Skip to main content

CRTO Review ๐ŸŽ‰

ยท 4 min read
Vorachat Somsuay

Background ๐Ÿ“šโ€‹

Before diving into the CRTO certification, I must admit that my knowledge of Active Directory and Red Teaming was limited. My only exposure to these topics was through a small section in the OSCP course ๐Ÿ“–. However, once my company approved my request to do the CRTO certification, I decided to take the plunge and purchased the 60-day course bundle ๐Ÿ“ˆ. In hindsight, 30 days would have been sufficient,as I still had over 50 hours remaining at the end, and it took me around 2-3 weeks to complete both the lab and the course ๐Ÿ•’.

stewpid_cat

Course ๐Ÿ“šโ€‹

The CRTO course was comprehensive and covered a wide range of topics related to Red Teaming and Active Directory ๐Ÿ“Š. The course material was well-structured, and the instructor did an excellent job of explaining complex concepts in a clear and concise manner ๐Ÿ’ก. However, as a visual learner, I would have preferred more video content. I found myself having to read through walls of text, which sometimes made it difficult to grasp certain concepts. Nevertheless, the course was well worth the investment.

The course covered topics such as:

  • Cobalt Strike fundamentals ๐Ÿ“
  • Domain enumeration and reconnaissance ๐Ÿ•ต๏ธโ€โ™‚๏ธ
  • Exploiting vulnerabilities in Active Directory ๐Ÿ’ฃ
  • Lateral movement and privilege escalation ๐Ÿš€
  • Red Teaming tactics and techniques ๐Ÿค–

Lab ๐ŸŽฏโ€‹

The CRTO lab was hosted on the Snap Labs platform, which provided a realistic and immersive environment to practice and apply the skills learned in the course ๐ŸŒ. I would recommend going through the course material first to get a feel for the theory and concepts, and then starting the lab ๐Ÿ“Š. This approach will help you identify areas where your notes are lacking, and you can focus on filling those gaps ๐Ÿ“.

snap_labs

The lab was well-designed, and the challenges were realistic and relevant to the course material ๐Ÿ“Š. However, I did experience some issues with connectivity, which sometimes took over 10 minutes to resolve ๐Ÿ•ฐ๏ธ. Stopping and restarting the lab usually solved the problem, but it was frustrating at times ๐Ÿ˜ฉ.

To get the most out of the lab, I would suggest taking detailed notes and tracking your progress ๐Ÿ“. This will help you identify areas where you need to focus and ensure that you're covering all the necessary material ๐Ÿ“Š.

Exam ๐Ÿ“โ€‹

The CRTO exam was easier than I expected, but still challenging ๐Ÿค”. To pass the exam, you need to obtain 6 out of 8 flags, which are located across multiple machines in the domain ๐Ÿ“Š. I was able to complete all 8 flags within 7 hours!!๐ŸŽ‰.

bragin

hacker_man

The exam was well-designed, and the challenges were realistic and relevant to the course material ๐Ÿ“Š. I found that the knowledge and information provided in the course were sufficient to pass the exam ๐Ÿ“š. If you're able to complete the lab with Defender enabled, you should be well-prepared for the exam ๐Ÿš€.

Tips and Recommendations ๐Ÿค

  • Take detailed notes and track your progress in the lab ๐Ÿ“
  • Focus on filling gaps in your knowledge and understanding ๐Ÿ“Š
  • Practice with Defender enabled to simulate real-world scenarios ๐Ÿš€
  • Take your time and don't rush through the exam โฐ
  • Review the course material and lab exercises before attempting the exam ๐Ÿ“š
  • Complete the lab with defender enabled ๐Ÿ›ก๏ธ

Conclusion ๐ŸŽ‰

The CRTO certification was a challenging but rewarding experience ๐ŸŽ‰. I learned a great deal about Red Teaming and Active Directory, and I'm confident that my skills and knowledge have improved significantly ๐Ÿ“ˆ. If you're interested in pursuing this certification, I would recommend it without hesitation ๐Ÿค.