7 Minute Security

Hello friends!  Today, Joe (Gh0sthax) and I complete our series on CRTP - Certified Red Team Professional - a really awesome pentesting training and exam based squarely on Microsoft tools and tradecraft.  Specifically, Joe and I talk about: We don't think the training/exam is for beginners, despite how its advertised Both the lab PDF and PowerPoint have their own quirks - which may ultimately be teaching us not to be copy-and-paste jockeys, and instead build our own study guides and cheat sheets Don't let the training give you the idea that most pentests have a super fast escalation path to DA (ok yes sometimes they do, but usually we spend a LOT of hours working on escalation!) Watch the walkthrough videos.  We repeat: WATCH THE WALKTHROUGH VIDEOS! Although not required, we highly recommend capturing all the flags laid out for you in the lab environment Know how to privesc - using multiple tools/methods It would be to your advantage to understand how to view/manipulate Active directory information in multip