Table of contents
Open Table of contents
Introduction
In this blog post, I will briefly share my experience in obtaining the Certified Red Team Operator (CRTO) certification.
CRTO Overview
CRTO is a certification provided by Zero Point Security, aimed at teaching Red Teaming with a focus on Active Directory exploitation.
Course Quality
Course Content
The course is of the highest quality I have ever encountered. Compared to another certification I obtained (eCPPTv3), it is like comparing mud to gold. If you want to learn about Active Directory, its misconfigurations, and how to exploit related vulnerabilities, this is the best course to take. I won’t delve into the specific topics covered since they are detailed on the official website.
Lab Quality
While learning the course material, you gain access to a lab environment. The lab includes an Active Directory setup with attacking machines pre-installed with Cobalt Strike. This setup allows you to perform every attack covered in the course. The lab is provided via the Snaplabs platform, ensuring a seamless user experience.
Exam Quality
I won’t spoil any specifics about the exam, but I can say that the exam environment is a paraphrased and recombined version of the lab environment. It is also accessible through the Snaplabs platform. The exam is challenging, but the knowledge gained from the course is sufficient to pass. To pass, you need to capture at least 6 out of 8 flags, and I encourage you to aim for all of them.
Exam Preparation
The exam covers the material you learn in the course and practice in the lab. You are given 48 hours across 4 days to complete it, which is more than enough time to succeed.
If you have limited experience with Active Directory, I suggest starting with the following Active Directory-related modules and Capture The Flag (CTF) challenges on Hack The Box:
HTB Academy:
- Introduction to Active Directory
- Windows Attacks & Defense
- Active Directory Enumeration & Attacks
- Pivoting, Tunneling, and Port Forwarding
HTB CTF Track:
- Active Directory 101 (easy level challenges)
Conclusion
In conclusion, preparing for the CRTO helped me gain extensive knowledge in Red Teaming, Active Directory, and its exploitation. I would also like to extend my gratitude to Rasta Mouse for creating the CRTO course, and additionally, I would like to thank everyone that participated in my preparation for the CRTO.
Btw, my badge