Certified Red Team Professional Exam

By: Ashish Khairnar Date: 26 April 2020 This article is about my recent experience with Certified Red Team Professional (CRTP) exam offered by Pentester Academy.

TL;DR: This is the best class for beginners/intermediate Information Security enthusiasts who wish to learn attacking and defending Active Directory in a Windows environment.

Prerequisites:

• Get familiar to basics of PowerShell

• Get familiar with high level overview of Active Directory

Although the prerequisites aren’t mandatory as they are covered in the class but I would recommend for beginners — like a crash course videos on Active Directory and PowerShell from YouTube may help.

Class:

The class starts with basics of Active Directory and PowerShell concepts and then moves ahead with the attack cycle for an “assumed breach” scenario in depth. It focuses on basics of domain enumeration using well known tools and explains several possible ways to get the domain admin and maintain persistence in an Active Directory environment.

It then moves to enterprise admin compromise, cross-forest attacks and persistence including SQL Database Links Abuse and finally, covers defensive techniques. The class videos are very easy to understand and follow along.

— https://www.pentesteracademy.com/activedirectorylab

Lab:

The lab is completely hands-on and is great to practice the concepts learned in the class. Make sure you take notes when you do labs :)

The support team is very helpful and can help if you are stuck in the labs, not in exam :D

The Exam:

Like labs, exam is also completely hands-on and I must say it is very different from the labs which makes it more fun. Make sure you rest well and have all the tools handy before you get VPN access for exam.

The objective is to get the shell on 5 machines. I spent 16 continuous hours to get the admin shell on all the boxes :) and managed to submit the report in next 10 hours after a sound sleep.

After few hours of submitting report, I got an email saying I passed :)

And, within 2 days I got the certificate.

Conclusion:

I would recommend this class to anyone who is interested to learn Active Directory security in an Windows environment.

I would like to thank Nikhil Mittal and entire Pentester Academy team for this great experience.