CRTO course and exam

Discussing my experience of going through the course and taking the exam for CRTO. This was my first certificate, so take this review with a bit of salt.

NOTE: I took the old version of the course and exam

Course

For me, the course was clear and without too much fluff. The format is text with videos, which worked out fine for me. At first, it was sometimes a bit vague what was happening in the videos compared to the text, but I got used to it.

In the old version, there were always real exercises. You could work along with the course while taking notes. From what I’ve heard, the new version also has exercises.

Some friends of mine started with the old version and then transitioned to the new one, and they say it’s much improved.

Exam

For the exam, you used to get 72 hours. It’s in a CTF format, meaning you have to obtain flags throughout the exam environment. You pass with 6 out of 8 flags. The environment is pretty similar to the course environment.

Closing thoughts

I’d definitely recommend it to beginners and intermediate red teamers/pentesters. The course walks through the entire kill chain—from reconnaissance and initial access to defender bypass and data exfiltration. Another big plus is that it’s one of the few, if not the only, courses that gives real hands-on experience with Cobalt Strike.