I recently passed the Certified Red Team Professional (CRTP) exam by Pentester Academy and thought I’d give my two unsolicited cents on what I considered a maximum value for both time and money.
TLDR
What you learn from the course is enough to pass the 24 hour exam, but I recommend going above and beyond to learn more about the material presented therein.
The Course
The Attacking and Defending Active Directory Course is intended to provide beginner level knowledge to Pentesting an active directory environment and covers among other things, the topics below.
- Active Directory Enumeration.
- Exploiting Active Directory misconfigurations.
- Domain privilege escalation.
- Domain persistence and dominance.
- Cross trust attacks.
- Forest persistence and dominance.
- Defenses.
You get access to videos, PPT, lab manual and downloadable tools.
The real value of the course however is in the labs. It is without a doubt the most stable environment I have interacted in as far as labs go, with no latency issues or any sorts of bugginess. With daily resets keeping the environment fresh, you barely notice the lab is a shared environment. Simply put, if a command in the labs does not work, it is more likely to be a YOU issue rather than the lab issue.
While you can finish the labs in 30 days, the value you gain out of it is heavily dependent on the effort and curiosity you engage it with.
The Exam
The exam is a 24-hour endeavor. You get an extra 1 hour for time lost in setting up the exam lab and connecting to it. The time is sufficient to complete both the exam and report while taking breaks and checking those Man Utd scores.
Everything taught in the course is sufficient for exam purposes, but you may want to experiment with different tools as what’s provided in the Tools
folder for the course contains some outdated tools. Now, outdated isn’t necessarily a bad thing, as sometimes you will need an older version and on some other occasion a newer instance of a tool. It will be more of “Old is Gold” or “New broom sweep clean” pendulum, and where that swings will heavily depend on the work you do in the labs.
My Tips
- Do NOT underestimate the exam. Yes, everything required is covered in the course, but it is not a replica of it. It has some curveballs that require you to think, (and overthink in equal measure). Are there multiple ways to skin the cat? Well have you tried them?
- Bloodhound.
- Ever heard of adPEAS?
- Do further research by yourself. Some concepts are not extensively covered and you may need to supplement them with further studying. It is the curse of being a pentester anyway..
- Make good notes - duuh!
- Have confidence in yourself. If you can dream it, you are good enough for it.
- It is ok to watch Man Utd play as you do the exam. Recipe for WINNING. :-D
Finally
The course is worth its price times three. You get more than you pay for and would definitely recommend it for anyone who wants to go beyond “what is nmap”.
Now there are a few places Pentester Academy can certainly improve on, like creating a community for students or improving that challenge submission portal for the labs, but hey, for that price, I will still drop a 5 star on it!