crto review and guide
CRTO Review and Guide
after a few years since i got the oscp in 2021 and a ton of other certs, i decided to start writing reviews and personal guides to how others can succeed.
what is the crto
the crto or certified red team operator certification is a red team cobalt strike focused certification. the main use here is a bunch of AD and much more cobalt strike related things.
the content
the content is honestly some of my favorite out there. it’s very well made regardless of the usage in cobalt strike. what i mean by that is you don’t need to have cobalt strike open to use the content that is provided. they basically teach you how to use cobalt strike at an intermediate level then they teach you how to do red team ad level attacks through cobalt strike.
its very well organized and taught me a ton as i was just playing around with all of it. while some content is covered in other certs having a strong foundation in cobalt strike is a HUGE plus for this cert.
the exam
48 hour exam but you can pause whenever and start it whenever within a 4 day period. this didn’t really matter for me as i did it all in 6 hours on a saturday. you can pass with 6/8 flags but getting the 8 is a nice flex.
who should get the crto
i think anyone thats wanting to start transitioning into more red team related stuff over pentesting. you should have a decent understanding of pentesting related things, as that will help a lot when you are doing the crto.
how to prep
replicate all the content
the content is pretty extensive, and you will forget a lot of it. so its better to open the lab and actually replicate the attacks
redo the entire lab with defender on
by default defender is disabled to help you practice around with the attacks. it is best to understand how to bypass defender and go back and try the attacks again with those tactics in mind and with defender enabled.
this is obviously to simulate the real exam env
come up with a infra setup plan
infra setup tips and tricks are spread out though out the course. you need pretty much all of it to pass the exam. take notes/make a plan that will you can follow to help you setup the infra at the end. i even recommend practice setting up that infra on the lab a few times and make sure everything works.
conclusion
get the cert if you’re a pentester wanting to get into red team, its a very nice intro.
best, gerbsec