Today, Gh0sthax and I talk about week 3/4 of the CRTP - Certified Red Team Professional training, and how it's kicking our butts a bit. Key points include:

• We agree this is not a certification for folks who are new to pentesting

• Don't expect to be following along "live" with the instructor during the training sessions

• You'll need to do a flippin' ton of studying and practicing on your own in between the live sessions

• As you follow along with the lab exercises, some things won't work - and that might be by design, but the lab manual might not give you a heads-up. In those cases, be sure to check with your classmates in the Discord channel

• Problems popping shells? Hint: it might not be a problem with your tools...but with your network/firewalll config!

• The more PowerShell skills you can walk into this training with, the better.

• We've got to play with some tools that were new(ish) to us:

  • PowerUpSQL - check out these awesome cheat sheets too!
  • HeidiSQL
  • Rubeus

• If you're an absolute rockstar in the pentest labs, don't think that you'll breeze right through the exam!

• Some pros of this training: fast-moving, super knowledgable instructor. Outstanding content. Super value for the dollar investment - arguably the best pentest training bang for the buck. The labs themselves are quite good and realistic. You get the recordings of the live sessions after they're complete. The course covers some defense against these attacks as well - great to have the blue team perspective!

• A few cons: the content might be too fast-moving. It can get easy to become "lost" and forget the objective of what each lab exercise is having you do. Lab manual doesn't necessarily match the PDF slides.