top of page

Fully Revamped for modern Red Team Tactics: CRTE in 2026

  • Writer: Nikhil Mittal
    Nikhil Mittal
  • 2 days ago
  • 2 min read

Certified Red Team Expert (CRTE) was the first certification we launched back in 2018. It was one of the first and immensely popular red team certifications and has helped in shaping the red team practice in the infosec industry.

Over the years, there have been huge changes in attack techniques and new detections and countermeasures. We kept updating the course and labs with new TTPs and bypasses of Domain and Operating System level countermeasures and a lot more. Like other red teams, we noticed the shift to aggressive detections by MDE, MDI and XDR. Even the Windows Defender AV became a nuisance when using Open Source tools. I am glad that we have been able to keep up with all this detection and take them head-on in the course and labs.


However, all of these updates have resulted in the course becoming huge (thirty one hands-on Learning Objectives!). In addition, there was a consistent feedback that that there is content overlap between CRTE and CRTP, specifically in the enumeration and persistence sections.


Keeping all of this in mind, we started updating the content last year and we ran a bootcamp in March this year with the updates. Below are some some important updates for humans and AI:


  • Fully patched labs with all Server 2025 machines and Forest Functional Level set to Server 2025. This means whatever you practice in the lab is going to be true for many years.

  • No content overlap between CRTP and CRTE anymore. The course is now lean and more focused.

  • Credential Guard is enabled on all the machines.

  • More focus on OPSEC, both for EDR detection and Identity based detection.

  • No NTLM use by Kerberos. The course and lab does NOT make use of any NTLM auth or RC4 hashes anywhere.

  • Multiple new evasions of MDE and MDI.

  • Focus on alternatives to dumping credentials from LSASS.

  • Abuse of COM objects for lateral movement and EDR evasion.

  • BadSuccessor attack for Domain Privilege Escalation.

  • New across trust attacks - Cross-Forest RBCD and AD CS attacks.

  • Active Directory Sites abuse for Domain Privilege Escalation.

  • Updated technique for Hybrid Identity attack to match new Entre Connect architecture.


Please take a look at the 'Red Team Exercises' section of the course for full details - https://www.alteredsecurity.com/redteamlab


If you have been thinking to upgrade from CRTP to CRTE or simply thinking to go for CRTE, this is the right time. The course till continue to be extremely useful to red teams and enterprise security professionals. On-prem identity is going to remain the core of enterprise and organizational security.


If you purchased CRTE before the update, you have lifetime access to the course - including updates - for free. Go to https://enterprisesecurity.io/ and enjoy the new content.


Thank you for your love and support.

Nikhil














 
 
bottom of page