⚔️ CRTP – Certified Red Team Professional

🧠 1. Certification Name and Issuing Body

  • Full name: Certified Red Team Professional (CRTP)

  • Issuing organization: Pentester Academy / Altered Security

  • Reputation and global recognition: Considered one of the best hands-on certifications for learning Active Directory exploitation. Highly respected in the red team and internal network pentesting communities as a strong foundational AD certification.

📚 2. Curriculum and Skills Covered

  • Covered domains:

    1. Active Directory enumeration

    2. Kerberos attacks (AS-REP Roasting, Kerberoasting, Pass-the-Ticket)

    3. Local and domain privilege escalation

    4. AD misconfigurations (Unconstrained Delegation, GPP, AdminSDHolder abuse)

    5. Lateral movement using RDP, WMI, PSExec

    6. ACL abuse (DCSync, RBCD, Object Takeover)

    7. Credential dumping, LAPS, SID history

    8. Introduction to Domain Persistence

  • Depth of content: Highly practical and task-based, with emphasis on real-world tactics used during internal assessments

  • Technologies and tools included: PowerView, Rubeus, Mimikatz, BloodHound, CrackMapExec, SharpHound, custom PowerShell scripts

  • Relevance in the current job market: Extremely relevant for roles requiring AD pentesting, red teaming, and lateral movement techniques

  • Mapping to frameworks: Strong mapping to MITRE ATT&CK (Credential Access, Lateral Movement, Privilege Escalation), NIST 800-115 (Internal Testing), NICE Framework

🧩 3. Prerequisites and Recommended Level

  • Prior certifications or experience required?: Not required, but OSCP or equivalent AD/networking experience is helpful

  • Expected skill level: Intermediate

  • Required knowledge: Familiarity with Windows environments, basic PowerShell, SMB/RDP protocols, and domain security concepts

💵 4. Cost

  • Total cost: ~$249–$299 USD (course + 1 exam attempt + lab access)

  • Study materials or lab access included?: Yes — includes videos, lab guide, and access to a custom Active Directory lab

  • Discounts: Discounts available via bundles (e.g., CRTP + CRTE), academic partnerships, or during sales

⏳ 5. Estimated Preparation Time

  • Recommended study hours: 60–100 hours depending on experience

  • Self-paced or instructor-led: Self-paced

  • Learning modes: Online videos, interactive lab access, guided exercises

🎯 6. Target Roles and Career Path

  • Job roles: Red Teamer, Internal Pentester, Security Consultant, SOC Threat Hunter (with offensive mindset), AD Security Analyst

  • Career goals: Ideal for those entering red team operations or specializing in post-exploitation in Windows environments

  • Type: Highly practical and offensive with deep AD exploitation techniques

🧪 7. Exam Format and Difficulty

  • Is the exam online or in-person?: Online, proctored via screen recording

  • Theoretical, hands-on, or both?: Fully hands-on

  • Proctored exam or testing center?: Not live proctored, but screen and commands are reviewed

  • Length and number of questions: 24-hour access to exam lab, with 48 hours to submit the report

  • Difficulty level or average pass rate: Moderate — requires applying concepts in sequence, but highly solvable with practice

📜 8. Validity and Renewal

  • Does it expire?: No — lifetime certification

  • Renewal process: None required

🧰 9. Study Resources Available

  • Official documentation: Course materials and downloadable lab guide from Pentester Academy

  • Recommended books:

    • Red Team Field Manual

    • Hacking the Windows Infrastructure

    • AD Security Blog by Sean Metcalf

  • Online labs or platforms: CRTP official labs, Hack The Box (Windows AD machines), TryHackMe (AD rooms), CyberWarFare Labs

  • YouTube channels, community guides: John Hammond (CRTP review), IppSec (HTB AD boxes), HackTricks AD section

  • Online communities: r/redteamsec, CRTP Discord groups, Pentester Academy forums

💼 10. Industry Value and Demand

  • Is it frequently mentioned in job postings?: Increasingly — especially in internal pentesting and red team positions

  • Does it boost your profile with recruiters?: Yes — shows strong foundational knowledge in Windows/AD exploitation

  • Is it recognized by top companies or certain countries?: Yes — particularly in organizations with large AD deployments (e.g., enterprises, healthcare, finance, government)

  • What’s the average salary?: $100,000–130,000 USD/year, depending on experience and region

🧭 11. Related Certifications and Progression

  • Is it part of a larger learning path?: Yes — first in the Red Team track by Pentester Academy

  • What can you study after completing it?:

    • CRTE (Certified Red Team Expert)

    • OSEP (for evasion and advanced OPSEC)

    • CRTO (Red Team Operator by SpecterOps)

  • How does it compare or complement other certs?:

    • More AD-focused than OSCP

    • More hands-on than many beginner red team courses

    • A perfect complement to OSEP and CRTO for full red team lifecycle skills