Certified Red Team Professional (CRTP) - 2024
Introduction
- Hi everyone, I will share my journey of obtaining the CRTP and what to expect in the course and exam.
Course
The course starts off with introducing PowerShell, its built in security features and basics of active directory. The course, labs and exam mimic an assumed breach model whereby you have access to a domain joined user. You can connect to the user through the web browser or download a VPN file and RDP yourself. The course will teach the fundamentals of active directory such as organizational units (OUs), Group Policy Object, Access Control Lists (ACLs), and Domain Trusts. The attacking aspect of it like privilege escalation, abusing applications in the domain (Jenkins, MSSQL), AMSI bypass (payload crafted for you), how to evade AV by modifying tools (built for you), Kerberos based attacks (delegations, tickets, roasting) , Persistence, Forest Trust Abuse (inter and intra), Active Directory Certificate Services, and MSSQL database links are covered.
I felt the course materials were concise and clear. I read through the slides and complemented it with the videos. I recommend to watch the videos as personally I feel I learn better with videos mixed with text instead of solely relying on text. The only complaint would be some slides go through the topic too quickly without explaining it further/in more depth. However, as this course is built for beginners, it is understandable. If you require more background/wonder how or why this attack works, you should definitely Google around and read up on it.
Labs
The labs is shared with other students and resets once a day. While it is shared, I had no issues with it. The student VM does not reset, but make sure to also keep your notes on another platform. Exploiting the labs were straightforward and I had no issues, but the wording on certain objectives were unclear. This made it hard to understand what the question was asking. Looking through the Discord, sometimes a kind soul can point you in the right direction.
I like to use notion for storing notes as you can format it as markdown and easily download it as PDF or just view it online.
Exam
Starting the exam had some hiccups as the environment did not boot up for some reason. After using an hour and contacting support, the exam successfully booted and I was in. I thought that would be the end of it; however, after exploiting it halfway, I rebooted one machine and it did not boot up again. This issue took another hour away as support had to resolve it. In the end, I managed to clear the exam and get command execution on all machines.
After finishing the exam, a report has to be submitted to be evaluated. After around 3 days, I received the results that I managed to pass.
Going through the materials and labs is sufficient to pass the exam, you should try to complete the labs atleast once. However, you must still understand what is going on and have a clear understanding of what you are testing.