CRTP Bootcamp Review

Synthesis

Value of content : 9/10

Mastering the material in this course will give you the tools necessary to compromise any Active Directory (non Azure) environnement that is not mature.

As a professional pentester I would say this is enough to compromise 80 to 90% of the Active Directory environnements I encounter.

By mature I mean that has advanced level of cybersecurity implemented, a SOC, an EDR/XDR that are actively blocking your attempts.

Even a mature system can be compromised if the Blue team is only observing your attacks and not actively blocking them during your engagement.

They do provide training with more advanced material such as CRTE and CRTM if that is what you are looking for.

Cost to value ratio : 10/10

This is where it shines, it is incredibly cheap for all it provides especially considering the resume, quality of teacher, it was $249 at the time of this review.

Do I recommend it : Yes

Definitely, the information is relayed in an easily digestible format.

The labs are well made and allow you to practice and master the course material.

If you are an experienced Linux pentester this will give you the ability to compromise a Forest from a Windows machine, which as a pentester is a useful thing to know.

You’ll learn how to attack and compromise an enterprise through Active Directory and learn the basic evasion techniques required to do so.

The exam is also part of the learning experience, you will be confronted with errors and problems you will face in a real penetration testing environnement and you will learn through it.


What it does well :

Basics, it is the most important part of any learning process and they do it extremely well.

I fear not the man who has practiced 10,000 kicks once, but I fear the man who has practiced one kick 10,000 times.

– Bruce Lee

I love the lab environnement, you don’t even need a virtual machine (Kali, etc..) to do the course.

Customer support was excellent, there were some issues I encountered with server configuration and downtime, however their team responded to my email and fixed my issues in record time.


Syllabus :

  • Enumerate Active Directory (Find relevant information to stage proper attack)
  • Escalate local privileges (From local user to local admin)
  • Escalate domain privileges (From local admin to domain user or standard domain user to domain admin)
  • Lateral movement within domain
  • Place various types of backdoors in Active Directory (Persistence insuring you can come back later for further attacks)
  • Abuse trusts to escalate from a child domain to a parent domain, or to compromise other domains laterally. (Domain admidn to enterprise admin, etc…)
  • Defenses (How to protect oneself from attack, what are alerts created by each attack)
  • Bypassing defenses (Powershell mechanisms, Amsi and logging )

Room for improvement :
There were several issues with commands in course material.
For example, you had to provide domain in arguments for a command to work, however the domain argument was not provided in the course material example:

Command -d "domain_name" (What needed to be inputed)
Command (What you saw in the course material example)

Or issues where you’d need to restart the lab machines because for some obscure reason lab deployment encountered non verbose errors at launch. Of course your only clue was that certain commands did not work, however usually you question yourself before you question the lab environnement.


Overall evaluation :

  • Great customer service
  • Not greedy, I paid for lab extensions and each included an exam retake. When services were down for a day, they restarted my lab counter from zero instead of just adding a day of extra time.
  • Live demos in bootcamp are great and question oriented.
  • Labs are great for learning techniques, just what is needed to master tools.
  • The sign that they have a great exam is that you learn something new while doing it and the course teaches you enough for you to pass it.

Recommendations for exam preparation :

  • Ressources:
    Best notes I have encountered, has everything you’ll ever need and more to pass exam:
    https://an0nud4y.notion.site/CRTP-Notes-1cf6c7c76d9e4bdfb474ec92837c87e1

  • Tips:
    Come to lectures prepared have the labs done with tons of questions they will take the time to answer them.
    The discord channel is great, ask questions and your fellow colleagues will help you.
    Sometimes you just need to restart the lab.