๐ CRTP Certification Guide
Certified Red Team Professional - Master Active Directory exploitation and red team operations
Advanced-Level CertificationOverview
The Certified Red Team Professional (CRTP) by Altered Security (formerly PentesterAcademy) is a hands-on certification focused exclusively on Active Directory security. This certification validates your ability to compromise and persist in Windows Active Directory environments using realistic attack scenarios.
Why Choose CRTP?
- 100% hands-on lab-based certification focused on Active Directory
- Real-world Windows domain exploitation scenarios
- Comprehensive coverage of modern AD attack techniques
- 24-hour practical exam with 5-machine environment
- Excellent preparation for advanced red team roles
- Highly regarded in the cybersecurity industry
Certified Red Team Professional (CRTP)
The CRTP certification validates expertise in Active Directory security assessment and exploitation. While this certification provides valuable knowledge, enterprise environments require comprehensive security evaluation.
๐ Enterprise AD Security
While CRTP certification demonstrates Active Directory expertise, real-world enterprise environments require professional security assessment. For organizations in Portugal seeking comprehensive Active Directory security evaluation, Pentesting.pt provides expert AD security assessment services.
๐ Exam Details
Exam Information
- Duration: 24 hours hands-on lab
- Format: 5-machine Active Directory environment
- Passing Criteria: Compromise specific targets and demonstrate persistence
- Prerequisites: Strong Windows and PowerShell knowledge
- Cost: $249 USD (course + exam)
- Lab Access: 30 days of lab time included
๐ฏ Learning Objectives
Active Directory Enumeration
Comprehensive AD environment reconnaissance and intelligence gathering.
- Domain and forest enumeration
- User and group discovery
- Trust relationship analysis
- Service Principal Name (SPN) enumeration
Local Privilege Escalation
Windows privilege escalation techniques and methodologies.
- Service exploitation
- Kernel exploits
- Token manipulation
- UAC bypass techniques
Lateral Movement
Moving through the Active Directory environment stealthily.
- PowerShell remoting
- WMI and DCOM exploitation
- Credential theft and reuse
- Over-pass-the-hash attacks
Domain Privilege Escalation
Advanced techniques to achieve Domain Administrator privileges.
- Kerberoasting attacks
- ASREPRoasting exploitation
- DCSync and DCShadow
- Golden and Silver tickets
Domain Persistence
Maintaining long-term access in compromised AD environments.
- AdminSDHolder abuse
- Security descriptor manipulation
- Group Policy modification
- Skeleton key attacks
Cross-Forest Attacks
Attacking across forest boundaries and trust relationships.
- Trust relationship enumeration
- Cross-forest golden tickets
- Trust key extraction
- Foreign security principals
๐ Study Plan
Week 1-2: Prerequisites
Strengthen your Windows and PowerShell fundamentals.
- Windows internals and architecture
- PowerShell scripting and cmdlets
- Active Directory basics
- Windows authentication mechanisms
Week 3-4: AD Enumeration
Master Active Directory enumeration and reconnaissance.
- PowerView and AD module usage
- BloodHound data collection
- Manual enumeration techniques
- Trust relationship discovery
Week 5-6: Privilege Escalation
Local and domain privilege escalation techniques.
- Windows privilege escalation
- Kerberoasting and ASREPRoasting
- Delegation attacks
- Lateral movement methods
Week 7-8: Advanced Attacks
Advanced AD attack techniques and persistence.
- Golden and Silver tickets
- DCSync and DCShadow
- Persistence mechanisms
- Cross-forest attacks
Week 9-10: Lab Practice
Intensive hands-on practice in lab environments.
- CRTP lab completion
- Additional AD lab practice
- Attack chain development
- Exam preparation
๐ ๏ธ Essential Tools
PowerShell Tools
- PowerView: AD enumeration and exploitation
- PowerUp: Windows privilege escalation
- Invoke-Mimikatz: Credential extraction
- PowerShell Empire: Post-exploitation framework
C# Tools
- Rubeus: Kerberos interaction toolkit
- SharpHound: BloodHound data collector
- Seatbelt: System enumeration
- SharpUp: C# privilege escalation
Analysis Tools
- BloodHound: AD attack path analysis
- ADRecon: AD information gathering
- PingCastle: AD security assessment
- Impacket: Network protocol implementations
๐งช Attack Chains
Common CRTP Attack Scenarios
Scenario 1: Kerberoasting Chain
- Initial foothold on domain machine
- Enumerate SPNs using PowerView
- Request TGS tickets for service accounts
- Crack service account passwords offline
- Lateral movement with service credentials
Scenario 2: Delegation Abuse
- Identify unconstrained delegation
- Force authentication to compromised machine
- Extract TGT from LSASS memory
- Pass-the-ticket for privilege escalation
- Achieve Domain Admin privileges
๐ Study Resources
- CRTP Course Material - Official Altered Security training
- Active Directory Security - Sean Metcalf's research
- PowerShell Empire Documentation - Post-exploitation techniques
- BloodHound Documentation - Attack path analysis
- HarmJ0y Blog - Advanced AD attack research
- SpecterOps Research - Cutting-edge AD techniques
๐ก Exam Strategy
CRTP Success Tips
- ๐ฏ Master PowerView: Essential for AD enumeration
- ๐ฉธ Understand BloodHound: Visualize attack paths
- โก Practice Kerberoasting: Common exam scenario
- ๐ Credential extraction: Mimikatz and alternatives
- ๐ Lateral movement: Multiple techniques required
- ๐ Golden tickets: Understand KRBTGT extraction
- โฐ Time management: 24 hours goes quickly
- ๐ Document everything: Keep detailed notes
๐ RFS Achievement
โ RFS CRTP Certified
RFS has successfully achieved the CRTP certification, demonstrating advanced expertise in:
- ๐ข Active Directory enumeration and exploitation
- ๐ Advanced privilege escalation techniques
- ๐ญ Red team lateral movement operations
- ๐ Domain compromise and persistence
- ๐ฒ Cross-forest attack methodologies
Professional Impact: This certification validates RFS's expertise in Windows domain security and contributes to specialized telecommunications and unified communications security assessments.
๐ Career Advancement
Professional Roles
Career opportunities enabled by CRTP certification.
- Senior Penetration Tester
- Red Team Operator
- Active Directory Security Specialist
- Windows Security Consultant
Skill Validation
Technical competencies proven by CRTP.
- Advanced Windows exploitation
- Active Directory security
- Red team methodologies
- Enterprise network compromise
Next Certifications
Natural progression after CRTP.
- CRTO (Red Team Ops)
- CRTE (Red Team Expert)
- GXPN (Advanced Exploitation)
- OSEP (Experienced Penetration Tester)
๐ฏ Ready for CRTP?
Readiness Assessment: Verify your preparation before attempting the exam.
- โ Strong PowerShell scripting abilities
- โ Windows internals knowledge
- โ Active Directory fundamentals
- โ Comfortable with PowerView and BloodHound
- โ Understanding of Kerberos protocol
- โ Privilege escalation experience
- โ Lateral movement techniques
- โ 24-hour exam endurance
Frequently Asked Questions
What is the CRTP certification?
The CRTP (Certified Red Team Professional) focuses on Active Directory attacks and defense.
Who should pursue the CRTP?
Penetration testers, red teamers, and security professionals interested in AD security.
What skills are tested?
Active Directory enumeration, exploitation, and defense techniques.