Hey everyone! I recently earned my Certified Red Team Professional (CRTP) certification and really enjoyed the entire journey. I’d like to share the approach I took while preparing for the exam. This post is focused on the CRTP certification and how I prepared for it.
Introduction
CRTP is Certified Red Team Professional by Altered Security and is a beginner friendly hands-on red team certification. It focuses on understanding and assessing security of an Enterprise Active Directory environment.
Red teaming involves simulating real-world cyber-attacks on a company’s infrastructure including systems, networks, and applications to discover and assess vulnerabilities. The main objective of red teaming is to thoroughly evaluate the effectiveness of an organization’s defensive security measures by mimicking the tactics, techniques, and procedures (TTPs) used by adversaries or attackers.
The common attack vectors include Recon, Credential Harvesting, Privilege Escalation, Lateral Movement and Persistence.
The methodology is:
- Initial Access
- Reconnaissance
- Credential Harvesting
- Privilege Escalation
- Lateral Movement
- Persistence
Who should do CRTP?
- Cybersecurity Analysts
- Penetration Testers
- Red Teamers
- Security Consultants
- Anyone who wants to work in Red Teaming
Why CRTP?
- Active Directory is Used by more than 90% of Fortune 1000 companies so CRTP helps you in understand, analyse and practice threats and attacks in a modern Active Directory environment. CRTP you will used Windows as an attack platform and using trusted features of the OS like .NET, PowerShell and others for attacks.
- Bypassing defenses like Windows Defender, Microsoft Defender for Endpoint (MDE) and Microsoft Defender for Identity (MDI).
Certification Exam Format & Difficulty Level
The exam adopts a hands-on approach where you will be using each technique you learned and practiced during the lab, trust me each single command is useful in the exam.
In the exam you will be getting 5 server machines which needs to be compromised in 24 hours and in next 48 hours you need to submit a comprehensive report which includes details of your approach, proof of concepts along with the recommendations. You get access to a VM named ‘user’ in the lab and that doesn’t count as a target server. The important part to note is that if you can compromise all the machines but your report is not the one which explains everything what you have done then you will fail to meet the certification requirements and submitting report within 48 hours of exam completion is mandatory condition.
Certification Material
So, you get the following:
- Course Videos
- Walk through Videos
- Lab Material – Includes Lab Diagrams, Lab Manual, Connecting to Lab setup details. Tools, Slides PDF and change log file.
The main thing is lab access which is basically where you will spend most of the time and the lab journey is the one which you are going to enjoy with learning.
I enrolled for 30 DAYS LAB ACCESS + LIFETIME ACCESS TO COURSE MATERIAL + ONE CERTIFICATION EXAM ATTEMPT and due to sale I got that for 199 USD.
Preparation
First go through all the course videos and do make sure that you watch them thoroughly , watch at least 2 to 3 times along with make sure that you take detailed notes for concepts, commands, techniques used etc. For notes I used Sublime Text, you can use the tool of your choice.
Now notes play an important role the reason is you have everything at 1 place especially the commands.
Once done with videos then go ahead and start the lab subscription and start solving the labs
The course has 23 Learning Objectives but those have a lot to learn. Keep solving the learning objectives, for assistance you can refer the lab manual, and still need help then go check walk-through videos for that particular learning objective.
You can submit the flag for respective learning objectives as you keep progressing in the lab:
Try to solve the lab twice or thrice to make sure that you are confident in terms of concepts you learned and the techniques which will help you not only in the exam but in an actual red teaming engagement.
War Begins
You must read before the Important Instruction for Exams provided on the certification exam tab on the Portal.
Once started, the exam lab runs for 25 hours. You get an additional hour to compensate for the lab setup time of 10-15 minutes. You can reboot VMs in the exam and you should do that if you have tried everything and nothing working.
For 1 of the VM I tried everything and stuck for 3 hours then tried restarting the VM but due to some reasons the reboot was taking little longer, then I emailed the support team, and they suggested me to login and log off to portal account but that didn’t worked.
Exam started on 2nd March 2025at 12:00 PM IST and at 12:30 PM I started feeling sleepy as I didn’t slept properly before the day of exam and was tired also due to a good workout I did and that’s the reason I mentioned in the tips that you should take proper rest 1 day before exam.
I started with enumeration and got the initial access of the first target within 2:45 hours at 2:45 PM then I captured the POCs, once done with that I took a lunch break for 1 hour from 3 to 4 PM, after the lunch again started working on the other target then I spent around 2 hours and was able to compromise that too within 2 hours and then my body was demanding caffeine so at 6 PM I went for grabbing my Black Coffee and also did a small walk.
I came back at 6:30 PM and again back to targets and paid attention to those, after some time I went for a quick break at 8 PM , I was back at 8.30 PM and again sat for around 3.5 hours till 12 AM and successfully able to move ahead and then I went for dinner and came back 12.30 AM and continued again till 3 AM. Then 1 target machine got stuck and was taking time to reboot ,and my mind gave me signal to sleep so I took a nap for 3 hours. Then woke up at 6 AM , now that machine was working fine and I successfully compromised all targets within 24 hours. Once I was done with all the targets I reviewed my screenshots and my rough notes which I prepared as a summary for preparing my report in case something is missing.
Report Preparation
Next 2 days I spent some time to prepare the report as the week started and my office stuffs needs to be finished. Once I prepared the report I submitted to the respective email, and I received the acknowledgement for the report I shared. Then was eagerly waiting for the results and starring my mailbox like this lion:
Finally, the day came and I received email on 12 March 2025 evening that I have successfully passed the requirements and Now I Certified Red Team Professional.
But still I had to wait till the time I receive my certificate and finally on 18 March 2025 I received my certificate.
Key Tips
Take a proper rest before the exam day so that you can be ready for the 24 hour war.
Make sure you are ready with your arsenal, I mean the tools which you are going to use in the exam, the exam make sure that you put your brain work for you especially while transferring tools.
If you can’t get what you are looking for once you tried everything then try rebooting the VMs and go for a coffee and walk.
Enumeration is the key and passion is the fuel you need to complete the exam, it’s not easy to give a 24 hours exam along with managing a full time office, travel and maintaining health.
Summarize your points after compromising the machines as it will help you recollect the way you broke into the machines and help you during report preparation.
You Must give exam on a non-working day, its better if you give it on Saturday so that on Sunday you can prepare the report and next day you will be ready for your day to day office tasks.
Make sure that you review all your POCs and summary which will be really helpful during the reporting.
I’d like to express my gratitude to Nikhil Mittal and the Altered Security team for delivering an outstanding certification and course. The exceptional support they provided throughout the entire journey was truly impressive.
If you enjoyed this post, share it with your friends and colleagues!
Good https://t.ly/tndaA
Thanks Simon.