In July 2024, I completed the Certified Red Team Lead (CRTL) exam. After I had already gained a lot of knowledge about C2 frameworks and Active Directory exploitation from the CRTO and my working experience as a pentester, the CRTL taught me a lot about Red-Teaming OpSec, Defense Bypasses and Detection Evasion. This is my (mostly spoiler-free) review of the course and the exam.
Like with the CRTO, the course material was both concise and complete. It also contained a lot of "want to know more?" links to get deeper into topics beyond the scope of the course.
The course material itself comes with lifetime access. From time to time, I still use it as a resource during real engagements.
The course lab access is purchased separately. For me, personally, the option of 120 hours over 60 days was perfect - but mileage may vary. Additional lab time can be bought at any time and is well worth its price.
The lab was a bit smaller than the CRTO lab, but still big enough to do everything explained in the course material and more. It also came with a developer machine to natively develop Windows malware. Apart from a well-designed hands-on experience to deepen and put into practice the knowledge contained in the course material, the lab also serves as a huge playground for playing around with different techniques. Nevertheless, understanding the course material and successfully applying it in the course lab is enough to be sufficiently prepared for the exam.
The exam lab came with 96 hours of access - which could be paused. That way, the exam could be spread out over 8 days in total, if required (the maximum exam duration).
The lab consisted of 6 systems and just as many flags - however, only 5 of these flags were required to pass.
No report writing needed, that is not part of the scope of this certification.
The flags require almost all of the knowledge provided in the course material - and more.
It took me around 2 hours to get the first 2 flags.
It took me another 24 hours (including a brief nap) to get to the third flag.
Another 2 hours and I got to flag 5, resulting in a total of 28 hours to get the amount of flags required to pass.
I tried for two more days to get the final flag, but did not succeed in that.
Overall, the exam was super fun. Better than any CTF I had ever played before.
And probably even more fun than the CRTO exam, since I could really apply so much new knowledge.
Trying for the extra mile was super enjoyable as well and - while I didn't manage to get flag #6 in time - I learned a lot even during the exam.
I really enjoyed enjoyed the exam and learned a ton.
While it didn't come with crazy new exploit knowledge, it taught me a lot about getting attack techniques and tools that I already knew
past defensive measure unnoticed. It also gave me a better understanding of how EDRs work and provided some good tips for C2 OpSec.
And all of that for a fraction of the price of most other certifications.
So, without hesitation, I wholeheartedly recommend this certification to any aspiring Red Teamer
with good fundamental knowledge of hacking Active Directory infrastructures who wants get deeper into threat actor
simulation and stealth.