Just got my CRTP ! Here’s my exam experience

Chenny Ren
3 min readNov 29, 2021

--

I just cleared my CRTP (certified red team professional) examination from pentester academy . As many people encourage me to write some reviews about this exam , here I come !

The reason I took this course is because I think I’m really weak in windows AD attacking and defending. I got my OSCP three years ago, after that I got my OSWP and some other security certificates (non offensive type). I really enjoy the hands-on type exam to be honest. You get much more than the certificate itself.

I registered the 30 days course with lab. Attacking and Defending Active directory is said to be a beginner level course. As I have previous experience in red teaming tools and I have at least 3 hours to do the lab every day even on workdays, I think 30 days would be enough.

The coursework provided by Pentester Academy is top rated. The course is instructed by the gentleman who developed Nishang and many other tools, and he provides an appropriate amount of depth with each concept. Instruction is provided via video and Powerpoint presentations, along with a lab guide and associated solution videos. When you purchase the course you will receive a confirmation from adlabsupport within 24 hours and then they ask you when do you want to start the lab so that they will set up for you. The count down will begin as soon as you start the lab.

The course is very in detail which includes the course slides and a lab walkthrough. There are 40 flags in the lab panel for you to submit (Each flag is an answer from different objective, you will get it easily as long as you follow the lab walkthrough) Flags are not mandatory to submit for taking the CRTP exam, but it will help you master the contents well

Course content

  • Local and domain enumeration
  • Privilege escalation
  • MS-SQL exploitation
  • Machine to machine lateral movement via PowerShell
  • Ticket creation (golden, silver, skeleton key, etc)
  • Domain and cross-domain trust exploitation

After two weeks in the lab, I got 40 flags done and went through the course contents twice . I decided to take the CRTP exam.

Different from other exams, you don’t need to pre-register for this one. When you are ready , just click “start exam” on the lab panel and you are good to go.

It is a 24 hours exam and you will have another 48 hours to write a report. For the exam environment, there is no Tools prepared ! So you really have to download and prepare all tools before starting the exam. Also download and install BloodHound in your local environment is really really really recommended ! You will find enumeration too important in the exam!

For me I didn’t get tools and bloodhound prepared so I did waste a lot of time doing so in the exam. And installing bloodhound in windows will require JAVA path . So finally I used the bloodhound in adlab in order to save time installing it.

The exam requires you to compromise five targets inside a company network. And you will see mostly the techniques you learn from the course. However, it took me 7 hours to get the first one done (also because of the network connectivty issues and tools downloading) Then another 3 hours to get the rest targets done.

Soon after submitting my report I received notification that it would be assessed within a week ( I took the exam during Thanksgiving week, that’s why it took longer than usual). After 5 days, I received an email telling me that I have passed ! and the other day the digital certification was sent to me.

Final thoughs

I really learnt a lot from the course. Powershell exploitation , mimikatz , golden tickets, silver tickets and so on. It is worth learning if you want to get familiar with Active Directory Pentesting . For my next certfication, I think I will go for OSEP and then come back to CRTE .

--

--

Chenny Ren

OSCP | OSWP | OSEP | CRTP |CRTE | CRTO | Red Team Professional | SOC engineer