Pentester Academy - Active Directory Lab & Certified Red Team Professional

Hi everyone, I recently passed the Certified Red Team Professional exam from Pentester Academy. I briefly wanted to give a quick update and very small review of my experience with Pentester Academy's "Active Directory Lab" course and the "Certified Red Team Professional" exam.
I registered for the 60 days lab time.
The AD lab course teaches you 23 learning objectives and 59 tasks.
You are provided 36 course videos.
1 lab manual with solutions.
1 course pdf slides and notes.
Course starts off by guiding you through the basics of powershell, but not much time is wasted here. Before attempting this course you should know the basics of powershell and active directory. You will enter into heavy domain enumeration (which is key to passing any test), local privilege escalation (pentester hat goes here), domain privilege escalation (red team hat goes here), domain persistence and dominance (ah this is what red team is like), cross trust attacks (I feel legendary now), forest persistence and dominance (can anyone stop me?), & defensive tactics (Thanks Boss for paying, here is what I learned). Each red team killchain requires its own tools, yes these tools overlap from time to time, but is a needed methodology standard to follow.
I was able to get through all the course videos and lab work within 2 and a half weeks. The videos were clear and concise. I did NOT have any hard time understanding the concepts or what is being taught. Support was very fast in responding to any questions or VM resets I had. By week three and four of my lab time I had gone through all the concepts and lab practice for the second time. I was now ready to take the exam.
Took the exam which was a 24 hr exam and failed. I was only able to get a local privilege escalation to the VM host you are given. I wasn't able to even lateral move or get to own any other host. I was stumped and unmotivated at certain points. I guess it wasn't my day and wasn't in the right spirits.
You are given VPN access to a VM that is joined to a domain, all infrastructure is fully patched windows 10 and windows server 2016 (2016 domain features). There are NO software exploits here. This is similar to the lab, but not the same environment obviously.
I took the week off to rest and was now left with 24 days of lab time. I studied and labbed all the concepts once again but this time paid more attention to the bloodhound results I worked on. I spent 3 weeks going over bloodhound and the data I had. I found many hints and possible clue that would lead me somewhere. I honestly could say I was thinking differently now.
I took the test a second time and my time spent on bloodhound paid off. I was able to see certain patterns, some methods I thought would work, didn't, but some did. In the end I was able to pull through and get full forest root domain access. It took me 12 hours, longer than most people I suppose, but I am now a Certified Red Team Professional 



Overall I am highly satisfied with the course and exam. I plan to work on the Expert level certification and lab they have. For right now, I am here in vegas for BH and defcon. Tomorrow I start Pentester Academy's - ACTIVE DIRECTORY ATTACKS FOR RED AND BLUE TEAMS - ADVANCED EDITION which is a two day course.
Sorry this is a very crude, run on sentence, non technical review of the course and exam. I plan on doing a proper one after the blackhat course. I will be working on my new blog coming out soon 
If you have any questions let me know.

If you have any questions let me know.
Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
2023 Cert Goals: SC-100, eCPTX
2023 Cert Goals: SC-100, eCPTX
Comments
2023 Cert Goals: SC-100, eCPTX
The subscription does get you the video training material for everything they put out. You just need to pay for lab time. Trust me you learn a lot in those videos, its worth it for one month's payment of $39. Aside from streaming unlimited videos, you get to download up to 100 videos in one month.
2023 Cert Goals: SC-100, eCPTX
Pentester Academy and your monthly subscription get you access to another lab called www.attackdefense.com which has thousands of hands on labs, corresponding to most of their course materials.
Perhaps they are moving the active directory /red team lab access to the attackdefense portal as well for the same or upgraded fee. Maybe that is what was talked about.
See attached picture.
Check this guy's review for more information
http://lockboxx.blogspot.com/2018/11/pentester-academys-attackdefense-labs.html
2023 Cert Goals: SC-100, eCPTX
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP
If you look at it closely he clearly is saying he already "knows" he won't get AD knowledge from OSCP.
but i digress
#derailed
2023 Cert Goals: SC-100, eCPTX
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP
2023 Cert Goals: SC-100, eCPTX
#notderailed
Security Engineer/Analyst/Geek, Red & Blue Teams
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
2023 Cert Goals: SC-100, eCPTX
I also appreciate the mention in your blog!
2023 Cert Goals: SC-100, eCPTX
I have only managed to privesc on my foothold machine and get access/code execution on the first target machine. I could not step any further from there.
Do you have to suggest any additional material or an environment to get some practice before I retake the exam? Thank you!
Remember the actual goal/subject of the training: attacking Active Directory.
The first privesc was attacking Windows (as covered in the course) and from there on out you need to map your way across the AD domain in the exam environment. Bloodhound will certainly help you with this. There is one step along the way that trips up almost everybody and which took me at least two hours to find. As I suggested: you will have to scour all you learned about AD to find "the missing link".
2023 Cert Goals: SC-100, eCPTX