CRTOv2 Review

CRTOv2 Review

Hello everyone! I know it’s been a while, but I wanted to start by saying I hope you all had a great holiday season and a fulfilling year. I’m excited for what’s ahead and hope this next year is just as great, if not better, than the ones before.

Contextual information:

As some of you may notice, the certification discussed in this article looks very familiar to the one covered in an article published on June 11th, 2024.

When RastaMouse decided to migrate to his new site, which he discussed in this article, I did not pay much attention at the time. I already had the original certification and assumed it would simply migrate over.

Fast forward to the end of November, I was speaking with one of my close penetration testing friends about the sale and joked about not needing to redo the certification. While doing some research afterward, I discovered that the course and exam had been completely revamped.

This discovery initially irritated me, as my first thought was, "What the heck? I already did this, so why do I have to do it again?" However, I found out that I had access to the new course for free since I had paid for it previously, and the exam attempts were free and unlimited.

I had already planned to purchase and complete Red Team Ops II to finish the Zero Point collection, and I thought to myself, "Why not complete this new course and exam as a refresher and add another certification to the collection?"

Course Overview:

According to the official site, this course is described as follows:

This course provides you with the knowledge and skills necessary to excel in performing adversary simulation and emulation exercises with Cobalt Strike.

The first notable difference is that this course set now has a base price, rather than the multiple pricing options available in the previous version, which was priced at £399.00.

Since I had already purchased this course previously, the new website had it available in my inventory and ready to go.

Course material:

With regard to the course material, there were not a large number of changes overall. However, the updated content now focuses on a newer version of Cobalt Strike, which was great to see, as many quality-of-life features have been added. Another notable change was the initial access method, which was completely different from the approach used in the previous course.

RastaMouse also removed some redundant or less commonly used material from the course, including content related to SCCM abuse.

Labs:

Moving into the labs, this is where the changes became very obvious.

I want to start with some of the positive changes. The labs now offer permanent access, with the only limiting factor being two sessions per lab per day, which is more than sufficient. Additionally, the labs no longer rely on Guacamole for access. Instead, everything is accessed natively through the browser, which makes the labs much easier to work with. This eliminates the need to struggle with copy and paste issues or rely on screenshots, both of which were problems in the previous version.

As for the negative changes, my main concern is that the labs hold your hand too much. They provide exact commands and can be completed with minimal understanding of the underlying concepts. I understand the need to cater to a newer audience, but this approach can give a false sense of confidence, especially since the labs in the course are relatively easy.

That said, this does not mean the labs are meaningless. They still provide value if the student takes the time to understand why a particular action is performed to achieve a specific result.

To put this into perspective, the course material and labs only took me about a week and a half to complete.

Exam:

Public information about the exam is limited, so I cannot go into detail about how it is structured. However, I can say that the new exam is very different from the previous version, and this difference is a positive one.

Be sure to read the exam information thoroughly so you understand the main objectives and the passing criteria. This will help you avoid wasting an attempt and ensure you understand how retakes are handled.

My exam experience was excellent from start to finish on both attempts. As you may have guessed, I did need to take the exam twice. I failed my first attempt due to certain factors that I will not spoil, and it took me a few days to reach completion. On my retake, however, I passed with flying colors in a much shorter amount of time.

Final Thoughts:

  • This was not a course revamp that many people were asking for, but it was clearly what was needed, and I respect RastaMouse for making this decision for the benefit of the community.
  • The course itself is phenomenal, although the labs were a bit easy for my personal taste.
  • I believe anyone who has never taken Red Team Ops I, or who completed the previous version, should at least review the updated material.