Hi Friends, Welcome back to my blog, its been a year. Happy New year to All 🥳🥳🥳
As the calendar turns a new page, May your life be filled with story of success, love, and happiness.😍
I had recently completed Certified Red Team Professional (CRTP) Certification.
I had already created a Youtube video on it, but its in Tamil version. so I thought of creating a Blogpost for the same in English version.
My Objective towards CRTP:
Since I had already done with my OSCP Certification on December 2021, during that time there is no Active directory assessment involved in Exam, only AD contents are there as part of syllabus and it was introduced from Jan2022 exams.
So I feel like I was weak in Active directory Pentesting, then I searched in internet. I got many useful resources like Articles, blogposts, youtube videos in internet, but still CRTP syllabus covers latest tools, techniques, lab challenges, tasks etc. CRTP contents will be updated now and then for the students. so its kind of one stop solution to learn Active directory pentesting (Both Offensive and Defensive side) and to get knowledge on assumed breach assessment.
Preparation Guide:
Before enrolling to CRTP, I thought of settingup my own AD lab in my laptop to practice common AD attacks. John Hammond playlist was verymuch helpful for me to setup the AD lab environment.
And The Cyber Mentor also released a video on Hacking Active Directory for beginners in youtube
These two videos are like Gold mine, please make use of it for learning purpose.
As I told you before, I have an habit of reading more blogposts of others to understand their journey towards any kind of certifications or anything, We could learn how they managed their time, what all problems or obstacles they faced during that preparation phase.
Some of the blogposts which I followed are:
Websites, Cheatsheets and Notes I used for reference are:
Ready to Enroll for CRTP:
After Im done with my self learning, I feel like im ready for CRTP Practice labs and exams, when I visited Altered Security Linkedin page, I was surprised by their diwali discounts on November 2023. Ya there was a 20% OFF on all the courses which they provide. so always keep an eye on their linkedin page.
I Actually opted for their On-demand lab course which has 30 DAYS LAB ACCESS + LIFE TIME ACCESS TO COURSE MATERIAL + ONE CERTIFICATION EXAM ATTEMPT.
If you want live training, they also have bootcamps where Author (Nikhil Mittal) will take you to each and every concepts, if you have any queries on bootcamp training you can ask directly. You can check the upcoming bootcamp schedule here – https://www.alteredsecurity.com/bootcamps
Once I purchased the ondemand lab course on Nov13, 2023, I had received an email like below:
So you will get 90days time to clear the CRTP Exam, but whenever your done with Course materials, you can ask adlabsupport team for Lab access to practice in lab environment and the Lab time for me is 30days which I opted during my purchase. If you need 60days or 90days you can also purchase it.
If you visit the https://adlab.enterprisesecurity.io/ and signin with your registered account, you will get all the details like Lab subscription details, Last date to attempt the exam, course videos links for download, Lab manual, Certification Exam, Flag verification, FAQ etc.
First thing first is download the Course videos to your local desktop or laptop and start learning !!!
From Nov13 2023 to Dec4, 2023, I was going through the course materials, recorded sessions, walkthrough videos and lab manuals. On Dec 5, 2023 I had requested for Lab access to adlab support team via email.
Then I got the response immediately within 2hours
You will get another notification in same day like below for Lab access is ready
You can access the lab environment from web portal link or you can download the VPN pack then connect to student machine using RDP. I personally used VPN + RDP to access student vm machine.
You can access the Lab manual from same portal https://adlab.enterprisesecurity.io/
Try completing all the 23 Learning Objectives, submit the flags in Flag verification section. You need to submit 40 flags. It will be kind of parallel tasks, like doing the learning objective and submitting the flags.
Since I had 30days of Lab time. I spent around 2-4hours perday with my regular working job. Mostly I will sit for learning only on morning time (3AM to 7AM). It may vary depends on the tasks.
And Think Out of box like try different methods, techniques, because you will get this type of environment only on your real world assessments. You will be getting the Student VM credentials for login, it will be windows machine, from that you need to perform Privilege escalation, Domain Enumeration, Lateral movement, Persistance, taking domain admin, taking enterprise admin in short words.
I actually used One Note for Notetaking, because it will be really helpful during the exam time or during the exam revision time.
You will also get access to Bloodhound Web UI and Microsoft defender dashboard access, You can use bloodhound webui for lab practising, but during the exam you need to use the bloodhound which is setup in your hostmachine.
MDE Dashboard used to view the incidents & alerts which are created by us during learning objectives phase, its like triggering the attacks and seeing the incidents from a blue teamer perspective.
My Lab subscription end on Jan 4, 2024. Due to some personal reasons I had given some gap. And I haven’t given the exam after completing the lab time. Please don’t do the same mistake like me. Because after sometime, you will miss that learning flow. I again revisted my notes, lab manual a week before my exam day.
Exam Day:
There is no concept like scheduling the exam prior a week or month in CRTP, whenever you feel your ready you can take the exam.
On Mar 23, 2024, 9:44 AM, I thought of starting the exam. In https://adlab.enterprisesecurity.io/ portal if you click on Certification Exam tab, then click on setup exam lab. it will take time upto 15-20 minutes to setup the exam lab environment.
Once the exam started, you will also receive a notification email on Exam start date/End date and report submission due date.
You will get 25 hours in total, in that 1hour to setup the VPN + connecting to RDP Machine and transferring of tools, remaining 24hours for the actual practical exam. You can restart the VMs whenever you need and once your done with exam you can exit the exam. even if you kept aside, the exam will end automatically and you wont be able to access the exam lab environment.
So our objective to Compromise all 5 Machines and to take OS command execution.
I had actually completed the exam in 7hours of time frame started on morning 9:45AM to 5:00PM IST evening, March 23, 2024.
During the each steps of compromising I was parallely taking the notes and screenshots using Onenote. So after completion of exam, I had rechecked all the evidences are there for the reporting phase.
The Exam report must contain detailed walk-through of your approach to compromise a box with screenshots, tools used and their outputs. You are free to use any tool you want but you need to explain what a particular command does and no auto-generated reports will be accepted.
So I started the reporting from evening, 7PM IST and completed by 10AM IST, even though I had enough days to submit the report, I thought of completing it first. And went for sleep.
Then in next day morning(March 24, 2024), I had revisited the report, reviewed myself more than 3-4 times. It was around 42 pages. And I finalized the report to sent to Altered Security team.
You need to send the Exam report in PDF Format within 48 hours of completion of the exam to adlabsupport@alteredsecurity.com
Awaited for Results:
Since I done the Exam well and provided detailed report, I had the confidence that I will pass the CRTP Exam. but as per above AD Lab Support team email, we need to wait for 7 business days !!!
I was keep on refreshing my gmail inbox day and night even in middle of the sleep to see the exam results. After waited for 4-5 days I felt like Mr.bean waiting for a vehicle in middle of the road.
And On April 1st which is 6th day evening, 4PM IST I had received an email with subject line (Certified Red Team Professional – Exam result)
I was super excited like this minions 🤩🤩🥳
On April 3, 2024, 4:47PM IST, I had received a email like below with Digital Certificate of CRTP
If you click on View my Certificate, it will redirect to this type of link:
https://www.credential.net/8a6a2b98-7dbb-4444-9c8e-fd8c24e15a5c#gs.886p84
Finally its arrived !!! 🥳🥳🥳
Its a Super Cool Exam, Any one can try it even if your a begineer in active directory things, the materials provided by altered security team is more sufficient to begin with labs. I dont find any issues in Lab or Exam environment, it was stable. Use Blood hound properly, its a game changer, try different techniques if your stuck at something. Dont rely on same tool, try alternative tools & try different commands to compromise the machines.
I had created a Cheat sheet containing AD Rooms and Challenges to the people who are preparing for CRTP or beyond that.
Link to access the cheatsheet – https://docs.google.com/spreadsheets/d/16dNme2SmBpG0pszDGyj_XiogEL3LKWmkH5EDwxjzQo0/edit?usp=sharing
Life Lessons:
- We all are working in 9 to 5 job as a pentester or security consultant or anything for any organization, but we need to keep our self learning time very strict (atleast 2-3hours a day) to learn new technology, new threats, practising makes you better consultant.
- Maintaining consistency in learning daytoday basis and keeping it as a discipline.
- Set short 6months goals & try to acheive it.
- Try to find a mentor, if your not good at making things on time for learning.
- Take a break, go for some vacation and restart.
- Spent more time with your family (Parents, Wife, kids) and with your friends too. because they are the life liners.
- Help others and Give charity.
Thanks for taking your time and reading my blogpost, I hope you like it.
Bye friends !!! See you all in Next adventure stories. All the very best for your future!
BackTrack of Mohammed Adam 