Published on December 13, 2024

CRTP Review

Table of Contents

What is the certification about

The CRTP (Certified Red Team Professionnal) is a famous certification dedicated to Red Team and destinated to Begginers. Everything in the certification is about Active Directory, and you dont need to be an expert, but a good understanding of Active Directory’s environment is recommended.

What you’ll learn and how the plateform works

Once you have bought the certification, you’ll have access to a lab environment. The lab is the same for everyone, so it means if somebody already did a techniques or break something, you’ll see it. But thanks to Altered Security, the support is really nice.

What you’ll have access :

43 videos course, where every concept is taught by Nikhil.
Access to the lab.
Access to the Tools.zip file, you’ll find every tools used in the course, and some of them are already prepared and obfuscated by the team.

Along all the videos, you’ll learn a lot of concept, some of them are :

ACL enumeration and abuse
Trust enumeration between domain and forest and abuse
Lateral movement (Pass the hash, Pass the ticket…)
Kerberos (Golden ticket, Silver ticker, Diamond ticket, Constrained delegation, Unconstrained delegation, Kerberoast, ASREPRoast, RBCD)
A lot of persistence technique (SSP, AdminSDHolder, Skeleton keys…)
A little bit of ADCS
MSSQL

Along the videos, you have something called Learning Objective (there is 40), which are objectives you have to do directly in the lab, the key here is to practice what you have learned during the course.

Caution
It is important to note that every tools and commands showed in the course are done on a Windows machine.

The exam

The exam took ~20 minutes to start. You have the choice to use the windows virtual machine provided by altered security, which works through Apache Guacamole, or you can use your machine with a VPN.
The nice thing about the exam is that, even if everything you have learned from Nikhil was from Windows, you are free to use any distro you want and any tools you want.
There is 5 machines in the exam lab, and you don’t need to become Administrator on every machine, you juste need to prove that you can execute commands on them.
Now, I’m going to talk about my personnal experience. The first part of the lab (first 3 machines) was pretty straight forward and everything worked perfectly, but for the last part, I was not able to upload or receive connexion on my machine from other machine (I used the virtual machine provided), I had to finish the exam from a linux machine so I decided to use exegol.

The report

After I finished practice part of the exam (having command execution on all machines), It was time to create the report. It’s not a report like a pentest report, It’s more like a Walkthrough. The most important thing to understand here is that the team will judge you only on your report, It means even you was able to execute command on every machines, if your report is bad you’ll not pass the exam.

In your report there is two main things to understand :

You need to explain why you used the commands you used, and why (like why the command worked).
You also need to put remedation for the vulnerability you found.

How to prepare

I think that you don’t need any external ressource to pass the exam, if you follow all the videos course provided it will be enough.
The most important thing is to understand every concept taught, try to understand why the command you did works, if there is an error try to understand why there is an error.
Every steps I had to do during the exam was in the course.

Note
Last thing, try to learn not for the objective to pass the certification, but for the objective to gain more skills.