Having bought INE’s premium plan, I have access to the Attacking and Defending Active Directory course. After passing the OSCP, my plan was to move further into Red Teaming, and CRTP seemed to be a good fit for the first step.
The course is only 14 hours long, however those are filled with techniques, different scripts and commands and overall a lot of stuff to understand and digest.
Preparation
It took me around 1 month to finish the training and writing all my notes, this was just after passing the OSCP so I was somewhat tired and burned out, and I was also doing the eWPT exam at the same time. You can easily finish this in 1-2 weeks by studying a few hours per day.
Then I bought the 30 days package in order to practice all the stuff in their labs, which by reading other reviews seemed to be well done and the best resource in the training.
Training Material
The training per se isn’t great, but it is also not bad. In my opinion it does have technical value, both on the lessons and the lab environment, and for the price you pay it is certainly worth it.
What I think could be greatly improved is the overall quality of it. The slides were not reviewed and the instructor would constantly fix stuff, also his english is not that great because of the indian accent and I would constantly have to watch/read everything multiple times until I understood what he meant. Some topics were also not well explained, so I would again constantly refer to other resources to learn and understand concepts.
Therefore, I think it would be a good idea to hire someone who speaks english well to review everything and make sure that the stuff makes sense.
The feedback is that they could greatly improve their quality by reviewing all the materials and organizing the ideas on a script or something before recording/writing. This is just my opinion and it might not affect your experience.
Lab Experience
Regarding the labs, I managed to grab 31 out of the 40 flags available.
At first I was totally lost, because they only give you a “Lab Manual” file on OneDrive containing some instructions and a walkthrough for all the learning objectives, so I wasn’t sure if I should follow them to learn and then apply everything by myself on some challenge machines or something.
Another thing that could be greatly improved is the objectives statement writing, most of them are confusing and don’t give you clues about what specific information they want. They are similar to the TryHackMe rooms, but instead of giving you clues and actually explaining which specific piece of information they want, it just has a brief title/description and then you’re all by yourself. Also the flags are not in sequence, which adds up to the confusion.
And lastly, the flags would sometimes fail to verify, and then if you insist on applying them they’ll be marked as verified. Again you end up wasting time trying to figure out if it is wrong or not or if is it just the mechanism that doesn’t work as expected.
Exam Experience
I started the exam at 9am on a wednesday during a few days on vacation, took some of the first days to get rested and work on developing some tools and then decided to give the exam a try.
So I spent the first hours just enumerating and trying to exploit a specific thing, ended up not getting the expected result multiple times because I was rushing it and missing a small silly detail.
Something that really bothered me was that the exam environment was really poor, both for the RDP through VPN and the web interface (guacamole), which would throw an error stating that I had been disconnected and I would have to reconnect again and again. That made me lost a considerable exam time and at some point I even thought I would end up failing because of it.
At some point I e-mailed the support address but got no help, their response was that they logged into the server and it was working fine. That really sucks because if you’re asking for support is because obviously something isn’t working as expected. You’re probably already nervous or anxious because it is a timed exam, so to wrap up I was only expecting some consideration from their side.
Now going back to the exam itself, it wasn’t hard but I wouldn’t say it is an easy exam either. If you take your time to understand and get familiar with everything on the training you’ll have no problem, just be sure to actually understand and refer to other sources if needed instead of just copying commands and taking notes, understanding the whole context is essential.
Closing Thoughts
Was it worth it? Well, I think that the technical information compiled in the training material is quite nice and you can apply most of it in real-life network engagements with a few tweaks.
However, from a Red Team perspective, you’ll have to take a lot of peripheral things into consideration, as just rushing into the environment running the scripts taught in the course will certainly trigger even the most basal defense and monitoring systems. That’s not exactly a Red Team certification in the end, it’s more on the infrastructure penetration testing side of things.
So at the end I think it is worth it more because of the lab access compared to the price paid, as setting everything up by yourself will take time and you’ll already know what is vulnerable and where. Also if you’re thinking of getting your first certification, this might be a good candidate as it is cheap and not that hard.
And that’s all I had for the CRTP, I hope the AD knowledge that I got from it will help me with OSEP.
0 Comments