Sign in Subscribe
Certification Featured

Certified Azure Red Team Professional (CARTP) Review

Rashpal Mediratta

3 min read
Certified Azure Red Team Professional (CARTP) Review
CARTP Certificate

With several organizations opting to host their environments on the cloud, its security is paramount to ensure malicious adversaries do not obtain access to the dedicated / hybrid cloud environment.

The Certified Azure Red Team Professional (CARTP) certification provides training and an exam environment that is specific to attacking and defending the cloud, specific to Azure environments.

The exam is 24 hours and requires a certification holder to compromise the provided environment. An additional 24 hours are provided to submit a detailed report highlighting the attack and compromise path.

Altered Security
Global leader in hands-on learning for enterprise and cloud security education. Join 10000+ infosec professionals from 130+ countries
Altered Security

Lab

The certification came with a lab environment that required a student to go through multiple cyber kill chains to compromise several aspects of the environment. The lab environment was accessible over the web via the guacamole interface and proved to be very stable. Furthermore, the support team was always available to help.

Lab Environment

Exam

I started the exam on the 23rd of June 2024 at around 8am and managed to compromise the environment within 6 hours. Initially, I overthought the first and second attack vector and took quite a lot of time on it however, once I understood the initial attack paths, everything cleared out.

The exam is straight forward if you're prepared and with any Altered Security certification you need to ready to navigate your way through the exam environment to get to your objective.

Tips

  1. Keep it simple
  2. Ensure the command syntax used is correct
  3. Finish the lab environment and capture all the flags
  4. Thoroughly study the course
  5. As always: Understand why and when to use a specific tool

Resources

The course material covers everything in great depth. If additional material is needed, have a look at the official Microsoft Learn documentation on Azure cloud as well as Hack Tricks:

Azure security documentation
Azure offers security advantages that support your compliance efforts, provide cost-effective security for your organization, and help protect your hybrid and multicloud platforms, applications, and data.
Microsoft LearnTerryLanfear
HackTricks Cloud | HackTricks Cloud
Logo

Conclusion

The CARTP exam provides knowledge on attacking and defending Azure environments. The course material is very extensive and may be quite a lot to get through over a short period of time, I opted for the 60-day package when the course had a 20% discount. The lab and exam environments were great and stable. I'd recommend the certification as it holds value and provides valid attacks paths that can be used in various assessments.