So recently I acquired my CRTE. My resolution this year was to acquire my personal big 3 i.e. OSCP,CRTP and CRTE. I am happy to share that in a span of 7 months I have all three supposedly considered top level certifications. It has come at the back of lot of hard work and dedication and I am proud that I was able to clear all these and learn so much quickly all in my final year of bachelor’s degree of college . You can find my reviews for the other certs in my blog list if you want :)
Before this, I want to clear one thing with most. Most people ask me why do I go for these certifications and not internships and why do I ‘waste’ so much money on these certs. Here are my reasons why I go for certs:-
-I do not go for the theoretical certs like udemy and coursera, the certs in cyber security are extremely practical. It gives me a hands on experience even before entering the industry.
-Do you honestly think I have not tried for internships? Of course I have tried for internships, but in most cases, people from linkedin have not responded to my messages or I have not got shortlisted for reasons unknown. Seems like most folks are not willing to hire a fresher unless you have good references. Being from a realatively remote area of Odisha and not having the luxury of references (No engineers in our family and extended family as such) has put me a little behind competitors.
-Lack of classmates and seniors in the cyber security industry to talk to about cyber security. I agree that mentorship is important in all aspects of life, but you can practice a lot of hackerrank and land your dev job from college . In cyber security, there are very few companies who take on basis of merit(as far as I know) and even less companies who are willing to hire and mentor freshers.
-Look CTF’s are great and even I play a lot of htb, vulnhub and some assembly CTF’s , but remember , it’s great if you do it with a group of people ,preferably with people better than you in the initial stages. Missing that experience means that I have to entirely rely on publicly available writeups and a lot of head scratching to solve active htb machines which takes up a lot of time and honestly at this point , I spend a lot of time scratching my head and learning less. Overall, return of investment is less for me at this point.
-It is at this point certs are great. If you look at the els ,offsec and red team lab, yes the material does provide almost all things to pass(not offsec or even red team lab) , but the exam is a real test of application of concepts. Consequently , I know a lot of htb gurus who have failed or have a tough time passing it. Consequently, I have learnt a few tricks in the exams itself :)
-Money wise? Well I had a part time job in second year of college where I was overpaid which covered 80% of my cert costs . If you’re still gonna judge me for taking the 20% money of money from my parents, then what are you doing with your gaming consoles , video games , overpriced laptops , netflix subscriptions and fancy dine ins?
Again , these are all my opinions, I am not pointing out any particular individual, but please know that if you can dedicate yourself completely , then anything is possible.
Now for the review in hand, I purchased one month lab from pen acad in Sept 1st. I used to message some people in linkedin and discord . The few who responded said that it’s a step above and advised me to take 60 day lab. I was confident that i could complete it in 30 days and hence i went with my gut and took the 30 day lab.
Needless to say, I completed the lab and owned all machines in 6 days. Here are a few tips for the labs:-
-Ignore people who try to scare you. If I ever listened to them then I would not have even cleared an els course.
-I kind of took it overboard and set up my own lab with mssql servers of various misconfigurations(Not required , but gives a confidence boost) and double hop methods.
-Most important thing for me was that the hours spent on research in CRTP lab and material really paid off. If you’re the kind of guy who is having a hard time debugging issues in CRTP, CRTE would be rough on you. That being said, my time with CRTP was definitely very rough for me because I was new to AD and had no one to clear my basic doubts. So my google was filled with a lot of useless queries .If I think back, that skill of helping myself has helped a lot in CRTE.
-Make use of support. I must have riddled with them with a lot of useless queries. They were patient with me quite a lot and answered each and every query quite swiftly . They are enough to guide you to be honest.
-If you’ve done crtp, the guide is still very useful ,keep it with you . Also make personalised cheatsheets with you , I can’t tell you how much time it saved for me :)
You’ll enjoy the lab if you enjoy giving yourself challenges . While in no way I am a red team expert, I firmly believe that technical skills are easy to gain if you’re sincere and self reliant. If you need hand holding all the time then best look for strong mentors who have the time to guide you.
The exam is a tad bit more challenging from the lab to be honest atleast for me. Little bit of creative thinking and analysis is needed from your side to get over a block .Once you get over the block though it’s a piece of cake.
Once again I thank Pentester Academy and Nikhil Mittal for presenting this wonderful course . I will definitely take GCB lab after I get a job because I have stopped pursuing certifications for now and rather completely focusing to get a job .
What next? I have an objective to complete offshore and rastalabs from HTB before I graduate in June 2021 . I don’t have any experience with a c2 hence I think it might be a nice challenge for me :) Meanwhile , I am trying to increase my knowledge in cloud security and threat hunting as well. Hope this small review helps y’all!
P.S. :- Will post links for reference if needed from a lot of you.