297 words
1 minutes
Mastering Advanced Red Teaming with CRTS V2: From Initial Access to Domain Dominance
2023-12-16
Certifications
No Tags

The Certified Red Team Specialist (CRTS) V2 is an advanced and updated training course by CyberWarFare Labs. It’s designed to reflect real-world adversary techniques and modern red teaming tradecraft. During the webinar, they introduced the new syllabus, lab infrastructure, and explained how the course focuses on stealthy, goal-oriented red team operations.

Key Technical Areas Covered#

1. Initial Access#

  • Techniques like phishing with Office macros, OneNote payloads, HTA, ISO, and LNK files.
  • Exploiting browser vulnerabilities and abusing trusted file types.

2. Persistence#

  • Using Registry Run keys, WMI events, and Scheduled Tasks.
  • DLL side-loading, AppInit_DLLs abuse, and COM Hijacking.

3. Command & Control (C2)#

  • C2 tools include: SharpC2, Mythic, Covenant, and Sliver.
  • Techniques: DNS-over-HTTPS, domain fronting, and AES-encrypted payloads.

4. Defense Evasion#

  • AMSI bypass using patching and reflection.
  • ETW patching, in-memory payload execution, and abusing LOLBins.
  • Signature mismatches and timestomping techniques.

5. Privilege Escalation#

  • Token impersonation, exploiting unquoted service paths.
  • Dumping credentials using LSASS, comsvcs.dll, and tools like Mimikatz.

6. Lateral Movement#

  • Techniques like SMB Relay, PsExec, WinRM, and WMIExec.
  • Kerberos attacks: Pass-the-Ticket (PTT), AS-REP Roasting, and Kerberoasting.

7. Infrastructure Setup#

  • Building redirectors using NGINX or Caddy.
  • Deploying secure TLS/SSL C2 servers on platforms like DigitalOcean, AWS, and Vultr.

8. Active Directory Attacks#

  • Using tools like BloodHound and Rubeus.
  • Performing ACL abuse, Golden and Silver Ticket attacks, and GPO abuse using SharpGPOAbuse.

Lab Environment#

  • Fully simulated enterprise Active Directory network.
  • Red team scenarios built for stealth and realism.
  • Includes blue team detections (AV, EDR, Sysmon) to improve evasion techniques.

What You’ll Learn#

  • How to plan and carry out full red team operations.
  • Develop custom malware and build secure C2 infrastructure.
  • Evade detection by AV/EDR/AMSI systems.
  • Emulate real-world adversary behavior using MITRE ATT&CK mapping.

Who This Course is For#

  • Red Teamers looking for realistic simulations.
  • Security consultants involved in threat emulation.
  • Offensive security professionals wanting to upskill in stealth operations.

💬 If you’re ready to move beyond just using tools and start thinking like a real adversary – CRTS V2 is for you.

Tools Used in the Course#

  • Cobalt Strike
  • Mythic
  • BloodHound
  • Impacket
  • Mimikatz
  • SharpHound
  • Seatbelt
  • Rubeus
  • PowerView
  • PEASS-ng / WinPEAS
  • Sliver
  • Donut
  • Empire
Mastering Advanced Red Teaming with CRTS V2: From Initial Access to Domain Dominance
https://bad-glitch.github.io/posts/certifications/crtsv2/crts/
Author
Amr Abdel Hamide
Published at
2023-12-16
CRTP Review – Certified Red Team Professional
© 2025 Amr Abdel Hamide. All Rights Reserved. / RSS / Sitemap