MY CRTP Experience

Arnav Tripathy
5 min readJul 27, 2020

--

CRTP Lab!Image from Pentester Academy

Recently I completed my much awaited CRTP certification from Pentester Academy. Like always I write a review about a hands on proffesional certification once I clear it. Again the only disclaimer about this is that the opinions are only mine , that’s all.
Little preview about me: I am currently a fourth year computer science student from India . I have cleared OSCP( little bit of show off) in April, you can check out that review as well. CRTP was always gonna be my next certification after OSCP because I wanted to learn about active directory and infrastructure pentesting . The average cyber security guy will know that while there are many resources online about AD , they are not at all structured in a proper way and that is why I opted for this cert.
Now coming to pre course registration, I was a little worried because many were talking about how the course assumes that you have a fair bit of AD experience and I had zero . The only tast of AD I have ever had was from eNDP where I had to setup a WSUS server and a little bit from TCM. You can say that it was almost zero.
So the only option was to take 60 days of lab and learn in the meanwhile. Many blogs suggested that 30 days was more than enough and personally I didn’t feel like I wanted to take 60 days of labs as most said that the lab was small enough and can be easily done. So I took the thirty days of labs only but I opted for the materials . i thought that I could go through the materials first and then dive into the labs. I distinctly remember telling myself that it should be easy and I shouldn’t worry much.
Boy was I wrong! I registered for the course on 9th May ,2020 and got the material .I didn’t schedule my lab as in accordance to the lan and dove headfirst into the material. Honestly speaking , I couldn’t understand a thing from the material. I became increasingly worried because everyone kept saying that this was basic and easy and I was not even able to follow the videos . So I decided to google each and every term(I hate messaging or calling people for technical doubts) mentioned in the course and try to understand the process flow.
If I tell you honestly, it was seriously hard . I couldn’t even understand things like domain user, netbios ,etc i.e. the basic terms. I hadn’t opted the oscp upgraded materials so I had actually no clue about AD pentesting. I turned to TCM but honestly speaking, TCM shows you the process of how it happens and the commands, he doesn’t explain the concept well atleast thats what I felt. Plus he uses impacket from Kali whereas this course focused on using windows to attack and focused only on tools based off powershell. Even my powershell was weak , I spent a little time on learning it so that I could atleast read the code of the tools used and debug if something went wrong.
This went on for 20 days(yes !). I spent a lot of time trying to understand the hows and whats of an enterprise AD environment. It involved a lot of googling, trial and error, setting up my own local environment, trying to experiment, again googling. It was honestly a lot of work and I did feel the urge to quit a lot of times because I had never ever operated on a real AD environment. But I always kept myself motivated with one thought that was “These are things created by humans for humans. How hard can it be?If so many people can understand, then I can”.
Eventually that day came, you know that day when you are able to connect all the dots , when everything starts making sense to you . Oh my God! You feel elated dont you! You feel like youre at the top of the world. That day was 29th May,2020. And immidiately that day I asked for the lab and next day I got lab access.
Now for the lab: They provide a small AD based lab where you are given access to one host and are asked to try out all the attacks taught in the course. They also provide the walkthrough of all the objectives so you don’t have to worry much. They even keep the tools inside the machine so you won’t have to add explicitly. They literally give you their hand and walk you around the lab so don’t worry about it!
Here my approach was a little different. Most people say to try out the attacks on your own and to not use the lab guide. However I will actually advise to people like me who are soaking the content to use the lab guide as much as possible even if you are completely clear with the material before hand like I was before the labs. The reasons being that even if you are clear with the concept, it does not mean that using the tools are easy. Some of the commands are really long and you will notice that its a repitetive too. You could google about the tool and then apply it, but in my opinion , its actually a waste of time to do that. They privided the guide because they want you to learn from examples. So don’t be guilty and refer to the lab guide like I did unless of course you are experinced in AD pentesting and want to challenge yourself.
With this , I completed my lab in three days I guess. I scheduled my exam on 16th June,2020. Before that I made a cheatsheet, completed the lab once again as a revision, read blogs anticipating the exam.
And guess what? I failed the exam . I couldn’t even compromise a single machine(You have to compromise 5 to pass). I felt disgraced, cheated as if Pentester Academy deliberately wanted me to fail. I simply couldn’t figure out the problem no matter how many times I saw the bloodhound output.
Frustrated and disappointed I asked some people in linkedin about where I could have gone wrong. To my surprise the usual response I got was that bloodhound had all the answers. I had saved the files, I tried to look into the files ,yet couldn’t find it. I went online and searched about bloodhound and I saw some people claiming that bloodhound sometimes can miss output and one should also use other tools to enumerate and not rely on bloodhound.
With this thought, I again retook the exam on 19th July, 2020. This time I passed the exam within 4.5 hours! If you enumerate well, it will take that much time only. I realised that it’s actually simpler than I thought . Personally , I think you even learn some things in the exam as well which is good .
Overall, I think it was a wonderful experience and I will definately take CRTE before college ends. I now feel much more confident in AD and its pentesting. Morever , I have got a better understanding of windows internals and working which was something that was missing before.Thank you Pentester Academy for a wonderful experience!

--

--

Arnav Tripathy

Feline powered security engineer . Follow me for a wide variety of topics in the field of cyber security and dev(sec)ops. Kubestronaut FTW!