rest). As for me, after my previous experience with CRTP I figured to just start writing the report in parallel while attempting the exam: that allowed to me stay organized and not miss any details. (I’m also a bit lazy to write it without lab access later haha)
I managed to compromise the whole infrastructure and finish the report in around 9.5 hours. Note that during that time I took two 15-minute breaks, had lunch and dinner, prayed my 5 prayers (priorities of course). So the 9.5 hours were not fully for the exam only.

Time Management

One thing that those who think of passing the CARTP exam should give a really good thought to, is time management. Since you only have 24 hours to compromise the infrastructure and make screenshots of the steps you have taken.

One thing I could advise you to do, is to try and avoid rabbit holes (there isn’t any but still) and don’t get too stuck on a single endpoint or vulnerability (or something you might think is vulnerable), everything on the course material will be on the exam lab and you don’t have to look for any vulnerabilities that you did not study for.

Practical Tips

Some tips that will help you alond the way:

  • Take notes, they will REALLY help you while studying and you can get back to them anytime.
  • If you feel too stuck, try restarting the machines. Errors may occur.
  • Remember to get some sleep or to take a 10mn walk if you feel stuck, it can really refresh your mind.
  • Review your course notes and lab notes before passing the exam, also keep them open on the side for easy access.
  • Stay hydrated :=) (seriously haha)

Personal Opinion

I really loved the CARTP exam. Great course material, responsive lab support team, stable infrastructure both for the course and exam lab. It is a great Certification for anyone looking to get into Azure and Cloud security.
I will hopefully be getting back for CRTE/CARTE (expert) certifications, also from Altered Security.
Stay tuned ! Hope you enjoyed this blog post, and see you soon!

-0xkujen

  • Title: Certified Azure Red Team Professional (CARTP) - Review 🚀
  • Author: Foued SAIDI
  • Created at : 2024-12-27 12:16:16
  • Updated at : 2024-12-27 12:16:16
  • Link: https://kujen5.github.io/2024/12/27/Certified-Azure-Red-Team-Professional-CARTP-Review-🚀/
  • License: This work is licensed under CC BY-NC-SA 4.0.
On this page
Certified Azure Red Team Professional (CARTP) - Review 🚀
  1. Introduction
  2. CARTP Overview
  3. Course Content
  4. Course Lab
  5. Exam Environment
  6. Time Management
  7. Practical Tips
  8. Personal Opinion