CRTO I & II

This blog post is a review of the courses and contains a comparison with OSCP. https://www.zeropointsecurity.co.uk/

Introduction

I successfully achieved CRTO I and II on my first attempts within a span of 6 months. Prior to taking the lab, I invested significant time in deeply studying the material, ensuring a thorough understanding by reviewing the content three times. Subsequently, I practiced the lab exercises, dedicating no more than 20 hours to complete them. Following my preparation, I took the exams. The CRTO I exam lasted 48 hours, during which I utilized the entire allotted time. As for CRTO II, although the exam period was 72 hours, I completed it within 24 hours. Overall, I am extremely satisfied with my accomplishment, and I firmly believe that these certifications are well worth the investment. Furthermore, I do not have any negative sentiments regarding this experience.

CRTO I

The CRTO I course is a comprehensive program that primarily focuses on Active Directory (AD) and C2. It covers essential aspects of the Active Directory environment. The course material serves as an excellent handbook that remains updated with minor and major version releases, incorporating new techniques and tactics. With lifetime access to the course, it ensures that you stay up to date with the latest advancements. Additionally, there is a Discord server where you can find solutions to any challenges you may encounter. While the community may not be extensive, it is active and continuously growing.

Daniel Duggan, the instructor, is exceptional. The course offers a combination of instructional videos and documents that can be followed simultaneously. The material is well-documented, utilizing clear language, and Daniel's accent is easy to understand and follow.

In this course, you will learn numerous key points from an opsec perspective. The inclusion of ELK in the lab is highly valuable as it provides a better understanding of behaviors, tools, and more. Daniel defines red teaming as it should be, focusing on opsec considerations, defense detection perspectives, staying under the radar, defense evasion, and exploiting misconfigured or poorly secured systems. The course does not totally focus on using Cobalt Strike, focuses on red teaming with Cobalt Strike. In both the lab and exam, there is no usage of public exploits; instead, you will work with normal and patched machines and services.

The lab environment is excellent and well-structured. Initially, the 40-hour time limit may seem limited, but it is sufficient for covering the course material and practice.

Success in the exam is not easy to achieve, as it requires attention to detail. It is essential to have a solid foundation and a genuine understanding of the concepts rather than relying on copy-pasting. Diligent preparation is key to success.

Overall, the CRTO course is worth the investment. If you are hesitant, I encourage you to purchase it without further hesitation. I am grateful to Daniel Duggan for creating this outstanding course. It is truly a pleasure to have him in the industry, and I am glad to have had the opportunity to learn from him.

CRTO II

The CRTO II course is a highly detailed program that primarily focuses on security evasion techniques in the Windows environment, including ASR, WDAC, EDR, and C2 hardening. The course material provides in-depth knowledge and is highly valuable. Like CRTO I, it receives regular updates and offers lifetime access, ensuring you have access to valuable content in the future. I am particularly excited about the upcoming major update, which promises even more valuable content. Unlike CRTO I, the course material for CRTO II is mostly documentation-based and comprehensive.

CRTO II builds upon the knowledge gained in CRTO I. If you are familiar with the topics and have practical experience, you can directly enroll in CRTO II.

The course focuses on evading security systems. By the end of the course, you will learn how to write process injectors with C#, modify source code to evade basic security detections, identify weaknesses and bypass security policies in ASR and WDAC. The course also provides in-depth coverage of EDR, offering valuable insights into this area.

The exam for CRTO II is known to be challenging. It requires a thorough understanding of the topics and excellent troubleshooting skills. You will encounter situations where you need to troubleshoot and figure out why things are not working as expected. The exam may present scenarios that are not completely covered in the course materials, so having extensive knowledge and a problem-solving mindset is crucial. If you are interested in an in-depth study of security policies, this course is for you. It is worth every penny and a highly recommended investment.

CRTOs vs OSCP

In certain career pathways, it is suggested to take CRTO I before OSCP. Personally, I obtained my OSCP (with AD) certification in the first week after the AD update. The current AD content of OSCP had been updated, and I am not familiar with the changes. However, in my exam, a deep understanding of AD was not required.

CRTO certifications focus exclusively on Windows and AD, covering numerous critical topics. They provide you with the ability to evaluate situations from the perspective of someone working on the defense side.

In terms of cost, CRTO certifications are more affordable, costing about half of what you would pay for OSCP. In my opinion, while CRTOs may not directly assist you in obtaining OSCP, they offer knowledge and skills beyond what OSCP provides. There are some similarities between the two certifications in certain chapters.

One significant difference is that in OSCP, you are required to write a report, whereas in CRTOs, no report is necessary; you only need to submit flags. The labs and exams for both certifications take place on a private and isolated network, with connectivity provided solely through a browser. Using a VPN to connect to the environment is not allowed. The laboratory provides the necessary tools and machines for your work.

Lifetime access is offered for CRTOs, whereas OSCP does not provide this benefit.

If your focus is on Red Teaming, CRTOs may be a better choice over OSCP. However, having OSCP certification is also highly remarkable. I cannot say that one is easy to obtain while the other is difficult. They each have their own challenging aspects. If you aim to broaden your skill set horizontally, considering these certifications would be worthwhile. In summary, CRTOs are specifically designed for red teaming, while OSCP focuses on pentesting.

Absolutely, having a deep understanding of the tools, tactics, and techniques used by attackers is crucial for effective defense. The CRTO courses can provide valuable insights into the mindset of red teamers and help blue teamers develop better strategies for protecting their organization's assets. Additionally, having a comprehensive knowledge of Windows and Active Directory environments can be extremely beneficial for those working in blue team roles, as these technologies are widely used in many organizations and are often targeted by attackers.

Disclaimer: This blog post has been enriched by ChatGpt for better understanding as English is not my native language. In some areas, you may see content posted somewhere on the internet.