Certified Red Team Operator – Course review

During March and April 2020 I had been engaged in carrying out a comprehensive Red Team assessment against Zero-Point Security and their newly acquired start-up Cyberbotic. This is more or less how a course named Red Team Ops begins. I welcome you to read this short review of the newly created course by Zero Point Security. Author of the course is a well known in infosec community influencer Daniel Duggan, AKA @_RastaMouse

What will you learn?

For me there is never too much of a possibility to learn how to abuse Active Directory environments. This, but not only, is what you will learn in the course. Most interesting to me and different from other courses I took on a similar topic (like in previously reviewed Certified Red Team Professional course), was the use of the C2 frameworks. The course is giving you examples of how to use Covenant C2. But you are not limited to just this tool and you can use any other C2 of your preference. You will be pushed through all the stages of a Red Team operation, from recon to initial access with spear-phishing up to getting full cross-domain takeover. To learn more about the syllabus go there: https://www.zeropointsecurity.co.uk/red-team-ops.

What are you getting?

The Red Team Ops course consists of three main parts:

  • The materials – they are in the form of access to an e-learning platform based on the Canvas platform (initially it was a PDF). Those materials are in the form of writings and videos. It is also worth mentioning that access to the platform never expires. You keep access to up to date content forever. This is not the case for the lab access of course. The important fact is that you need to pass the assignments in order to make the learning modules completed. Upon completion of all modules, you will get a chance to schedule an exam.
  • The lab – you are getting access to it through a VPN. What is also interesting, you are getting instructions on how to create your VMs and automated scripts that will configure them for you with all the necessary tools.
  • The exam – 48-hour challenge whereas you need to find and submit at least three of four flags (3/4) in order to pass. There is no requirement to write a report (thanks uff). Flags are enough to get you the exam badge of Certified Red Team Operator, which I was lucky to obtain.

Who is it for?

For everyone interested in red teaming and pentesting. If you are a fresh starter in those topics do not worry.

It’s all about your determination.

The course says it is pitched towards beginners and juniors so give it a shot. I tried and completed it. Most frustration did not come from not understanding the topics (which were explained very well in the course materials) – but from the tool-related issues. The Covenant was very unstable during the entire time of my course. However I eventually overcome the issues and learned tons of tricks new to my tradecraft. This is what it is all about. Not just checking another cert badges to your CV. Am I right?

If you have OSCP certification and you are an experienced AD pwner you can take the external route and totally omit course materials and it’s assignments and goes straight to the exam.

One additional thing is that you are getting access to a dedicated slack channel with other students. On this channel you can exchange ideas on how to approach specific topics in case you are stuck. So you are not alone 🙂

Final words

I can recommend this course to everyone, not just to freshers but also the experienced ones. Over the time of my lab access I observed updates to the content. I am sure I will be coming back to that material often, as a reference for my future engagements. Most importantly – I learned a lot.