It’s been a while since I wrote a blog. This blog is to describe my journey of Pentester Academy’s Certified Red Team Professional (CRTP) course. Few months back Offensive Security updated their PWK course. When I was going through the updated course content, I honestly felt that I made a mistake opting for PWK in 2019 and that I should have done it in 2020. The major changes in course material was the addition of Active Directory and PowerShell Empire modules. I wanted to gain better understanding of the Active Directory security so I took the course.
About the Course!!!
Let me get this out there that this is First of the three-part certification journey for Red Teamers. This course is designed for n00b’s to start Red Team assessments. This course is informational and very helpful to people who do not have basic knowledge on how to approach an Active directory compromise assessment. This course will surely help you in that. This is a cheap certification as compared to other cyber security certifications out there. And when you are stuck at home during this pandemic with lots of time you surely can spare 3 hours on this.
Once you have selected a date to start your labs. You will receive a link to download the course videos and PDF’s. You will also be given 2 ways to connect to the foothold machine i.e. VPN (RDP based) or Apache Guacamole (Browser based). The videos are about 10 -12 hours if you watch it on 1.3x speed :P Try and make notes it helps. This helped me in my exam time a lot.
## 23 Learning Objectives, 59 Tasks, >120 Hours of Torture :)
The objectives are pretty straight forward and fairly easy to do. I would recommend every one should solve them. The lab exercises will help you to grasp the concepts far quicker than the reading material and videos. In fact, it’s more about muscle memory and a methodology that you’ll develop along the way. The lab has all the software and scripts needed to advance in the network.
I followed my OSCP strategy on appearing for the exam. I scheduled my exam after 18 days. By then I had completed all my course videos and lab exercises. The exam was for 24 hours. I had good idea on this due to my previous certification. I was a bit worried when the e-mail for my exam mentioned that the exam machine won’t have any tools and .Net 3.5 not being installed on the server.
Once I got the connection, I uploaded all the tools that were required and began my exam. I compromised all the targets. The first hurdle was a bit tricky rest of the exam was straightforward and easy to figure out. Once I was done with my exam, I started making reports. Starting the report just after the exam time helps as the write up is fresh in mind.
I am very satisfied with the course. Thanks you @Nikhil Mittal, @Vivek Ramachandran & @Pentester Academy. I will definitely recommend this course to anyone who wants to get better understanding on active directory attacks and insider attack simulations.
Read more about Red Team assessments.