Casual McDonald's Employee Scriptorium
BlogMemesGitHubAbout
  • root@JesusCries
  • ⛩️Red Teaming
    • Methodology
    • Red Team Infrastructure
    • Initial Access
    • Reconnaissance
    • Lateral Movement
    • Post-Exploitation
      • Credentials Dumping
    • Persistence
    • Evasion
      • Memory Scanner
      • Antimalware Scan Interface (AMSI)
      • Event Tracing for Windows (ETW)
      • Attack Surface Reduction (ASR)
      • Microsoft Windows Defender Application Control (WDAC)
      • EDR Evasion
    • Offensive Development
      • Process Injection & Shellcode Loader
      • Portable Executable (PE) Loader
      • User Defined Reflective Loader
      • Beacon Object Files
    • Command & Control (C2)
      • Cobalt Strike
      • Havoc
      • Mythic
      • Sliver
    • Miscellaneous
      • Interesting Read
      • Certification Reviews
        • Certified Red Team Lead (CRTL)
  • 🧊Active Directory & Pentest
    • Check List
  • 🚩CTF Writeups
    • Reverse Engineering
      • Wargames.MY 2024: World 3
      • Wargames.MY 2023: Defeat the boss!
      • ACS 2023: Licrackense Pt I
      • ACS 2023: babyrev
      • ACS 2023: expr
      • ACS 2023: rustarm
      • ACS 2023: Maze
      • SiberSiaga 2023: Obstacles
      • SiberSiaga 2023: Packed
      • SiberSiaga 2023: Malbot
      • SiberSiaga 2023: Vacine
      • ABOH 2023: MetalPipe
      • ABOH 2023: Grape
      • iCTF 2023: RemoteC4
    • Binary Exploitation
      • HTB Cyber Apocalypse 2024: SoundOfSilence
      • LACTF 2024: pizza
      • ACS 2023: Licrackense Pt II
      • ACS 2023: Shellcoding Test
      • ACS 2023: Coding Test
      • ACS 2023: register
      • Wargames.MY 2023: Pak Mat Burger
      • SiberSiaga 2023: Password Generator
      • NahamCON CTF 2023: nahmnahmnahm
      • NahamCON CTF 2023: Weird Cookie
      • TJCTF 2023: shelly
      • TJCTF 2023: formatter
      • ångstromCTF 2023: gaga2
      • ångstromCTF 2023: leek
      • Space Heroes 2023: Rope Dancer
      • corCTF 2022: babypwn
      • corCTF 2021: Cshell
      • HTB Cyber Apocalypse 2023: Void
      • HTB Cyber Santa CTF 2021: minimelfistic
      • HTB Challenge: pwnshop
  • 🤡Clown Chronicles
    • About Me
    • Blogs
      • How to Win A CTF by Overcomplicating Things
      • Exploring Dynamic Invocation for Process Injection in C# and Rust
    • Projects
    • Memes
    • Others
Powered by GitBook
On this page
  • Background
  • Disclaimer
  • Course
  • No Babysit
  • No Perfect Solution
  • Lab
  • Horrendous Latency
  • Exam
  • Tips
  • What's Next?
  • Last Words (my personal take, no roast plz)
  1. Red Teaming
  2. Miscellaneous
  3. Certification Reviews

Certified Red Team Lead (CRTL)

Post Created: 10 May, 2023

PreviousCertification ReviewsNextCheck List

Last updated 2 years ago

Background

After experiencing the amazing Red Team Ops I course firsthand, I decided to push my boundaries and attempt Red Team Ops II several months after its release. As an undergraduate student who had essentially 0 experience in Red Teaming, CRTL felt like a final boss to conquer, so here's my personal take on the course & exam that nobody asks for.

Disclaimer

Please take this review with a grain of salt as it concludes my personal thought on the course combined with some clown fiesta shit-posting. If you're looking for some serious review on RTO 2, here are some good resources:

Course

One thing that I like the most from the previous course is the clarity in explaining advanced and complex concepts. As opposed to the previous course, RastaMouse does not babysit you as much this time around, providing just enough information (in a good way) for you to continue exploring on your own.

This approach is effective for me, because it forces you to seek for help from external resources. This can come in the form of blog posts or engaging with peeps from the discord community to debug and troubleshoot certain problems like compatibility of HTTPS download cradle in your dropper.

Big shoutout to Yizhigou#1664 and The_Asshat#0001 for their active involvement in the discord channel!

As the course is heavily revolved around custom offensive development & evasion, you will soon realize that there is no "ideal" way to achieve your goals. You will often find old solutions that once worked behaving outside of your expectations especially when it comes to behavioral detection. Mix-and-match combined with a little creativity and brain cells is often the way you want to do things.

Lab

Personally, I did not spend much time in the lab due to the latency between interactions with Guacamole Lab, and mainly because it's unnecessary to do so. Besides C2 Infrastructure, ASR and WDAC, you are better off setting up your own cracked Cobalt Strike and Windows VM for development and testing purposes. I also find that a fully updated Windows Defender on Windows 11 is able to detect some of my tooling more efficiently, which helps to improve the way I implement them.

Exam

Indeed, having something that wasn't taught in the course, will require thinking outside the box. Once you are through this part that deprives you of sleep, the remaining flags can be captured even when you're high on meth.

  • Read all old discord conversations in the red-team-ops-ii channel

  • Be comfortable with coding in .NET

  • Don't over complicate things

  • Gitgud

What's Next?

Honestly speaking, I think that RTO 2 is a good stepping stone that opens up a lot of doors for future learning, especially in Offensive Development. In my opinion, if you are uninterested in learning things outside of RTO 2's curriculum after passing the exam, or you just want to have the certification badge on your portfolio, you are better off saving your money for Happy Meals. Based on quick maths, this will allow you to buy £399/3.29 = 121 Happy Meals in the UK, which is a fat W if you ask me.

Based on the foundation that has been set, here are some examples that I can think of, for those who would like to continue learning red team tradecrafts beyond RTO 2:

  • Process Injection: Threadless Injection

  • EDR Evasion: Indirect Syscall

  • AMSI/ETW: Offset Patching & Provider Patching

  • Protected Process Light (PPL): PPLMedic, PPLFault

  • Done With User-land: Move to kernel maybe??

With that being said, I am hoping to see RastaMouse's unique approach to teaching User Defined Reflective Loader (UDRL) development, perhaps in RTO 3? or on a separate course.

Last Words (my personal take, no roast plz)

As a final piece of advice, Red Team Ops II is arguably the most ideal & affordable training you can get for personal growth and skill development in the field of Red Teaming.

However, the sad reality is that not many companies, in fact 0, that I have come across will recognize this masterpiece due to the lack of exposure in the job market. Even interviewers from companies that provide so-called "Red Teaming" services do not know about the existence of Zero-Point Security & RTO (yikes).

If you're looking to land a job with this certificate, I sadly announce that you will end up just like me in an endless loop of insanity. But I have to say though, credit where credit's due, it did help me to land an interview on a Red Team job, at McDonald's.

No Babysit

No Perfect Solution

Horrendous Latency

Having slept just under 5 hours, I booked the exam and hope to clear it within 2 days. As easy as it sounds, I spent the first 2 days staring at my Cobalt Strike client with 0 beacons . During my second night of sleeping, I recalled what wrote in his CRTL review and realized I was over-complicating things.

Tips

⛩️
👍
👍
😡
🤓
A CRTL Review - Andres Roldan
Red Team Ops 2 Review - Sunggwan Choi
A quick review of my CRTL journey - ferreirasc
Zero Point Security’s Red Team Ops II (RTO2) Course and Certified Red Team Lead (CRTL) Exam Review - TheAssHat
🤡
TheAssHat