Course Foundation (AD Security)
The Certified Red Team Professional (CRTP) certification is built around the Attacking and Defending Active Directory lab. It is designed to give penetration testers and red teamers practical skills in exploiting enterprise Active Directory setups, starting from a non-admin user to achieving domain dominance.
Core Topics
Master the art of Active Directory exploitation with our detailed curriculum:
Active Directory Basics
Architecture, Domains, Forests, Trusts, User Accounts, Groups, and OUs.
Enumeration & Recon
Domain enumeration with BloodHound, identifying ACLs, GPOs, and trust relationships.
Privilege Escalation
Local privesc (Unquoted Paths, DLL Hijacking), exploiting misconfigured permissions and services.
Lateral Movement
PowerShell Remoting, WMI, Scheduled Tasks, Mimikatz credential dumping, Pass-the-Hash/Ticket.
Persistence
Golden/Silver Tickets, Skeleton Key, Kerberos Delegation abuse, GPO backdoors.
Trust Abuse
Forest & Domain trust exploitation, Kerberoasting, MSSQL abuse.
Exam Format
24-Hour Exam
24-hour practical exam in a fully patched multi-domain AD environment.
5 Target Servers
Achieve OS-level command execution on 5 target servers.
Professional Report
Submit a professional report within 48 hours of exam completion.
Important Notes
- Beginner-Friendly: Suitable for those new to red teaming but familiar with Windows/Networking.
- Validity: Certificate is valid for 3 years and can be renewed.
- Tools & Skills: Heavy use of PowerShell, BloodHound, Mimikatz, and AD-specific techniques.
- Lab Access: Options for 30, 60, or 90 days depending on experience level.