Pentester Academy - Active Directory Lab & Certified Red Team Professional

chrisonechrisone CISSP, CRTP, eCPPT, LFCS, CEH, Azure Fundamentals, Retired Cisco NPsPosts: 1,901Member ■■■■■■■■□□
Hi everyone, I recently passed the Certified Red Team Professional exam from Pentester Academy. I briefly wanted to give a quick update and very small review of my experience with Pentester Academy's "Active Directory Lab" course and the "Certified Red Team Professional" exam.

I registered for the 60 days lab time. 
The AD lab course teaches you 23 learning objectives and 59 tasks. 
You are provided 36 course videos.
1 lab manual with solutions. 
1 course pdf slides and notes. 

Course starts off by guiding you through the basics of powershell, but not much time is wasted here. Before attempting this course you should know the basics of powershell and active directory. You will enter into heavy domain enumeration (which is key to passing any test), local privilege escalation (pentester hat goes here), domain privilege escalation (red team hat goes here), domain persistence and dominance (ah this is what red team is like), cross trust attacks (I feel legendary now), forest persistence and dominance (can anyone stop me?), & defensive tactics (Thanks Boss for paying, here is what I learned). Each red team killchain requires its own tools, yes these tools overlap from time to time, but is a needed methodology standard to follow. 

I was able to get through all the course videos and lab work within 2 and a half weeks. The videos were clear and concise. I did NOT have any hard time understanding the concepts or what is being taught. Support was very fast in responding to any questions or VM resets I had.  By week three and four of my lab time I had gone through all the concepts and lab practice for the second time. I was now ready to take the exam.

Took the exam which was a 24 hr exam and failed. I was only able to get a local privilege escalation to the VM host you are given. I wasn't able to even lateral move or get to own any other host. I was stumped and unmotivated at certain points. I guess it wasn't my day and wasn't in the right spirits. 

You are given VPN access to a VM that is joined to a domain, all infrastructure is fully patched windows 10 and windows server 2016 (2016 domain features). There are NO software exploits here. This is similar to the lab, but not the same environment obviously.

I took the week off to rest and was now left with 24 days of lab time. I studied and labbed all the concepts once again but this time paid more attention to the bloodhound results I worked on. I spent 3 weeks going over bloodhound and the data I had. I found many hints and possible clue that would lead me somewhere. I honestly could say I was thinking differently now. 

I took the test a second time and my time spent on bloodhound paid off. I was able to see certain patterns, some methods I thought would work, didn't, but some did. In the end I was able to pull through and get full forest root domain access. It took me 12 hours, longer than most people I suppose, but I am now a Certified Red Team Professional :)


Overall I am highly satisfied with the course and exam. I plan to work on the Expert level certification and lab they have. For right now, I am here in vegas for BH and defcon. Tomorrow I start Pentester Academy's - ACTIVE DIRECTORY ATTACKS FOR RED AND BLUE TEAMS - ADVANCED EDITION which is a two day course. 

Sorry this is a very crude, run on sentence, non technical review of the course and exam. I plan on doing a proper one after the blackhat course. I will be working on my new blog coming out soon :)

If you have any questions let me know.
2020 Goals:
Courses: SpecterOps Adversary Tactics: Detection
Certs: AZ-500 (in-progress), MS-500, Pentester Academy - PACES, Pentester Academy - CRTE, OSCP

Comments

  • securityorcsecurityorc Posts: 48Member ■■■□□□□□□□
    Very interesting, thanks for sharing your experience! Getting into AD exploitation and more red teaming exercises is something I aim for after I will be done with OSCP. Looking over their red team labs, the price tag is pretty high, at this moment I'm leaning more towards the Offshore and Rastalabs environments from HackTheBox.
  • chrisonechrisone CISSP, CRTP, eCPPT, LFCS, CEH, Azure Fundamentals, Retired Cisco NPs Posts: 1,901Member ■■■■■■■■□□
    edited August 5
    I heard good things about those two subscriptions. However, do they teach you and guide you with videos, course pdf, lab manual? I am really asking cause I don't know lol As for the pentester academy perspective you get taught something and guided with a full blown lab you can practice on. 


    2020 Goals:
    Courses: SpecterOps Adversary Tactics: Detection
    Certs: AZ-500 (in-progress), MS-500, Pentester Academy - PACES, Pentester Academy - CRTE, OSCP
  • securityorcsecurityorc Posts: 48Member ■■■□□□□□□□
    As far as I know, there's no accompanying course for those labs. There is indeed an advantage to having videos and slides, but there's also a high price tag to come with it. I had same opinion about the eLS PTX course. I wouldn't mind them if the company would pay for them though hehe
  • Danielm7Danielm7 Posts: 2,269Member ■■■■■■■■□□
    I was under the impression this was included in the $39/month subscription. Glad I checked further because it seems this course is separate from that and far more expensive. 
  • chrisonechrisone CISSP, CRTP, eCPPT, LFCS, CEH, Azure Fundamentals, Retired Cisco NPs Posts: 1,901Member ■■■■■■■■□□
    @Danielm7
    The subscription does get you the video training material for everything they put out. You just need to pay for lab time. Trust me you learn a lot in those videos, its worth it for one month's payment of $39. Aside from streaming unlimited videos, you get to download up to 100 videos in one month. 
    2020 Goals:
    Courses: SpecterOps Adversary Tactics: Detection
    Certs: AZ-500 (in-progress), MS-500, Pentester Academy - PACES, Pentester Academy - CRTE, OSCP
  • Danielm7Danielm7 Posts: 2,269Member ■■■■■■■■□□
    Oh i'm sure, I heard the owner on Security Weekly podcast, I'm pretty sure it was for this. He was describing the labs and the hosts were going nuts and he kept saying you get everything for $39, so that seems not entirely accurate. 
  • chrisonechrisone CISSP, CRTP, eCPPT, LFCS, CEH, Azure Fundamentals, Retired Cisco NPs Posts: 1,901Member ■■■■■■■■□□
    edited August 5
    Ok you are getting confused with the labs and perhaps in the podcast there was some confusion as well. The Active Directory and the Red team lab are one thing (an actual VPN connection into a live domain environment).

    Pentester Academy and your monthly subscription get you access to another lab called www.attackdefense.com which has thousands of hands on labs, corresponding to most of their course materials.

    Perhaps they are moving the active directory /red team lab access to the attackdefense portal as well for the same or upgraded fee. Maybe that is what was talked about. 

    See attached picture.
    Check this guy's review for more information
    http://lockboxx.blogspot.com/2018/11/pentester-academys-attackdefense-labs.html




    2020 Goals:
    Courses: SpecterOps Adversary Tactics: Detection
    Certs: AZ-500 (in-progress), MS-500, Pentester Academy - PACES, Pentester Academy - CRTE, OSCP
  • yoba222yoba222 Posts: 1,068Member ■■■■■■■■□□
    edited August 5
    Thanks for this great write up. I am actively forcing myself not to go on Pentester Academy right now and make plans to dig into this in the next few weeks. I need to just get OSCP done with first and then move on. But this is so tempting and I could use some AD knowledge strengthening, which I know I won't get in the PWK course.
    2017: GCIH | LFCS
    2018: CySA+ | PenTest+ |CCNA CyberOps
    2019: VHL 20 boxes
    2020: OSCP eCPPT OSCP eCPPT (a bit undecided)
  • McxRisleyMcxRisley OSCP, CASP, CySA+, CPT+, Sec+, CEH, Splunk Admin Posts: 484Member ■■■■■□□□□□
    yoba222 said:
     I could use some AD knowledge strengthening, which I know I won't get in the PWK course.
    Should someone tell him? No? Ok, I'll let him figure it out then lol
    I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect.
  • chrisonechrisone CISSP, CRTP, eCPPT, LFCS, CEH, Azure Fundamentals, Retired Cisco NPs Posts: 1,901Member ■■■■■■■■□□
    edited August 5
    :smile:
    If you look at it closely he clearly is saying he already "knows" he won't get AD knowledge from OSCP. 

    but i digress 

    #derailed :lol:

    2020 Goals:
    Courses: SpecterOps Adversary Tactics: Detection
    Certs: AZ-500 (in-progress), MS-500, Pentester Academy - PACES, Pentester Academy - CRTE, OSCP
  • yoba222yoba222 Posts: 1,068Member ■■■■■■■■□□
    For those 2 and half weeks, how many hours would you say you put into it?
    2017: GCIH | LFCS
    2018: CySA+ | PenTest+ |CCNA CyberOps
    2019: VHL 20 boxes
    2020: OSCP eCPPT OSCP eCPPT (a bit undecided)
  • chrisonechrisone CISSP, CRTP, eCPPT, LFCS, CEH, Azure Fundamentals, Retired Cisco NPs Posts: 1,901Member ■■■■■■■■□□
    I would say 4-6 hrs. 3-4 at work and 1-2 extra hours at home. Don't tell my boss lol
    2020 Goals:
    Courses: SpecterOps Adversary Tactics: Detection
    Certs: AZ-500 (in-progress), MS-500, Pentester Academy - PACES, Pentester Academy - CRTE, OSCP
  • McxRisleyMcxRisley OSCP, CASP, CySA+, CPT+, Sec+, CEH, Splunk Admin Posts: 484Member ■■■■■□□□□□
    edited August 7
    chrisone said:
    :smile:
    If you look at it closely he clearly is saying he already "knows" he won't get AD knowledge from OSCP. 

    but i digress 

    #derailed :lol:

    Oh I read it correctly, you just misunderstood what I was trying to say lol You will gain SOME AD knowledge from the course, it is required to root a few of the boxes.

    #notderailed :lol:
    I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect.
  • LonerVampLonerVamp OSCP, GCFA, GWAPT, CISSP, OSWP, CCNA Cyber Ops, Sec+, Linux+, AWS CCP, CCSK Posts: 405Member ■■■■■■□□□□
    edited August 7
    I'm a PA subscriber, so I can try to answer some questions. And yes, their website is extremely confusing about these topics.

    ATTACKDEFENSE LABS: These are included with a general subscription. They're a bunch of one-by-one exercises to perform attacks with (atackdefense . com). This lab system is used in some of the courses as the lab portion of that particular video. So if you learn attack X, you can practice attack X in this particular lab. These are pretty new, and I've not had a chance to do much, but they seem well worth the price of a sub alone. Some are related to courses while others are just standalone topics. Unlike courses, I don't believe there are any restrictions on usage. Every month, I get 100 "downloads" of videos on their site, so I can go through a course with 100 videos and watch it, and then wait until next month to do more. But, with these lab items, I don't think they are metered at all, and you can slam through them at your leisure.

    RED TEAM LABS: ADVANCED RED TEAM LAB: is not inclued in my subscription. This looks like a VPN econnection into a lab, much like PWK or HTB. There is a "course" called Red Team Labs that is a companion to the lab. I've not looked at it (I could, I have the 8 videos downloaded), but it appears to be quick initial guidance on phases of an attack. I do have access to this course with my subscription. It also looks like you get access to that course if you purchase lab access, but seeing it through a general site sub would be a more economical way to preview the lab.

    RED TEAM LABS: ACTIVE DIRECTORY ATTACK-DEFENSE LAB: is not included in my subscription. Looks like this is a VPN connection into a lab, much like PWK or HTB. There is a course called Attacking and Defending Active Directory by the same author that I have access to with my sub (36 videos, 14 hours, with objective walkthroughs). I really believe this is the companion course to that lab. Again, I have these downloaded so I can peruse a few. Looks like you'd get access to this course with the lab, but it would be cheaper to see it through a site sub and thus preview what you're in for.

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, CCNA Cyber Ops, Sec+, Linux+, AWS CCP, CCSK
    2019 goals: GWAPT, Linux+, (possible: SLAE, CCSK, AWS SA-A)
  • FluffyBunnyFluffyBunny CISSP, OSCP, CEH, RHCE, GCCC, Pentest+, PSM-1, alphabet soup CISSP, OSCP, CEH, RHCE, GCCC, Pentest+, PSM-1, alphabet soupPosts: 81Member ■■■□□□□□□□
    Ooofffff what a day and what a night! But here I am, I've also managed to fight my way through CRTP. The jury's still out on whether I've passed, or not. But that's okay, because here's my review -> https://www.kilala.nl/index.php?id=2460
    CISSP, OSCP, CEH, GCCC, RHCSA, RHCE, Pentest+, Linux+, PSM-1, alphabet soup...

    2019: Renew RHCE (with EX407) , CompTIA CySA+ , PTA CRTP , SANS SEC566 (GCCC)
  • chrisonechrisone CISSP, CRTP, eCPPT, LFCS, CEH, Azure Fundamentals, Retired Cisco NPs Posts: 1,901Member ■■■■■■■■□□
    Congrats! I am sure you will pass as long as you show evidence\screen shots on your progress results. Create a post on your experience once you get a chance. Would love to hear everything about your journey. 
    2020 Goals:
    Courses: SpecterOps Adversary Tactics: Detection
    Certs: AZ-500 (in-progress), MS-500, Pentester Academy - PACES, Pentester Academy - CRTE, OSCP
  • FluffyBunnyFluffyBunny CISSP, OSCP, CEH, RHCE, GCCC, Pentest+, PSM-1, alphabet soup CISSP, OSCP, CEH, RHCE, GCCC, Pentest+, PSM-1, alphabet soupPosts: 81Member ■■■□□□□□□□
    chrisone said:
    Create a post on your experience once you get a chance. Would love to hear everything about your journey. 
    Noticed the link I put in my previous message? It's already typed up and I even refer to your opening post of this thread.
    CISSP, OSCP, CEH, GCCC, RHCSA, RHCE, Pentest+, Linux+, PSM-1, alphabet soup...

    2019: Renew RHCE (with EX407) , CompTIA CySA+ , PTA CRTP , SANS SEC566 (GCCC)
  • chrisonechrisone CISSP, CRTP, eCPPT, LFCS, CEH, Azure Fundamentals, Retired Cisco NPs Posts: 1,901Member ■■■■■■■■□□
    edited October 22
    very cool! sorry I didn't see the link. Sitting in a Varonis training session right now hahaha

    I also appreciate the mention in your blog! 
    2020 Goals:
    Courses: SpecterOps Adversary Tactics: Detection
    Certs: AZ-500 (in-progress), MS-500, Pentester Academy - PACES, Pentester Academy - CRTE, OSCP
Sign In or Register to comment.