CRTO Review

CRTO Review

Overview:

The Certified Red Team Operator certification is an advanced course in offensive security, focusing primarily on the use of 'Cobalt Strike,' one of the main trade tools. The course, exam, and all aspects of Zero Point are overseen by RastaMouse, which may raise concerns regarding support and quality for some individuals. However, during my time, I have not encountered any situations that would raise concerns in this regard.

The pricing options for the Course, Lab, & Exam are as follows:

Pricing as of 06/009/2024

I opted for the 60-day lab time since I had just finished the OSCP grind (you can read about that here) and didn't want to rush through the content. If we compare that to the above items, we can see that the price was 445 pounds or 566.43 US dollars. For a full course, labs, and exam, that seems like a fair price compared to the industry standard.

Course material:

The course material starts off strong, simulating a full red team engagement with Defender both enabled and disabled. Rasta has written the material very concisely and relevantly. Throughout my studies and reading, I never felt overwhelmed, as if I was being hit with a fire hose. It's important to note that this was not a beginner-level course; a certain level of understanding is expected, as stated in the FAQs:

Labs:

Let's discuss the lab setup, as it confused me a bit initially. The labs are hosted on Snaplabs and accessed via Guacamole in your web browser. It took me a while to get used to this, as my screenshot software, Flameshot, didn't properly capture screenshots in my usual way. After about a week, I established a standard workflow, and the access software didn't bother me too much.

If you purchase lab time with your course, an important note is that access begins the moment you complete the purchase. However, it's crucial to understand that access time is not the same as lab runtime. To elaborate further, for every 30 days of access, you will be granted 40 hours of active lab time. So, if you purchase the first option of 30 days, this means you have 30 days of access to use the 40 hours of active lab time. (Be sure to keep track of when the lab is active but not in use, as this could result in a loss of lab access sooner than desired.) If you're concerned that outside obligations may delay your ability to work in the lab, you can also purchase lab time at a later date.

Study methodology:

After my first few days of studying, I found a really good rhythm to thoroughly review the material and be proactive in the lab without experiencing much idle time. The strategy was to completely read through each section and create notes as needed. Once I had completed the section, I would then start the lab and take a 5-minute break while it started up. After the lab was started, I would run through all the topics from the section I completed in the lab, and upon completion, I would stop the lab.

Using this methodology, I was able to complete the labs both with and without Defender, with about 40/80 hours still remaining. The majority of the time required was when Defender was enabled, as some aspects were more tedious than others. Overall, I believe you can complete all aspects within a 40-hour limit if you are using the lab time efficiently.

Exam:

The Red Team Ops Exam is a practical CTF-style event driven by Snap Labs.  It's an assumed breach scenario by which the student must emulate an adversary using the provided threat profile as a guide.

The exam consists of a 48-hour active runtime within a 96-hour window. This setup is similar to the default labs but with a smaller usage window. To pass the exam, you'll need to obtain 6 out of 8 flags.

In my opinion, the exam experience was quite pleasant. Shortly after booking the exam, I received confirmation and was provided with my threat profile to emulate. On the day of the exam, I received a reminder an hour prior to the exam start and had ample time to prepare.

I won't go into details out of respect for the exam itself. However, I was able to achieve the necessary points to pass in about 24 hours after the exam had started. The exam was fair and adhered to the methodology, and I felt it was fairly straightforward.

Final Thoughts:

  • Overall, this is a must-have course for anyone wanting to dip their toes into the advanced side of offensive security.
  • The exam is a great experience and stays faithful to the methodology taught in the course.
  • Pricing is great, and community support is top-notch.