This episode of 7 Minute Security is sponsored by Datadog. Accelerate security investigations and break down silos between developers, security, and operations teams by correlating your threats, metrics, traces, and logs all in one place. Try it for yourself and get a free t-shirt at

Hello friends!  Today, Joe (Gh0sthax) and I complete our series on CRTP – Certified Red Team Professional – a really awesome pentesting training and exam based squarely on Microsoft tools and tradecraft.  Specifically, Joe and I talk about:

  • We don’t think the training/exam is for beginners, despite how its advertised
  • Both the lab PDF and PowerPoint have their own quirks – which may ultimately be teaching us not to be copy-and-paste jockeys, and instead build our own study guides and cheat sheets
  • Don’t let the training give you the idea that most pentests have a super fast escalation path to DA (ok yes sometimes they do, but usually we spend a LOT of hours working on escalation!)
  • Watch the walkthrough videos.  We repeat: WATCH THE WALKTHROUGH VIDEOS!
  • Although not required, we highly recommend capturing all the flags laid out for you in the lab environment
  • Know how to privesc – using multiple tools/methods
  • It would be to your advantage to understand how to view/manipulate Active directory information in multiple ways
  • You start the exam with no tools.  So how will you be ready to upload/download tools into the exam environment so you make the most of your exam time?
  • Tool X might give you wrong results – or none at all – in the lab.  Do you have a backup tool Y and Z that can serve the same purpose?
  • You want to be very good at Kerberos ticket crafting!
  • Know all the mimikatz commands and switches and when to apply them

Written by: Brian Johnson

Share on socials: