Hellow forks its alienkeric
again from this side, just wanted to share with you my general overview with CRTA-exam and htb-prolabs. Am going to summarize them in one way or the other and how I managed to solve,prepare and attaine the certificates.
Certified Red teamer analyst
is an exam from cyberwarfare labs
,The exam main goal is to introduce a hacker into red teamer TTP's, But also the exam is a nice exam for a jr-red teamer to start with after eJPT
. Why eJPT,Its because with eJPT you will get all basics as a junior penetration tester
, now Combining all those skills u got from eJPT
and just few of red teamer you will be done with CRTA preparation according to me.
Before going to schedule CRTA-exam make sure first you familia with some basics of red-teaming basics stuffs such as pivoting,AD-enumeration(just basics enumeration is all you need with active directory).
Here is the general overview of how you can prepare yourself before exam based on how I say the exam.
These were just the basics of what you may need to get familia with before thinking of scheduling the exam.Another thing is that cyberwarfare
provide a good resource to use if you have trust your skills before going to an exam I real recommend check the resource. It took me 4 hrs to finish the exam and 7 hrs of report writing(totoal 11 hrs). Alot of hrs with report writing is because I has intended and unintended path during the lab of exploitation.
NB
: Doing this exam on your own is all you need since because the main aim of the exam is to test your skills, bad enough there is no monitoring so I wont recommend asking for help with the exam because that one will not technically build your skills, so if you asked for help with the exam while the exam is on
mark it YOU-FAILED THE EXAM BUDY
, because you coudn't finish the easy exam within a 24 hrs under surveillance-mode.
Hackthebox is a nice place to put your skills into testing believe me not only how things goes over the network but also you may need to test your skill in many scenarions such as assume being given a chained network of an organization xyz.com
. with more than 10 server and computers(total 20).We all know most of organization internal network are vulnerable.
Now before going into real life scenario like this, you need these pro-labs if you want to put your skills into a test as a professional red teamer.For me how it started was after completion of season-6 of hackthebox
with a top rank I was awarded a ($49) prolabs and $50 discount of anything from hackthebox
. My next goal was to start pro labs, as usually i have plans in everything I do befoer I start doing it
Dante is beginner-friendly pro labs it introduce you into basics of red-teaming campains such as pivotig into a large network,searching for ways to exploit and many other basics.All in All dante is all about basics,took me 2-days
to complete it
This red teaming lab will expose you into
Another think to note is that you need to be creative and think outside the box because this is a chained network you need to chain what you have in hands with what you want to gain.
Maybe people may not understan how things goes over htb
,But here how it goes if you think your not ready for zephy
an AD pro labs you need to test your skills with mini pro lab P.O.O
which introduces you to basics of AD, exploitation such as mssql
, its a small pro labs which covers basics. P.O.O
is baby-zephyr
lab.
P.O.O., is designed to put your skills in enumeration, lateral movement, and privilege escalation to the test within a small Active Directory environment configured with the latest and greatest operating systems and technologies. The goal is to compromise the perimeter host, escalate privileges and ultimately compromise the domain while collecting several flags along the way.
This lab will introduce you into things like.
Now after your done with this mini-pro labs now your good to go with zephyr which is a level 2(RTO) lab.
NB
: After dante and p.o.o I decided to take a small rest(3 days) before going to zephyr, since I was using alot of time with the labs and skipped school-classes.
Zephyr is an intermediate-level red team simulation environment, designed to be attacked as a means of learning and honing your engagement skills and improving your active directory enumeration and exploitation skills. Zephyr includes a wide range of essential Active Directory flaws and misconfigurations to allow players to get a foothold in corporate environments.
This lab will expose your skills such as
This prolab is really intermediate especially inside(internal network, last sections consumed my time). As we all know double pivoting is really very slow and so i have to spent some times troubleshooting with metasploit and ligolo with double pivoting, But it was really nice prolab.
After this lab, I decided to take some rest for a couple of days but also went back on school stuffs and start doing my assigments and homeworks, meanwhile i was waiting to start a new week with my last prolabs(offshore
).
Offshore is not only intermediate lab but also is a hard prolab I have never encounted so far but also is the pro labs with a large network among all the pro labs.
Offshore Pro Lab is an Active Directory lab that simulates the look and feel of a real-world corporate network. You are an agent tasked with exposing money laundering operations in an offshore international bank. As a real-world penetration tester, you need to assess the external perimeter, gain an internal foothold and pivot across multiple hosts and forests.
Users start from an external perspective and have to penetrate the “DMZ” and then move laterally through the CORP.LOCAL, DEV, ADMIN and CLIENT forests to complete the lab. To track progress, there are multiple flags planted along the way as well as a few side challenges not required to advance within the Active Directory environment. Players can submit flags to earn a place in the Offshore Hall of Fame and receive badges for various stages of completion.
Expect to Learn alot of stuffs with this prolabs such as.