Certified Azure Red Team Professional review
Introduction
The last few weeks, I have been busy studying the CARTP course. This course is designed for offensive security professionals looking to enter the field of attacking and defending Azure and Azure AD. The main reason I wanted to take this course was to delve deeper into the Azure field, as many companies are either migrating to Azure or utilizing it as part of a hybrid environment. Additionally, I noticed a high demand for Azure testing services within our company, so it felt great to enroll in a course focused on Azure and Azure AD.
About the Course
The course itself was created and presented by Nikkil mittal on the new Altered Security platform which is quite liked. The interface is clean, easy-to-use and overall just straightforward.
The course itself consist of 52 video’s which basically goes through a powerpoint which contains up to around 300 slides. One thing I liked about the video’s is that Nikkil is not just going over the slides but also share his own experience on certain topics, and goes a bit out of scope which can give new interesting perspective.
The course starts of with some general information about Azure/AAD. What Azure is, what services does Azure have, subscription models and other basic information are provided in the first couple of video’s. After that Nikil introduces 4 “killchains” that during the course he’ll go through. These killchains consist of the following stages:
- Reconnaissance
- Initial Access
- Enumeration
- Privilege escalation
- Persistence
- Defense evasion
- Credential access
- Lateral movement
- Exfiltration
I really liked how these killchains where setup, it gave a lot more body to the course. Everything in the course was clearly explained, and I want to give a huge thanks to the support team for their super quick responses.
About the Exam
After studying for about three weeks, I took my exam on September 8, 2023. The exam had a total duration of 48 hours, with the first 24 hours for the lab and the next 24 hours for writing the report.
I started the exam around 9:00 AM and surprisingly found the final flag by 1:00 PM. I was initially puzzled by how quickly I found it and reached out to the support team for clarification. They confirmed that finding this flag was necessary to pass the exam.
Once I had the flag, I began writing my report. I was able to do this quickly because I had taken thorough notes and lots of screenshots, which I organized in Notion. I submitted my report to the support team at 7:35 PM. To my suprise, I received the news that I had passed the exam within two days!
The cover of my report:
Tips
Some tips I’ve used during my RTO exam:
- Before taking the CARTP course and exam, remember that there are no tools pre-installed in the exam VM. Make sure to download and install any necessary tools in advance.
- Take thorough notes, including all the commands you use, and ensure you understand the purpose and function of each command.
- During my exam, I encountered a situation that wasn’t covered directly in the course material. However, by applying logical thinking, I was able to find a solution.
So what’s next?
After passing the CARTP, I will most likely focus on completing school as quickly as possible. However, I will probably pursue the continuation of CRTO (which is CRTL) or attend the MalDev Academy afterward.