My Intro to Red teaming and Active Directory! Loved it to bits and pieces and here is my review!

I think the syllabus for Certified Red Team Professional (CRTP) is a very good introductory course for anyone who is interested in Active Directory penetration testing and defense techniques. You need to keep in mind that the attack methodology taught by instructor, Nikhil Mittal, scratches red-teaming pentesting mindset and methodology in its very basic and you can somewhat consider this a powershell crash course.

What are the pre-requisites?

None, really. But it is definitely good to have somewhat a necessary understanding of what and how penetration testing is done and its concept, like eCPPT or perhaps OSCP will be really helpful. That being said, it is also completely fine if you are starting from scratch with no prior Active Directory knowledge or in Powershell, as Nikhil will teach you from basic enumeration to all the way to full domain controller compromise within the course module.

Materials

I decided to opt for 30 days lab time since I figured this will be more than enough to go thru the full course and complete all the lab requirements. You personally would get course in PDF format, videos, and walkthroughs for lab exercises. All of this are downloadable for future use as well. You absolutely dont have to worry about how familiar you are in Active Directory or Powershell; this course teaches you from scratch, basically A-Z of basic AD. I also need to emphasize that powershell tools have honestly made it simpler to enumerate in an Active Directory which is really great.

Overall, Nikhil gives you a very broadened perspective into Active Directory, as he occasionally relates it real life concepts about attacking and also defensive side of Active Directory.

Lab

The lab environment is pretty good, in a way that you get all the necessary tools you’d ideally use together with course videos to help you along the way (e.g Mimikatz, Bloodhound, Rubues, Powerview). The twist is these tools are all located on a low-privilege user account which you would make use of to privilege escalate and move towards compromising domain controller.

What’s really nice is even if you are confused or completely lost to moon and back, the solutions provided for the course is extremely simple to understand to replicate.

The lab is not CTF styled or anything where you might feel helpless like in Offensive Security labs but it really gives you that grasp onto methodology for you to develop along the course. I feel this is quite important since most of pentesting is more about understanding what you’re doing, and why you’re doing it. You will come across alot of credential dumping, generating ticket-granting tickets (TGT) and ticket granting services (TGS) and understanding how kerberos authentication works.

Understand the concepts on NTLM hashes, pass the hash, mimikatz usage, kerberos authentication, and bloodhound. You’d be working with these ALOT throughout the course and exam as well!

Me

Exam day

The exam is a 24 hours exam with a great environment with resets available for each servers or machines and also a reset for the whole environment. People who’re coming from OSCP knows that 24 hours exams just mean that you need to have good planning and time management to be successful, so be prepared and prep your time management well. Exam requirement is to compromise domain controller and also be able to have OS command execution on all servers even if it isn’t with administrative privilege.

You don’t really need anything out of the provided tools from the course but then again, you are free to use any tools you desire or to your comfort for the exam as long as the job gets done.

CRTP Certified

Outro

As all courses, CRTP is first certification or training in PentesterAcademy Red Team Series. which progresses to Certified Red Team Expert (CRTE). CRTP is definitely hands down a great introductory course into Active Directory and how windows operates in general and Im quite content with the overall cost content wise. As it is affordable compared to other certifications out there and teaches you really good solid understanding of Active Directory attack and defense. If you have intentions of moving into AD, this is a good place to start and proceed with self exploration and maybe even complete it with CRTE or eCPTXv2.

My next plan is to loop back to web security and in due time head to eCPTXv2 from elearnsecurity, till then have a good one! B)