It’s been a while seen a recent post, and I would like to start blogging again in the Red Team category, I wanted to start this blog with a review on the CRTO course, an amazing and friendly course to jump onto Red Teaming knowledge. The Certified Red Team Operator course by ZeroPoint Security is a great course, the format is well explained and the techniques are on a friendly level that anyone can jump on it.
The course is amazingly structured it doesn’t jump onto complicated techniques and demonstrates the process of Red Teaming in it’s entirety its a great structure and compliments the MITRE ATT&CK Framework the course explains the technique, gives a demonstration then allows you to follow it in an Exercise. It also gives you hints in considering OPSEC around your course, advanced techniques are suggested to get around but not dig to deep as these can change quickly on how and who uses them. The course also explains tools that can be used in the course of the Red Team Engagement (Some good suggestions) and its focused on the C# language it does not tell you to avoid PowerShell or others, they are just considered not viable option because of OPSEC considerations or the Defense Mechanisms applied on the environment its good to always change your methodology, it all depends on the environment. A great thing about the course that should be pointed out is that you can Pause your LAB time we all know everyone is busy and can’t just run straight hours on a Course (Breaks, Sleep, Family) so this is a nice addition to the Course.
Some examples of what the course demonstrates can be checked on the Curriculum. Initial Compromise, Recon, Persistence, Privilege Escalation, Lateral Movement as well as applying this to Domain Environments. Tools used in the course are also explained on the Why, How, and When they can be used. The tools are also never given compiled to demonstrate and explain the student on the tools functionality and compatibility on running on a target host. Continuing throughout the course the student is given a C2 Framework to work on throughout the course, Cobalt Strike to be specific as this is the Red Team Industry Standard in frameworks for a Red Team. (I took the course when Covenant and Cobalt Strike were both demonstrated), this should not be a deterrent on taking the course since Cobalt Strike is a licensed product and dropping 5k is not as simple for people starting on RT the course gives you free access to a copy of Cobalt Strike to work on, some great C2 Frameworks are also suggested on the course which you can check on the C2 Matrix. While working on the course you will also be shown the infrastructure that is usually taken when setting up your own Operation, they can slightly change depending on where you are setting up.
The Exam, oh yes here you demonstrate you have understood and are willing to take the extra mile for investigation for the Exam, everything is already demonstrated on the lessons but you can also research on your own and keep some handy one-liners for running tools. When I took the course the Exam consisted of 4 flags (If I am aware correctly this has changed to 8) and adding these flags on the Exam page proving that you have reached certain locations on the environment it is well built a great demonstration on a real world network once you have reached the required Flags to pass the course you should receive a nice badge stating that you have passed.
I have to give it to @_RastaMouse, I’ve always wanted to jump onto red team when I first started learning CyberSecurity, but there weren’t that many courses around, and if you found any they were pricey or a little outdated (Not complaining but Red Team changes FAST). The course is also Updated when new things are being discovered and are essential to understand and work with, you have access to these new additions for free, as you buy the course once and the new things are available once you log back in. I was very inspired and grateful for the accessibility and structure of the course. I wrote a Gitbook for Red Team when this course was not available and would have been a great help when writing it down I did use some references on what I have learned here. Just to keep this short and sweet I did Pass the Exam on 2021.
While writing this blog RTO2 has been released and it feels like Christmas.