My CRTP Certification Journey
February 10, 2024
Intro
I signed up for the CRTP course during the Diwali sale which costs me $199 that includes the lifetime access of the course materials, 30 days lab access & one exam certification attempt.
CRTP Certification
Course & Lab
As I already have background of pwning active directory infrastructures in my day to day job, I decided that 30 days lab will be enough for me. The course material is packed with the video content, slides & the lab manual. The key point of the course is you can activate the lab anytime within 90 days of the purchase. So, i made a plan to finish watching the videos & then dive into the lab environment.
I started watching the course videos & started taking notes. The course is taught based on the assume breach methodology, having an access to a user machine as an initial foothold. The course taught the active directory enumeration, local privilege escalation, domain privilege escalation, domain persistence and dominance, cross trust attacks, forest persistence and dominance in the attacking side. The course also covers the defenses & deception part which is also the important part. The course heavily relies on the powershell tools for the enumeration. For the exploitation & persistence part tools such as Mimikatz & it's various implementations, Rubeus etc were in used. The instructor of the course (Nikhil Mittal) explains each & every concepts, scripts, tools etc in very understandable manner. Although, the course is focused in the Active Directory Attack & Defenses, the course also provides the covenant (Command & Control) C2 framework lab manaual to play in lab environment & also covers the red teaming concepts such as OPSEC, MDI detection & bypass & recently they have introduced the beta version of EDR bypass in their course.
I enjoyed the course a lot since I can relate the content taught in the course with my day to day work. After i completed watching course videos, I sent a mail to the lab team to activate my lab environment. The value of this course is indeed a lab environment where you can play around. I suggest anyone taking this course to note down each & every thing learned during the course & the lab environment that will help you to refer to the notes during the exam or in the real assessment. I used the notion for my note taking & below is the overview of my note structure.
Notes Structure
During lab time, we might stuck sometimes, don't worry. Refer to the lab manual & understand what's wrong with your approach. Don't just blindly ran the tools, knowing tools & context is necessary.
Although, this is the beginner course focused on the active directory exploitation, but to the anyone who is new to the field they can get overwhelm going through the vast structure of the course content. Having a full time day job, I managed to spent 4 to 5 hours on a daily basis during the preparation of the course. I planned to dive into the Covenant C2 lab manual provided in the course to play around with the C2 framework, but i ended up procrastinating till i lose the lab access. I recommend anyone interested in red teaming to spend time playing around the Covenant C2 lab manual, since there is no other course providing a C2 in AD lab environment at this price range.
Exam
After the lab access is ended, I decided to attempt for the CRTP exam. As instructed by the altered security the exam consists of 5 machines in total excluding the one machine provided to us as initial foothold or basically a jump server. In order to pass the exam, we need to compromise the full 5 machines in 24 hours & provide a neat report about our methodology.
On the early morning of the Jan 27, I started the exam around 6:30 NPT. I had already prepared the necessary tools & my notes ready for the exam. Since, the provided machine doesn't contain any tools, we need to transfer our tools to the exam VM.
Please, note both lab & the exam can be accessed through the VPN or the Guacamole. I just go through the Guacamole during both lab & the exam time.
After successfully transferring the tools, I started the enumeration following the methodology taught in the course. To be honest, exam was straightforward for anyone who follows the methodology taught in the course. In my case, I struggled with troubleshooting the tools & exam environment sometimes got disconnect in the middle, that was only issues I faced during the exam. You can directly connect exam lab support team via discord or mail if any difficulties faced during the exam. After spending around 11 hours I completed the exam & start revising the notes in the notion that I prepared for the report during the exam.
After well structuring the report, I submitted it to the lab support team. On the Jan 29, I got the message from Altered Security team that I successfully passed the exam.
Exam Passed
Final Thoughts
Anyone asking if CRTP certification worth time & money?
I will say that completely depends on the what your background is, what you want to achieve etc. In context of me, I find active directory exploitation as a very good skillset to have, since i face the AD environment most of the time during the internal network infrastructure assessments. Also, there is no doubt in this price range there is any other training available in the market providing such a good content & mostly the lab environment. Even thought the course is well structured & provide the details on everything taught there, I let myself to explore around the internet that helped me during the preparation of the course. if this will help you don't forgot to check the resources below.