CRTP Review
Hello folk, after a GOOD!! time with CRTP course, I just got an congreturation email from adlabs. And today i’m gonna review my experience with the course
About Me
I’m currently working as a penetration tester and security consuatant. Love to play CTF.
Registeration
It is really easy when you want to pay for someting. As this couse, you just put in your name and gmail, sellect lab time access, then pay for it. Afther the payment is confirmed, you will receive an email from platform how to connect to the platform.
My choise was 30 days, I have no time to play much cause my current job. But this is sutable for me.
About the course
The meterial consist of videos, pdf and tools. I do not type of a video watcher it made me sleepy but the content and lab made me so excited. For the updated content, you can find the course structure at “https://www.alteredsecurity.com/adlab” on the tab “What will you Learn?”
I seperate the course into 2 main domains
Offensive Security
- Active Directory Enumeration
- Local Privilege Escalation
- Domain Privilege Escalation
- Domain Persistence and Dominance
- Cross Trust Attacks
- Forest Persistence and Dominance
Defensive Security
- Defenses — Monitoring
- Defenses and bypass — Architecture and Work Culture Changes
- Defenses and Bypass — Deception
- Defenses and Bypass — PowerShell
During the course, you will facing with MANY!!! abbreviation, and you cannot avoid it. To solve the problem I used flash card application helping me to remember them. but not to only remember what is it stand for, every time playing with the flash card I also ask myself that I really understand the meaning of the word. For example, ACL stands for “Access Control List”. Then what is an Access Control List?, What can go wrong with it?, How can we take an adventage on it?
When you got an access to the platform, the lab time have not started counting yet. To begin the lab, you need to email to support team. You can start lab access anytime you want but about within 90 days from the purchased date. I think this is an adventage to student because of we have a time to learn from the material, take note, extract command before lab time is started.
Extracting commands from material is really important, because of the material are pdf files. If you directly copy/paste command from the material, the command will be broken. I pesonally used GitBook to collect them. change my mind if you have better one ^_^
Lab Time
After I already took all of commands from the meterial and lab mannual, I emailed to the support team to setup lab environemnt for me. It took for 5 to 6 hours in my case.
The lab starts as we are an attacker who has a foothole on a joined domain machine. We have to compomise each machines by taking an adventage of the configuration, features, services and etc. No public exploit is reqired in this course.
After walk through the course, I summerized the concept as below
- As the current user access, do I have a local administrators permission? if not, try to escalate to local admin
- Check if the current user has any local admin access on another machines
- Dump credential from machines which we have local admin access
- Use the credential to access to another user/machine
- Go back and repeat from step 1
And during the process, there are vaious techniques you can learn from the course such as Unconstrained Delegation, DCSynce, Kerboroast attack, Golden/Silver/Diamond tickets, DSRM, Using printer bug and etc.
Exam
Since the platform does not require us to make any reservation for the exam date. I can wait for the most sutable moment to take it. Just only 10 — 15 minutes of building an exam environment, then I can get started.
When the exam start, I was shocked because my methodology was destroyed by the environment of the exam. I can only say that it does not like what I have prepared for. But with the concept of try harder, I breath deeply and calm down. It took me 20 hours to complete the exam. I found that everything can be done if you follow the lab and adapt it within the exam properly.
Timeline
4 May 2023 : Start the exam
5 May 2023 : Submitting report
6 May 2023 : Got a result
7 May 2023 : Got an official result
Conclusion
The course touch me alot about how to play around with the active directory environment. I think it would easier if I got deeper understanding about kerborost authentication, powershell and AD configuration. This lab feel me the same as OCSP, not about the technical but good experience. I don’t wanna compare both of them but in my opinion thay are different.
