Certified Red Team Professional (CRTP)
The Certified Red Team Professional (CRTP) certification requires practical application, with students completing realistic challenges in fully patched Windows infrastructure labs featuring multiple domains and forests. This certification evaluates a student’s ability to compromise Active Directory through the exploitation of features and functions, rather than relying on patchable vulnerabilities. The hands-on assessment for this certification is a 24-hour exam.
It is important to note that the majority of Windows Active Directory breaches result from misconfigurations, rather than the use of publicly available exploits. As such, this certification places a strong emphasis on understanding core Windows Active Directory concepts, rather than solely focusing on exploit-based approaches. This certification serves as a foundational course for Red Team training.
- Active Directory Enumeration
- Local Privilege Escalation
- Domain Privilege Escalation
- Domain Persistence and Dominance
- Cross Trust Attacks
- Forest Persistence and Dominance
- Defenses — Monitoring
- Defenses and bypass — Architecture and Work Culture Changes
- Defenses and Bypass — Deception
- Defenses and Bypass — PowerShell
Attacking and Defending Active Directory Course
The Attacking and Defending Active Directory Course include both video content and a PDF of the accompanying presentation materials. This course provides an excellent foundation in the fundamentals of Windows Active Directory.
If you have some penetration testing experiences, you might be focusing on the red teaming topics such as:
- Windows Active Directory Enumeration with PowerView and BloodHound
- Kerberoasting and AS-REP Roasting
- Golden and Silver Tickets
- Constrained and Unconstrained Delegation Attacks
- Abusing Windows Active Directory ACLs/ACEs
- Abusing Domain Trust Relationships
- Basic MSSQL-based Lateral Movement Techniques
- DCShadow, Skeleton Key, DSRM Admin Abuse, etc.
- Basic Antivirus, AMSI, and AppLocker Evasion
Attacking and Defending Active Directory Lab
The Attacking and Defending Active Directory Lab were incredibly helpful for practicing all techniques that learned in this course. The connection to the lab was quite stable. Other servers in the lab except the student machine will be reset every day for cleaning up and restoring the configuration that some students might be abused. The Pentester Academy also provided a Flag Verification feature for a student who works in the lab. The flag format might be some results from enumerating or after abusing some things that you can provide the flag value to the Flag Verification.
I used PowerShell-based tools in the first round, and in the second round, I used some tools from Kali Linux for helping me with credential dumping. It provides a great environment to test new tools and techniques as you discover them. In addition, I tried some of the C2 frameworks and it was a great opportunity in the Windows Active Directory environment.
Certified Red Team Professional Exam
The Certified Red Team Professional Exam is not one to underrate. I propose that you prepare all of your instruments before beginning the exam. The exam setting is quite similar to the lab setting. The purpose of the exam lab is to execute OS commands on all of the target systems, although without administrator access. You have 24 hours to complete the exam’s practical portion. After that, you have 48 hours to finish and submit your exam report.
The difficulty of the Certified Red Team Professional Exam is fair if completed the Attacking and Defending Active Directory Lab. The exam includes some interesting variations of the techniques covered and some steps that are fairly well hidden and require careful enumeration. That said, the course itself provides an excellent foundation for the exam. The exam was tricky for sure please be prepared for the worst-case scenario and alternative solutions for each technique learned from the lab. Do not hesitate to reboot the machine if some tools are working not as expected.
Resources
Conclusion
This Attacking and Defending Active Directory course is just the beginning of the Red Teaming field. As you know, there are CRTE, CRTM, CRTO, CRTL, and so much more courses. In the Cybersecurity career pathway, I thought, I could not learn all the things but I will find my specialist and study more in detail in the future.
Special Thanks
Thank you to my colleagues, friends, and family for your guidance. Finally, I am a Certified Red Team Professional (CRTP)!
Windows Active Directory is used by many and secured properly by few.
