HTDark | Underground Hacking Forum and Cybersecurity Community
  • Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.
Certified Windows Red Team Lab (CRTE)

Certified Windows Red Team Lab (CRTE) 5 GB 2025

No permission to download
You don't need to like the resource to download it.
You have reached your daily download limit.
You have bypassed the message count limit.
Overview History Discussion
Windows-Red-Team-Lab-CRTE.webp


CRTE Course Objective:​

Most enterprise networks today are managed using Active Directory and it is imperative for a security professional to understand the threats to the Windows infrastructure. Our Certified Red Team Expert (CRTE) course and lab is designed to provide a platform for security professionals to understand, analyze and practice threats and attacks against a modern Windows network infrastructure.


Our Certified Red Team Expert (CRTE) course and lab simulates real world attack-defense scenarios and require you to start with a non-admin user account in the domain and work your way up to enterprise admin of multiple forests. The focus is on exploiting the variety of overlooked domain features and not just software vulnerabilities.

This huge lab has multiple interesting tasks that are designed and built upon years of the author’s experience of red teaming windows environments. Every lab task is comprised of multiple challenges like active directory enumeration, local and forest privilege escalation, network pivoting, application allowlisting bypass, active user simulation, Kerberos delegation issues, SQL Servers, forest trusts, Azure hybrid identity and more! Whether you are a beginner, a seasoned red teamer, or a veteran blue teamer, the lab has something for everyone!



What's Included​


  • Access to a lab environment (One/Two/Three months) with updated Server 2019 machines. Lab can be accessed using a web browser or VPN.
  • A ready to use student VM in the cloud that has all the tools and Sliver C2 pre-installed.
  • Life time access to all the learning material (including course updates).
  • 14+ hours of video course with English captions.
  • Course slides.
  • Two lab manuals. One for solving the lab using standalone tools. Second for solving the labs using C2.
  • Walk-through videos.
  • One exam attempt for the Certified Red Team Expert (CRTE) certification.
  • Life time access to all the learning material (including course updates).



What will you Learn?​


The Windows Red Team Lab enables you to:

  • Practice various attacks in a fully patched real world Windows environment with Server 2019 and SQL Server 2017 machines.
  • Abuse Active Directory and Windows features like LAPS, gMSA, AD CS and more
  • Execute and visualize the attack path used by the modern adversaries.
  • Attack Azure AD Integration (Hybrid Identity).
  • Try new TTPs in a fully functional AD environment.
  • Understand defenses and their bypasses for (JEA, PAW, LAPS, Selective Authentication, Deception, App Allowlisting, etc.)
  • Bypassing defenses like Windows Defender, Microsoft Defender for Endpoint (MDE) and Microsoft Defender for Identity (MDI).

Prerequisites for the course​

  • Basic understanding of red teaming/penetration testing or blue teaming/security administration of AD environment
  • Ability to think like an adversary and inclination towards abusing features of AD rather than exploits.
  • If you are new to Red Teaming, Enterprise security and Active Directory security, you may like to go for the
    This link is hidden for visitors. Please Log in or register now.

Red Team Exercises​

30 Learning Objectives, 62 Tasks, >300 Hours of Torture


I. Active Directory Enumeration​

  • Leverage built-in binaries, tools, scripts, and open source tools such as Bloodhound for enumerating Active Directory.
  • Understand enumeration OPSEC to bypass detections from tools like Microsoft Defender for Identity (MDI) and other Identity defense tools.
  • Understand about Domain and Forest trust and ways to enumerate the trust.
  • Enumerate and understand about ACLs

II. Local Privilege Escalation​

  • Understand the approach of escalating privileges locally on the Windows system.
  • Understand OPSEC to enumerate local admin access on remote machines.

III. Offensive .NET and PowerShell Tradecraft​

  • Understand the approach of customizing/obfuscating tools and scripts and understand the approach to bypass Windows Defender Antivirus.
  • Understand about various logging mechanism and ways to evade them.
  • Learn about various ways to load scripts and tools in memory.
  • Use customized tools for extracting credentials, bypassing Windows Defender.

IV. Domain Privilege Escalation​

  • Understand about Kerberos authentication.
  • Enumerate the domain environment and explore avenues to escalates the privileges.
  • Learn about Kerberoasting attack and OPSEC considerations for performing Kerberoasting attack.
  • Understand about gMSA and learn to generate the gMSA password offline with appropriate privileges.
  • Learn, understand and abuse delegation based configurations available in Active Directory environment.
  • Explore options to abuse misconfigured ACLs for escalating privileges.

V. Lateral Movement​

  • Learn about various ways to extract credentials.
  • Understand various ways to gain remote access on the target machine and OPSEC considerations.
  • Abusing the ACLs to extract credentials from LAPS or generate gMSA credentials.

VI. Domain Dominance & Persistence​

  • Understand how to abuse privileges in the domain environment to deploy persistence in the domain environment.
  • Learn about Golden, Silver and Diamond ticket usages and OPSEC considerations.
  • Understand about AdminSDHolder system container that can be leveraged for deploying persistence on Protected Groups.
  • Understand and abuse ACLs applied on the remote access protocols.
  • Understand about Skeleton Key, DSRM, Custom SSP based persistence techniques.
  • Computer and User account takeover – Shadow Credentials.

VII. Cross Domain Attacks​

  • Understand how to leverage KRBTGT account hash or Trust key to move across the domain.
  • Learn and understand about Active Directory Certificate Services (AD CS) environment and ways to abuse the AD CS misconfigurations to escalate privileges.
  • Understand how delegation based attacks can be leverages to escalate privileges across the domain environment.

VIII. Cross Forest Attacks – Executing usual attacks across Forest Trusts​

  • Enumerate information access across the forest trust.
  • Understand about sIDHistory and its abuse using Trustkeys and krbtgt to move across the forest trust.
  • Learn about ways to enumerate SQL Servers and leverage the Database Links to move laterally across the forest.

IX. Cross Forest Attacks – The lesser-known ones​

  • Understand about Azure Hybrid Identities and ways to abuse.
  • Understand how delegation-based attacks can be used to escalate privileges across the forest.
  • Understand about Foreign Security Principals and ways to abuse the same to move across the forest.
  • Learn and Execute SID Filtering bypass.
  • Enumerate ACLs and abuse them to move across the forest.
  • Understand PAM trust and execute attacks by compromising the admin/bastion forest.
  • Learn and execute attacks against trust transitivity.

X. Defenses and bypass – MDE EDR​

  • Learn about Microsoft’s EDR – Microsoft Defender for Endpoint.
  • Understand the telemetry and components used by MDE for detection.
  • Execute an entire chain of attacks across forest trust without triggering any alert by MDE.
  • Use Security 365 dashboard to verify MDE bypass.

XI. Defenses and bypass – MDI​

  • Learn about Microsoft Identity Protection (MDI).
  • Understand how MDI relies on anomaly to spot an attack.
  • Bypass various MDI detections throughout the course.

XII. Defenses​

  • Understand about privileges groups, security flags/settings that can be configured on the privilege accounts / groups.
  • Learn and understand the need to leveraging Privilege Administrative Workstation.
  • Learn and understand about Time Bound Administrations (JIT & JEA).
  • Learn about Tier Model & ESAE environment.
  • Learn about various security features such as Credential Guard, WDAC, MDI, LAPS, Protected Users Group etc.

XIII. Detection & Detection Bypasses​

  • Learn about ways to detect attacks such as Kerberoasting, Skeleton Keys, Golden Ticket, Custom SSP etc.
  • Learn ways to bypass detection & security solutions like MDI.

XIV. Deception​

  • Learn about various Deception techniques that can be deployed in an Active Directory Environment to deceive the attacker.

Certification​

Certified Red Team Expert (CRTE)
The Certified Red Teaming Expert is a completely hands-on certification. The certification requires students to solve practical and realistic challenges in our fully patched Windows infrastructure labs containing multiple domains and forests. The certification challenges students to look at the complete infrastructure like a true enterprise network and does not rely only on breaking individual machines. Students will have 48 hours to complete the hands-on certification exam.


A certification holder has the expertise to assess security of an enterprise windows infrastructure having multiple domains & forests by just abusing the functionality & trusts.

To keep the certificate updated with changing skills and technologies, there is an expiry time of three years for it. In case you have to retake the exam, a re-attempt fee of $99 is applicable. There is a cool down period of one month before a student can appear in the exam again. The student will get an exam environment from the pool of our different exam labs. After total 3 attempts (1 included with the lab and two additional attempts), a student must wait for a cool down period of 6 months.

Certificate Expiry and Renewal

To keep the certificate updated with changing skills and technologies, there is an expiry time of three years for it. The renewal exam is FREE before the certificate expires. CRTE can also be renewed by taking
This link is hidden for visitors. Please Log in or register now.
. Please take a look at this blog post for more details:
This link is hidden for visitors. Please Log in or register now.


Exam Structure
The students are provided access to an individual AD environment, which is fully patched and contains the latest Windows operating systems with configurations and privileges like a real enterprise environment.

To be successful, students must solve the challenges by enumerating the environment and carefully constructing attack paths. The students will need to understand how Windows domains work, as most exploits cannot be used in the target network.

At the end of the exam, students need to submit the detailed solutions to challenges along with practical mitigations.

Certificate Benefits
CRTE is the next level after CRTP. CRTE is one of the well-known certifications that establishes your credentials as a security professional who has intermediate/expert level of hands-on and understanding of red team, enterprise security and Active Directory security skills.

A certificate holder has demonstrated the capability of enumerating and understanding an unknown Windows network and can identify misconfigurations, functionality abuse and trusts abuse. She can use, write and modify open source tools and can abuse other built-in tools to perform enumeration, local privileges escalation, impersonation, pivoting, whitelisting bypasses, and antivirus evasion as well as identify sensitive data with minimal chances of detection.
Download
Free download for users PRIV8
Password
htdark.com
Author
dEEpEst
Downloads
0
Views
424
First release
Last update

Ratings

0.00 star(s) 0 ratings
Join the discussion More information

More resources from dEEpEst

Share this resource

Back
Top