top of page
  • Writer's pictureNikhil Mittal

Our vision for Red Team Labs, Platform and Certifications (CRTP, CRTE, CARTP and more)

Updated: Sep 12, 2023

Back in 2012, I started teaching about Red Team, Penetration Testing, Active Directory Security and Offensive PowerShell. I did a couple of workshops at BlackHat plus some private classes and quickly identified there is a lack of a lab environment that is affordable, easy to access, has multiple connected machines and is fun to solve! I started using a cloud hosted lab environment in my classes and they were very popular!


There was always a demand for access to the labs but I was not sure if they would financially make sense. Finally, in 2018, after literally years of hesitation, we launched the Advanced Red Team Lab in partnership with PentesterAcademy (acquired by INE in October 2021). The lab was an instant hit and motivated us to bring out more labs and courses on Red Team, Active Directory Security, Azure Red Team and Pentesting and Azure Application Security! We also launched some of the most popular red team certifications in the industry - CRTP, CRTE, PACES (now CRTM), CARTP and CAWASP.


Note that we always owned all the lab names, certification names and associated IP :)

Fast forward to January 2023 and we have now launched all the red team labs and certifications on our own! Based on our Red Team Lab Platform, this helps us in going back to our original vision of making courses and labs:

- Affordable

- Easy to Access

- Stable and provide great user experience

- Fun to Solve

- Big enough to feel enterprise-like


We carefully design all of the labs to keep them as affordable as possible. More so for the beginner friendly ones :)


Why should I learn about Red Team and Penetration Testing?

Red Team and Penetration Testing are very exciting career choices! While both have different approach, the rewards and excitement of both are similar. To be able to legally compromise organizations and getting to fix the loopholes and vulnerabilities is very satisfying!


Any security assessment, be it a penetration test or red team operation is more successful when the TTPs (Tactics, Techniques and Procedures) rely on abuse of functionality and misconfigurations. On top of that, relying on administrator tools and scripts present in the target environment (also known as Living Off the Land) makes any such assessment a lot more silent in terms of detection.


Any security professional trying to emulate an adversary will find such tradecraft very valuable! All of our red team labs and courses focus on abuse of functionality, feature abuse and misconfigurations. This means that whatever you learn in these training would remain correct for a very long time as features are rarely patched :)


What is the significance of Active Directory and Azure Security in Enterprise environments?

More than 95 percent of Fortune 1000 use Azure and/or Active Directory. It becomes imperative for a penetration tester or red teamer to know these components used in enterprise environments.


Unfortunately, we identified that there is a significant lack of knowledge when it comes to Active Directory and Azure security. There are a large number of courses, platforms and training options available for individual machines and challenges but there is a severe lack of guided learning at affordable price for these enterprise backbone technologies. Our red team labs and platform offers a solution to that!


Ready to know more about Red Team Labs? Let us give you a tour!

A career in Red team or as a Penetration Tester (or any kind of information security profession) needs hands-on skills! Our labs provide enough opportunities to get those skills at affordable prices. Our certifications helps you go through HR filters :)

Red Team Certifications
Red Team Certifications

Attacking and Defending Active Directory lab with Certified Red Team Professional (CRTP) certification

This is our beginner friendly lab and certification! The lab is designed to provide a platform for security professionals to understand, analyze and practice threats and attacks in a modern Active Directory environment.


One of the most popular red team certifications, CRTP is listed as job requirement by many organizations.

Attacking and Defending AD - Lab Diagram

Two learning options are available for this course and lab:

On-demand: Attacking and Defending Active Directory Lab - https://www.alteredsecurity.com/adlab


Bootcamp: Attacking and Defending Active Directory - Beginner's Edition


Advanced Windows Red Team lab with Certified Red Team Expert (CRTE) certification

This is an intermediate/expert level lab and certification. This lab picks up from where CRTP ends. It takes your understanding of red team and active directory to the next level and focuses more on OpSec, Living Off the Land and bypassing security controls like MDI, WDAC and more. The Advanced Windows Red Team lab is HUGE and discusses many cross forest attacks.


CRTE is the first certification that we launched and is one of the most respected and in-demand certifications!

Advanced Red Team Lab Diagram

Two learning options are available for this course and lab:

On-demand: Attacking and Defending Active Directory Lab - https://www.alteredsecurity.com/redteamlab


Bootcamp: Attacking and Defending Active Directory - Advanced Edition


Attacking and Defending Azure Lab with Certified Azure Red Team Professional (CARTP) certification

This is a beginner friendly course and lab. This course and lab helps you in upskilling to one of the most coveted skill in cloud - Azure Security! Though the course is beginner friendly, it is pretty comprehensive and covers loads of topics in Azure. The lab that comes with this course is HUGE and runs on multiple live Azure tenants. I can tell you that there is no such lab available at this price :)


The CARTP certification pioneered the Azure Red Team certifications :)

Attacking and Defending Azure Lab Diagram

Two learning options are available for this course and lab:

On-Demand: Attacking and Defending Azure Lab - https://www.alteredsecurity.com/azureadlab


Bootcamp: Attacking and Defending Azure - Beginner's Edition https://www.alteredsecurity.com/cartp-bootcamp


Global Central Bank - An Enterprise Cyber Range with Certified Red Team Master (CRTM) certification

For the veterans! This lab is designed to grill our red team and Active Directory skills. It aims to be both frustrating and rewarding :) The lab is spread across multiple forests and has some truly unique attack paths!


The CRTM certification is one of its kind and you get bragging rights to be a part of an exclusive club!

GCB Lab Diagram

One learning option is available for this lab:

On-Demand: Global Central Bank - https://www.alteredsecurity.com/gcb



AD Certificate Services for Red and Blue Teams Lab with Certified Enterprise Security Professional - ADCS (CESP - ADCS) certification

This is a beginner friendly course with focus on an often-overlooked part of enterprise infrastructure - Active Directory Certificate Services (AD CS).


The lab covers a lot of interesting topics like CA enumeration, Local Privilege Escalation, Persistence by abusing Certificates, Domain Privilege Escalation by - abusing CA, Certificate Templates, Abusing Certificates – Client Auth, EFS, Code Signing, SSH etc., Domain persistence after compromising CA, Network Pivoting by abusing VPN Certificates, Abusing certificates on Linux machines, Lateral movement to Azure and a lot more!


A certificate holder has demonstrated the understanding of AD CS security. They can execute attacks against an enterprise environment containing AD CS. They are ready to integrate AD CS attacks in their TTPs and attack methodology. They also understand how the misconfigurations can be fixed and can help in securing an AD CS setup.

One learning option is available for this lab:

On-Demand: AD CS Attacks for Red and Blue Teams - https://www.alteredsecurity.com/adcs


Azure Application Security with Certified Azure Web Application Security Professional (CAWASP)

This is a beginner friendly course that focuses on application security in Azure. Like our other courses, there are loads of hands-on and demonstrations in this course. The course has two labs! Each student gets a dedicated lab and as a bonus, there is a shared lab to practice with fellow students. The class also covers security controls useful in defending against the discussed attacks.


A CAWASP certification holder demonstrates hands-on knowledge of performing security assessments of various web application technologies on Azure and understanding of security controls that could be used for defense.

Azure Application Security Attack Lab

Two learning options are available for this course and lab:

On-Demand: Azure Application Security Lab (Available from 15th February 2023) -


Bootcamp: Azure Application Security - Beginner's Edition https://www.alteredsecurity.com/cawasp-bootcamp


Attacking Active Directory with Linux

An elementary level course from us! Learn to attack Active Directory from Linux. Each student gets a dedicated lab environment. Unlike our other labs, the lab access is limited to 35 hours of runtime in this course. However, that is more than enough to solve the lab multiple times and capture all the flags.

One learning option is available for this lab:

On-Demand: Attacking Active Directory with Linux - https://www.alteredsecurity.com/linuxad


Which Red Team lab should I choose? How much lab time do I need?

If your area of interest and/or job is on-prem Active Directory security, Red Team and Penetration Testing, you should go for CRTP, CRTE, CRTM and LinuxAD.


If your area of interest and/or job is cloud security, red team and cloud penetration testing, you should go for CARTP and CAWASP.


To decide on the lab duration, use the following table for coming to a decision:

Course, Certification and Area of Interest

Beginner

(No experience)

Intermediate

(Some experience of Red Team and Enterprise Security)

Expert

(Good experience of Red Team and Enterprise Security)

Attacking and Defending AD (CRTP)

3 months

2 months

1 month

Advanced Red Team Lab (CRTE)

CRTP + 3 months

2 months

or

CRTP + 1 month

1 month

or

CRTP + 2 months

GCB Cyber Range (CRTM)



CRTE + 3 months

2 months

or

CRTE + 1 month

1 month

or

CRTE + 2 months

Attacking and Defending Azure (CARTP)

3 months

2 months

1 month

AD CS Attacks (CESP - ADCS)

3 months

2 months

1 month

Azure Application Security (CAWASP)

3 months

2 months

1 month

LinuxAD

1 month

NA

NA


What are the modes of learning?

There are 2 learning modes available:

  1. On-Demand: Learn at your own pace, practice in the labs, ask questions over email or Discord! This mode is available for all of our labs!

  2. Bootcamp: Instructor-led classes with almost the same course and labs! Learn over 4 weekends with a group of fellow students! This mode is available for - CRTP, CRTE, CARTP and CAWASP!

In both the learning modes, you get access to the labs using our red team labs platform on enterprisesecurity.io


What is in the pipeline?

We are working on some really exciting courses, labs and updates to the lab platform. Stay tuned!


I am an existing certificate holder. Can I get a certificate with new branding of Altered Security?

We would love to issue you a certificate with new branding. Please reach out to contact[at]alteredsecurity.com Please note that the certificate expiry would remain the same for newly issued certificates.


My certificate is about to expire. What about certificate renewal?

The certificate renewal process is free, fun and maintains the quality of the certifications. Please find more details here - https://www.alteredsecurity.com/post/renewal-process-for-altered-security-certifications


What are the students saying?

Our students love us! Check out some of the review below. Please note that the below reviews include the ones that were written when PentesterAcademy (INE) was selling the labs.

Also, thehackerish reviewed CRTP, CRTE and CRTM (previously PACES) on their Youtube channel


Nikhil Mittal (@nikhil_mitt)

Founder, Altered Security

Recent Posts

See All
bottom of page