20 June 2022

Certified Az Red Team Professional: A Review

Introduction

I recently passed the Certified Az Red Team Professional (CARTP) exam after going through the course: Attacking and Defending Azure AD Cloud from Pentester Academy. This course is taken before the CARTP exam and helps with developing an Azure pentesting methodology. This post will cover my experience in completing the course, labs and exam as well as tips and strategies that I found useful when taking this course.

Course

The course is presented as being beginner-friendly. However, I didn't find it to be at the beginner level due to the pace of the course and the difficulty of the exam. It is an instructor-led course that includes a bootcamp comprising 4 sessions over 4 weeks. The course focuses on both the attack and defence of Azure. However, the majority of the course focuses on the attacks while the defence is only covered in theory. The course is structured using a kill chain and as the course progresses, there is a back and forth movement between the kill chain components. This may not be clear at first but happens due to some attacks from the learning objectives falling under multiple kill chain components. Each section of the course begins with some theory and commands, which are followed by learning objectives to put into practice what has been learnt. There are also graphical diagrams that are provided with the course, which illustrate the links between the different attacks throughout the course. This provides a better way of understanding the relationships between all of the attacks at a glance.

Labs

For the labs, you can either connect to them using your web browser or via a VPN. The labs include various Azure tenants and are aligned to the kill chain. As a result, the labs begin with recon and enumeration exercises and also include lateral movement from one tenant to another, which the learning objectives also follow. Each student is given access to a private machine to practice the concepts learnt in the course while the Azure tenants are shared with other students. Flags can be submitted while going through the learning objectives and can help further reinforce the concepts that are learnt in the course. There is also a CTF which can provide further practice especially with testing your methodology. While the labs were a great resource for practice, the downside is that you only get lab access for a limited period, which in my experience lasted just over 4 weeks after starting the course. There are no lab extensions and one would need to purchase the course again to get access to the labs.

Exam

There is a 24-hour practical exam with the following goal: to compromise resources across multiple tenants and ultimately capture the final flag. The submission of a report is also required and should document all the steps that were taken to obtain the final flag. While the labs come with tools preinstalled, the exam machine does not and you are given an extra hour to install the tools. Unlike some other certifications where you are required to book the exam in advance, you can start the exam without booking it. While the course content may seem sufficient for passing the exam, you may need to do further reading on the course topics.

Tips and Strategies

Below are some tips and strategies that can help during the course and exam:

  • Create a cheat sheet: this will serve as a command reference, which you can refer to during the exam
  • Practice using the Azure command line, portal and REST API: knowing different methods to perform the same action is important in case one method does not work
  • Complete the learning objectives and flags: this serves as good practice
  • Do the CTF: this will help test your methodology
  • Create a checklist for obtaining and using credentials: knowing where to obtain credentials and where to use them is beneficial for the exam
  • Plan the exam around support times: this will help in case you need to contact support during your exam

Conclusion

After going through the course, I found its practical component (learning objectives, flags and CTF) to provide multiple ways to practice the concepts learnt throughout the course. I found this to be unique compared to previous certifications that I have done. The main critiques were that there were no lab extensions and that while presented as being an attack and defence course, the majority of the course focuses on the attacks while the defence is only covered in theory. Overall, I would recommend this course to anyone that wants to learn offensive techniques for testing Azure environments.

tags: azure cartp cloud penetration testing