CRTO

Created in October 19, 2024

2024   ·   CRTO   exam   notes   cerificates   ·   certificates

Certified Red Team Operator

This was my first red teaming certificate. Which means my point of view is a bit narrow, but i hope you will take something uses full from this regardless.

My overall experience was good, both with the course, and the exam. It allows you to get familiar with Cobalt Strike, which very little other certificates allow you to just do

The course

The course contains all the information you would need to pass the exam, and maybe a little bit more. It was overall quite clear. All of the information in the course is available in text, and some chapters contain a video walk trough to explain it a bit more.

In total i spend about 3 months with the course. I didn’t use up all lab time i had available, but made use of a good part.

As recommended at the end of the course i did another walk through of the lab with defender turned on.

Content wise for me, the biggest focus for me was Windows Active Directory and Kerberos Authentication

The exam

For the exam, you get 4 days. In these 4 days you get 48h of runtime for your lab. In order to pass the exam you need to get 6 of 8 flags. Each computer in the exam contains a flag.

I had some difficulty in the exam, where I needed to restart the environment a few times in order for it to work again.

Something i didn’t focus on much in the course, but which was quite important in the exam was Forests and Trust.

I got the first 6 flags quite easily, but for the last 2 i struggled. In the end i did manage to get them, although 20 minutes past the end time of the exam, so it didn’t count :( There was something that wasn’t obviously mentioned in the exam, but which a through google session you should be able to fix your error.

Notes

Some point in the future i will add my notes to site. Not sure yet if i will do all notes or just the final cheat sheets, but we’ll see.