Categories
Tags
288 words
1 minutes
CRTP Review – Certified Red Team Professional
Table of Contents
- Intro
- Objectives of the CRTP Certification
- Prerequisites
- Key Tools & Techniques Covered
- Course Content Breakdown
- Exam Format
- Resources
- Conclusion
⚠️ Caution: #FreePalestine
Intro
The Certified Red Team Professional (CRTP) is an intermediate-level, hands-on certification offered by Pentester Academy (now under INE). It focuses entirely on attacking Windows Active Directory environments—perfect for those specializing in internal network penetration testing and Red Team ops.
Objectives of the CRTP Certification
- Understand the structure and weaknesses of Active Directory.
- Perform real-world internal AD attacks using Red Team techniques.
- Use tools like PowerView, Rubeus, Mimikatz, and BloodHound effectively.
- Exploit common AD misconfigurations:
- Unconstrained Delegation
- Kerberoasting
- AS-REP Roasting
- Abusing ACLs and GPOs
- Perform lateral movement and persistence techniques.
- Map Tactics, Techniques, and Procedures (TTPs) to the MITRE ATT&CK framework.
Prerequisites
Before diving into CRTP, it’s recommended you have:
- A solid understanding of Windows OS fundamentals.
- Basic networking concepts (TCP/IP, DNS).
- Familiarity with Active Directory.
- Basic PowerShell scripting experience.
- Background in penetration testing is highly recommended.
Key Tools & Techniques Covered
| Tool/Technique | Purpose |
|---|---|
| PowerView | AD enumeration & recon |
| Rubeus | Kerberos attacks, ticket abuse |
| Mimikatz | Credential dumping, Pass-the-Hash/Ticket |
| Impacket | Remote command execution, relay attacks |
| BloodHound | Graph-based privilege escalation & analysis |
| PowerShell Empire | C2 management & persistence |
| SharpHound | Data collection for BloodHound |
Course Content Breakdown
- Active Directory Enumeration Basics
- User Hunting & Local Privilege Escalation
- Kerberos Attacks:
- AS-REP Roasting
- Kerberoasting
- Abusing ACLs & GPOs
- Lateral Movement:
- Pass-the-Hash / Pass-the-Ticket
- PSExec / WMI / WinRM
- Ticket Attacks:
- Golden Ticket
- Silver Ticket
- Persistence:
- Scheduled Tasks
- Registry
- WMI Event Subscriptions
- Defensive Evasion & AV Bypass
Exam Format
- 24‑hour hands‑on practical exam: Exploit a full AD environment, escalate to Domain Admin.
- 48 hours to submit a professional Red Team–style report.
- 1‑month lab access (extendable).
- Fully scenario‑based—no multiple‑choice.
Resources
🔗 Written Notes & Guides
💻 TryHackMe Labs
🔧 GitHub Tools
🎯 Practice Labs
- TryHackMe: Attacktive Directory Room
- Hack The Box: Active Directory Labs
Conclusion
CRTP is more than a certification—it’s a realistic, hands-on journey into enterprise AD exploitation and Red Team tradecraft. Whether you’re targeting a Red Team role or sharpening your AD-attack skills, CRTP stands out as a transformative investment.
CRTP Review – Certified Red Team Professional
https://bad-glitch.github.io/posts/certifications/crtp/crtp/