Background

I’m happy to announce that I’m a Certified Red Team Operator (CRTO), at least I think so after passing the exam :joy:

crto-results

got 7/8 flags in the end, quite happy!

Exam Experience

  • relaxing as the exam is a 48 hours lab time spread across four days, so you have the freedom to do as little or as much per day as you ‘d like
  • flags appear in order so the path forward is not too confusing, won’t have to worry about doing things in the “wrong order” like you would in OSCP.
  • not as guessy and “try harder” as OSCP. Course material is very similar to exam material. As long as you study and familiarise, you can pass.

Reflection

I was super happy to strenghten my Cobalt Strike skills, and was pretty much foorced to learn things about my weak point , basically:

  • Active Directory
  • Kerberoasting and NTLM etc.
  • Domain Trusts
  • Persistence/Lateral Movement
  • AV and AMSI bypasses

What about OSEP/CRTP?

I would definitely recommend to anyone looking to familiarise Active Directory without getting too deep into it, was chatting with another pentester who said the polar opposite would be OSEP or Pentester Academy’s AD Labs (CRTP).

  • OSEP focuses more on AMSI/AV bypassing and touches lightly on the Active Directory components
  • CRTP touches more on lower level tradecraft (learning offensive powershell from scratch) rather than relying on a C2 like Cobalt Strike, however I was told the course doesn’t teach newer techniques such as PrintNightmare or ADCS.

Nifty features

  • lifetime access to course material
  • snaplabs is very scalable and fair, you can generally pause/play the lab within a 6 month period, giving you flexibility in when you want to use your time, rather than the old OSCP model when a fixed time is bought for labs.