Windows Red Team Lab (CRTE) (2024)

Most enterprise networks today are managed using Windows Active Directory and it is imperative for a security professional to understand the threats to the Windows infrastructure. Our Certified Red Team Expert (CRTE) course and lab is designed to provide a platform for security professionals to understand, analyze and practice threats and attacks against a modern Windows network infrastructure.

​

Our Certified Red Team Expert (CRTE) course and lab simulates real world attack-defense scenarios and require you to start with a non-admin user account in the domain and work your way up to enterprise admin of multiple forests. The focus is on exploiting the variety of overlooked domain features and not just software vulnerabilities.

• Access to a lab environment (One/Two/Three months) with updated Server 2019 machines. Lab can be accessed using a web browser or VPN.

• 14+ hours of video course with English captions

• Course slides

• Two lab manuals. One for solving the lab using standalone tools. Second for solving the labs using C2.

• Walk-through videos

• One Certification Exam attempt

The Windows Red Team Lab enables you to:

• Practice various attacks in a fully patched real world Windows environment with Server 2019and SQL Server 2017 machines.

• Abuse Active Directory and Windows features like LAPS, gMSA, AD CS and more

• Execute and visualize the attack path used by the modern adversaries.

• Attack Azure AD Integration (Hybrid Identity).

• Try new TTPs in a fully functional AD environment.

• Understand defenses and their bypasses for (JEA, PAW, LAPS, Selective Authentication, Deception, App Allowlisting, Microsoft Defender for Identity etc.)

The following are the prerequisites for the lab:

• Basic understanding of red teaming/penetration testing or blue teaming/security administration of AD environment

• Ability to think like an adversary and inclination towards abusing features of AD rather than exploits.

Terms of Purchase and Use:

• You can start your lab access anytime within 90 days of purchase

• You need a Google account to accessthe lab portal advancedbootcamp.enterprisesecurity.io

• Purchase includes access to our Attacking and Defending Active Directory video course 14 Hours HD Videos

• One Certification Exam attempt is included in the pricing. Additional exam attempts will be $99 each

• Once connected over VPN, consider the lab to be a hostile environment and you are responsible for your computer's security

• The above lab is a shared environment and certain pre-specified machines will be off-limits

• If you want a dedicated lab just for yourself, please use the form in the Contact-Us tab

Nikhil Mittal is a hacker, infosec researcher, speaker and enthusiast. His area of interest includes red teaming, Azure and active directory security, attack research, defense strategies and post exploitation research. He has 15+ years of experience in red teaming.

He specializes in assessing security risks at secure environments that require novel attack vectors and "out of the box" approach. He has worked extensively on Azure AD, Active Directory attacks, defense and bypassing detection mechanisms.

​

Nikhil has trained more than 10000 security professionals in private trainings and at the world’s top information security conferences.

He has spoken/trained at conferences like DEF CON, BlackHat, BruCON and more.

He is the founder of Altered Security - a company focusing on hands-on enterprise security learning - https://www.alteredsecurity.com/

Terms of Purchase and Use:

• You can start your lab access anytime within 90 days of purchase

• You need a Google account to accessthe lab portal advancedbootcamp.enterprisesecurity.io

• Purchase includes access to our Attacking and Defending Active Directory video course 14 Hours HD Videos

• One Certification Exam attempt is included in the pricing. Additional exam attempts will be $99 each

• Once connected over VPN, consider the lab to be a hostile environment and you are responsible for your computer's security

• The above lab is a shared environment and certain pre-specified machines will be off-limits

• If you want a dedicated lab just for yourself, please use the form in the Contact-Us tab

The Certified Red Teaming Expert is a completely hands-on certification. The certification requires students to solve practical and realistic challenges in our fully patched Windows infrastructure labs containing multiple Windows domains and forests. The certification challenges students to look at the complete infrastructure like a true enterprise network and does not rely only on breaking individual machines. Students will have 48 hours to complete the hands-on certification exam.

A certification holder has the expertise to assess security of an enterprise windows infrastructure having multiple domains & forests by just abusing the functionality & trusts.

To keep the certificate updated with changing skills and technologies, there is an expiry time of three years for it.In case you have to retake the exam, a re-attempt fee of $99 is applicable. There is a cool down period of one month before a student can appear in the exam again. The student will get an exam environment from the pool of our different exam labs. After total 3 attempts (1 included with the lab and two additional attempts), a student must wait for a cool down period of 6 months.

​

Certificate Expiry and Renewal

To keep the certificate updated with changing skills and technologies, there is an expiry time of three years for it. The renewal exam is FREE before the certificate expires. CRTE can also be renewed by taking CRTM. Please take a look at this blog post for more details: https://www.alteredsecurity.com/post/renewal-process-for-altered-security-certifications

• Leverage built-in binaries, tools, scripts, and open source tools such as Bloodhound for enumerating Active Directory.

• Understand enumeration OPSEC to bypass detections from tools like Microsoft Defender for Identity (MDI) and other Identity defense tools.

• Understand about Domain and Forest trust and ways to enumerate the trust.

• Enumerate and understand about ACLs

• Understand the approach of escalating privileges locally on the Windows system.

• Understand OPSEC to enumerate local admin access on remote machines.

• Understand the approach of customizing/obfuscating tools and scripts and understand the approach to bypass Windows Defender Antivirus.

• Understand about various logging mechanism and ways to evade them.

• Learn about various ways to load scripts and tools in memory.

• Use customized tools for extracting credentials, bypassing Windows Defender.

• Understand about Kerberos authentication.

• Enumerate the domain environment and explore avenues to escalates the privileges.

• Learn about Kerberoasting attack and OPSEC considerations for performing Kerberoasting attack.

• Understand about gMSA and learn to generate the gMSA password offline with appropriate privileges.

• Learn, understand and abuse delegation based configurations available in Active Directory environment.

• Explore options to abuse misconfigured ACLs for escalating privileges.

• Learn about various ways to extract credentials and use the same.

• Understand various ways to gain remote access on the target machine and OPSEC considerations.

• Abusing the ACLs to extract credentials from LAPS or generate gMSA credentials.

• Understand how to leverage privileges in the domain environment to deploy persistence in the domain environment.

• Learn about Golden, Silver and Diamond ticket usages and OPSEC considerations.

• Understand about AdminSDHolder system container that can be leveraged for deploying persistence on Protected Groups.

• Understand and abuse ACLs applied on the remote access protocols.

• Understand about Skeleton Key, DSRM, Custom SSP based persistence techniques.

• Computer and User account takeover – Shadow Credentials.

• Understand how to leverage KRBTGT account hash or Trust key to move across the domain.

• Learn and understand about Active Directory Certificate Services (AD CS) environment and ways to abuse the AD CS misconfigurations to escalate privileges.

• Understand how delegation based attacks can be leverages to escalate privileges across the domain environment.

• Understand about Azure Hybrid Identities and ways to abuse.

• Understand about various ways to enumerate ways to gain access across the forest trust.

• Understand about sIDHistory, Trust Keys and leverage the same to move across the forest.

• Understand how delegation based attacks can be leverages to escalate privileges across the forest.

• Learn about ways to enumerate SQL Servers and leverage the DBLinks to move laterally across the forest.

• Understand about Foreign Security Principals and ways to abuse the same to move across the forest.

• Learn and Execute SID Filtering bypass.

• Enumerate abusable ACLs and abuse the same to move across the forest.

• Understand about PAM trust.

• Understand about privileges groups, security flags/settings that can be configured on the privilege accounts / groups.

• Learn and understand the need to leveraging Privilege Administrative Workstation.

• Learn and understand about Time Bound Administrations (JIT & JEA).

• Learn about Tier Model & ESAE environment.

• Learn about various security features such as Credential Guard, WDAC, MDI, LAPS, Protected Users Group etc.

• Learn about ways to detect attacks such as Kerberoasting, Skeleton Keys, Golden Ticket, Custom SSP etc.

• Learn ways to bypass detection & security solutions like MDI.

• Learn about various Deception techniques that can be deployed in an Active Directory Environment to deceive the attacker.