logo
Published on

Review of CRTSv2 certification by CWL

Authors
  • avatar
    Name
    Mario Ritter
    Twitter

Course

The course contains all the topics it declares:

Attack Simulation

  • Extensive OSINT Enumeration
  • Exploit Remote Access Services (VDI, RDS etc)
  • Realistic Initial Access Scenarios
  • Custom Web & Escalation Scenarios
  • Port Forwarding, various proxies etc

Abusing MS

  • MS Exchange
  • Active Directory Certificate Services
  • Group Managed Service Account (gMSA)
  • Linux Based KDC
  • Cross-Forest Abuse Scenarios

Lateral Movement

  • SSH over Kerberos (SSO)
  • Multi-Factor Authentication Evasion
  • Across Workstations (Windows & Linux)
  • Abuse Internal Remote Services in Multi-OS environment
  • Certificate Based Lateral Movement

Abuse Enterprise Grade Software

  • Abuse Automation Software
  • Weaponizing Visual Studio & Zoom
  • Bastion Hosts
  • Git Personal Access Tokens
  • Understand & Exploit CI/CD Pipeline

The course also includes a lab environment where attendees can apply the techniques learned hands-on. There are 2 writeups, each with a different technique and attack vector. The course and labs can be completed fairly quickly if you already have some previous experience.

Final exam

The final exam takes 24 hours, with an additional 24 hours to write the report. The report can be submitted in any format, but must include accurate procedures and findings. This report can be written during the exam itself, allowing for same day submission.

What I like

I really appreciated the stable environment, both within the exam and in the labs. There was no need to ask for resets and the reverse shells worked reliably. The combination of PDF materials, videos, and lab exercises was well done and the course content was of high quality.

What I would improve

Almost nothing. The only thing I would mention is the ability to use any tools in the environment, which is often not possible in real red teaming due to security measures like AV/EDR. Maybe this topic will be covered more in the more advanced CRTE certification, which I hope will include C2. :-)

Tips

I recommend going through the lab and taking note of anything you don't know. This is very important to passing the exam. But what is also important is "Don't overthink!". You can pass the exam on a wave, and somehow you'll know where to go next. But if you get stuck somewhere and start combining too much, it's a road to hell. :-) That's why it's good to take a break and look at it again with a clear head.

Summary

CRTSv2 is an excellent certification that provides in-depth knowledge and practical experience in red teaming. It covers a variety of topics that may be new even to more experienced professionals, such as Gitlab (CI/CD) or Kerberos in a Linux environment. If you are interested in expanding your knowledge in security testing, I definitely recommend taking this certification.

Stay Kawaii and Hack the Planet!

kawaii
       /\_/\
      ( o.o )
       > ^ <

Due to lack of time translated via DeeplAI. sooooory :((

SHARE