Recently, more and more people are thinking about taking the CTRP training to gain more insight into the Active Directory hacking techniques. Through this post you will discover if that certification is what you are looking for, including a comparison with other similar certifications out-there.
Background
To understand my opinion about this course you need to know something about me. As a professional, I am a pentester who loves automation (among other things). As a student, I am a holder of multiple certifications but the more interesting ones are: OSCP, OSCE & CRTP.
Who should not take this course?
Probably you should not take the course if you already know the content listed on the website and have some experience on the field. But, even if that’s the case, you may need the certification on your resumé.
Any other person with interest on realistic Windows pentesting, should take it. Even if you know some topics, this course could help you to organize your knowledge and you will learn a trick or two on the way.
What is in the course
Basically, you will learn to carry out a “from zero to hero” activity on AD forests with updated Windows servers just by using PowerShell based tools. Which is good because this is the only course that I know with an affordable price that can teach you how to fully and successfully attack an AD on a realistic scenario.
You will also learn remediation techniques for most of the issues so you can give valid recommendations on your reports.
What is the difference between OSCP, OSCE and CRTP?
After passing these three exams I have forged my own opinion on the value of each certification.
- OSCP: It is all about learning a pentesting methodology. The “try harder” philosophy is all about not being lazy while enumerating and giving you a good base to work on this industry. However, you will learn almost nothing about AD environments.
- OSCE: Here you will find the basics of exploiting and maybe you will learn some specific ways to attack web applications or networking devices. It doesn’t matter if you don’t deep dive into advanced exploiting topics because, again, they are giving you a base so you can continue your path on your own.
- CRTP: They offer you an updated environment, and they don’t want you to learn about creating exploits for vulnerabilities on specific technologies. Instead, you’ll get an organised content about how to attack an AD by just using PowerShell and taking advantage of misconfigurations. This course is focused on a more realistic scenario for a red-team member.
I would not say that any of the courses were a waste of time, and the combination of these three courses can give you a very solid base to work on offensive cybersecurity. This way, there is no competition between Offensive Security and PentesterLab. You will learn the base on OSCP/OSCE courses, and you will expand your knowledge about realistic AD scenarios on CRTP.
How much Lab time do I need?
If you have some experience or you are working as a pentester, you should be fine with the 30 days lab access. However, if you feel that you won’t have enough time to practice you can go for the 60 days.
The exam, the exam!
If you have passed the OSCP then you are used to this kind of exam, so the 24h exam is not a surprise. Also, if you know the topics, you have done the activities and you are well-organized you can clear the exam in less than 8 hours. The exam is not designed to make you suffer, but you need to apply the techniques learned on the course and your common sense.
As a constructive criticism, I have to say that I expected an email when the exam starts. You will receive one email for testing the VPN before the exam takes place which includes the exam start time, but you will not receive another email when the exam actually starts, and this can cause confusion. So be aware of the exam start time because you can lose your time if you expect an email authorizing you to go ahead with the activity.
Another thing that you need to know is that you will be provided with access to a machine with no tools on it, so be prepared with a VM that has all the tools which you think that you will need so you don’t have to lose time downloading the tools. Probably, they don’t tell you this because you should be expected to have your arsenal at hand, but I think the whole point of the exam is not evaluating if you are able to download tools from the Internet.
Final Words
I enjoyed taking both the course and the exam. I was willing to take a course like this one, but I was not in a moment for a “learn on your own and suffer while learning” kind of course. So I have to thank Nikhil for such a guided course on this topic ;)