CRTP Review 2025: Is It Worth It for Active Directory Red Teaming?

Hello everyone, I’ll start by introducing myself. I’m El Mehdi Dridi, an ICT student passionate about red teaming, especially AD pentesting. This year I’ve been practicing on Hack The Box and VulnLab labs. That experience gave me useful hands-on knowledge about Active Directory, and at some point I asked myself:

“What if I take an AD certification to validate these skills?”

While I was deciding which certification to pursue, our team no!dea placed third at the Cybersphere — the Tunisian Cybersecurity National Congress. As part of the prize, we won a CRTP voucher, which made the choice clear: I decided to go for the CRTP exam.

What is CRTP?

CRTP (Certified Red Team Professional) is a hands-on certification focused on AD penetration testing and red team tactics. The course provides a real-life AD infrastructure — a great enterprise environment to practice attacks and defenses, which I really liked because it feels like real-world pentesting.

Course and Labs

The CRTP package includes:

• Course videos
• 30 days of lab access
• 24 hours exam
• 48 hours to submit the report

The course is excellent. It explains each topic — enumeration, attack vectors, exploitation — in detail. What stood out to me is that it doesn’t just teach you commands; it also dives into what happens behind the scenes during attacks, often illustrated with diagrams and real-life examples. Being able to practice immediately in a realistic enterprise environment adds immense value.

Detection, Mitigation, and Opsec

The course also covers stealthy operation techniques to avoid detection by EDR/MDR solutions, and includes mitigation and hardening recommendations. That defensive side is useful for understanding both attack and remediation.

Prerequisites

While CRTP is beginner-friendly in structure, you should ideally have:

• A solid understanding of Windows fundamentals
• Basic to intermediate PowerShell knowledge
• Familiarity with tools like BloodHound, Mimikatz, and PowerView

Comparison with HTB & VulnLab

Hack The Box and VulnLab (now merged) are excellent AD training platforms. Personally, I strongly recommend HTB labs, especially after the partnership with VulnLab — they offer a huge variety of AD challenges and are one of the best resources to prepare.

The main difference is that CRTP provides RDP (GUI) access to the lab hosts, while HTB labs are accessed remotely over VPN from your local host. Both approaches are valuable: RDP makes some workflows easier, while VPN access mirrors real-world remote exploitation.

Exam Day & Report

On exam day I faced a realistic scenario and had to submit a detailed professional report. The lab connection was stable, and the support team usually fixed problems quickly (within about 5 minutes). I completed the technical part of the exam in about 7 hours out of the 24 allowed.

The toughest part for me was the report — it took around 14 hours to write because it had to be very detailed. I believe the report is what truly gives CRTP its professional impact, since it reflects how a real red team engagement is delivered to a client.

After submission, the staff contacted me within 5 days to confirm that I had successfully obtained the certification, and on the 6th day they sent me the official certificate.

Final Thoughts

CRTP is a very professional, practical certification that proves real AD pentesting skills. I recommend it for anyone who already has Windows/AD basics and wants hands-on red team experience. Alongside that, I also recommend practicing on HTB (especially now with VulnLab) as a perfect complement for your preparation.

Finally, I want to thank the AlteredSecurity staff for their support, and especially Mr. Nikhil Mittal for designing such a high-quality course and lab environment.

---

Feel free to reach out on Twitter/X if you have any questions about the CRTP certification!