Sign in Subscribe
Certification Featured

Certified Red Team Operator Review (CRTO)

Rashpal Mediratta

3 min read
Certified Red Team Operator Review (CRTO)

The CRTO certification is a 48-hour hands on exam which requires a student to compromise 6/8 machines in the exam environment. The machines have active defence measures. A C2 called cobalt strike is provided to the student when conducting the attacks.

Red Team Ops
Adversary Simulation & Red Team Operations.
Zero-Point SecurityEric Osinski

Course Content & Labs

Course Content

The CRTO course is an extensive and well put course. The course covers red teaming with the use of a c2 called "Cobalt Strike". The focus of the course is built around attacking active directory.

The course covers material ranging from external compromise, internal compromise, persistence, password cracking, pivoting, trusts, AV Evasion and a lot more!

Labs

The entire lab is accessed over a web interface over Snap Labs called guacamole. It is self-contained and restricts a student from uploading their own tools. The lab is extremely stable and the lab environment provided is large and well built.

Exam

Prior to the exam, I went over the course to ensure I understood the topics taught and the reason the methodology presented is used. I created a mind map and my own cheat sheet that helped during the exam.

The exam is 48 hours long and can be spread out across four days i.e. the exam can be done in 4 12 hour bursts or in any other manner that the student would prefer. The exam was in a self contained environment, no tools could be added on to the environment. It was done over a web interface which was extremely stable. The goal is to compromise 6 of 8 machines in the environment.

I started the exam at 830pm and managed to obtain the first flag close to 12am. I went to sleep and booted up the exam the following morning. I obtained the second flag fairly quickly but took a while on the third. I obtained the fourth flag quick but took some time with the fifth since the syntax for my commands were incorrect. Once I retrieved the fifth flag, the sixth flag was obtained a few minutes later.

Score Graph

I received my badge the following day after compromising 6 of 8 machines.

Tips

  1. Understand the "why" of each topic
  2. Create a cheat sheet
  3. Ensure you have proper syntax when executing commands
  4. Don't complicate the exam
  5. Ensure to re-do the labs with defender enabled

Resources

Red Team Operator (CRTO) Guide | CRTO Review
Introduction If you are here means either you are thinking to enroll in Red Team Ops (CRTO) Course or already enrolled in the course. Before proceeding further with the review i will request to once go through the faq’s on the course website. If you have already done that we can start the blog … Few weeks ago i passed Certified Red Team Operator (CRTO) Exam with 8/8 Flags which took me about 11 hours.
An0nud4y

Conclusion

The exam is focused on attacking AD using a C2. It is an intermediate level exam in my personal opinion. External material is not required to pass the certification exam. The course, labs and exam are great for getting into red teaming and building existing knowledge. For the price (£365) it's a no brainer. I mean lifetime access, an exam attempt and a lot of knowledge!