(Good) certifications should not only serve as a marker of acquired skills and proficiency in those skills. No, much more, they should provide material that is easily digestible and at the same time conveys all the knowledge that it seeks to convey. They should feature a final exam that provides a (preferably fun) challenge that can be overcome with the information provided in the course.
Since I already acquired a handful of certifications and am planning to acquire more in the future, I decided to report on my experiences with some of them.
In July 2024, I completed the Certified Red Team Lead (CRTL) exam.
After I had already gained a lot of knowledge about C2 frameworks and Active Directory exploitation from
the CRTO and my working experience as a pentester, the CRTL taught me a lot about Red-Teaming OpSec,
Defense Bypasses and Detection Evasion.
This is my (mostly spoiler-free) review of the course and the exam.
Read more
In June 2023, I completed the Certified Red Team Operator (CRTO) exam.
I learned a lot about Active Directory exploitation and
about how Command & Control (C2) frameworks work.
I also learned a bit about bypassing defense mechanisms and evading detection.
This is my (mostly spoiler-free) review of the course and the exam.
Read more