Wij zijn |
Certified Azure Red Team Professional (CARTP) review
As a cybersecurity professional, I had a basic understanding of Azure and its functionalities. However, I had never delved deep into its security aspects. Recognizing the growing importance of Azure security in the industry, I decided to expand my knowledge and skills in this area. This led me to enroll in the Certified Azure Red Team Professional (CARTP) certification offered by Altered Security (former Pentester Academy).
The CARTP certification is a designed to provide an in-depth understanding of Azure security, focusing on Azure and Azure AD’s potential risks. The course is structured around multiple complex kill chains/attacking paths against a lab containing multiple live Azure tenants with simulated user interactions, covering all phases of Azure red teaming and pentesting.
The course content is delivered in a manner consistent with other courses from Altered Security, which I was already familiar with from my Certified Red Team Professional (CRTP) course. The course is a mix of lectures, demos, exercises, and hands-on practice, with a strong focus on methodology and techniques rather than specific tools.
The course embodies a hands-on learning experience. Each newly introduced concept is immediately put to the test in a lab environment, reinforcing understanding and application. The course is designed in such a way that each task has a specific objective – to find a ‘flag’. These flags, once found, can be submitted to an online portal. This portal not only validates the successful completion of the task but also serves as a progress tracker, allowing me to monitor my advancement throughout the course. This immediate feedback loop of learning, applying, and validating enhances the overall learning experience, making the course both engaging and effective.
During the course, in addition to the materials provided by Altered Security, I found the cheat sheet by 0xJs to be a great resource. This cheat sheet, available on GitHub, is specifically designed for the CARTP course and covers a wide range of topics including general information, reconnaissance, initial access attacks, authenticated enumeration, privilege escalation, lateral movement, and persistence.
The exam is a 24-hour practical test, designed to evaluate the knowledge and skills you’ve gained during the course. It’s focused on Azure-related complexities and requires you to compromise all resources and retrieve the final flag. Following the hands-on part of the exam, you have an additional 48 hours to write and submit a comprehensive report.
In the exam environment, no tools are provided in advance. So, I advise having all your tools ready and set up in advance before diving into the exam.
The CARTP course is an invaluable asset for any security professional looking to enhance their skills in Azure AD security and learn how to pentest it. The course imparts a thorough understanding of Azure-based attacks, and the live lab environment offers a unique opportunity to apply the learned skills in a realistic setting. The course is challenging yet fair, ensuring that students have a comprehensive understanding of Azure security by the end of it.
Hoe kunnen wij u helpen?
Ontdek hoe je de Server-header in HTTP-responses beheert voor IIS, Nginx en Apache om je webserver veiliger te maken. Veiligheid is geen luxe, maar een noodzaak.
Pentests.nl has discovered a vulnerability in Check Point Gaia Portal which, as an authenticated user, could be exploited to execute commands on the operating system.
Duik in de wereld van SQL-injectie, een veelvoorkomend webbeveiligingsrisico. Deze blogpost onthult hoe SQL-injectie werkt, de verschillende soorten die er zijn, en hoe je jezelf kunt beschermen. Verrijk je kennis over webbeveiliging met praktische voorbeelden en leer over de beste preventietechnieken.