Certified Red Team Analyst (CRTA) Exam Review
Honest Review and No sponsorship was taken for this review!
I took the Certified Red Team Analyst (CRTA) exam from CyberWarfare Labs (CWL) on December 22, 2024. The report review process was quite fast, taking only about two hours. In this post, I will share my experience with the exam and recommendations for preparation.
CRTA Certification Course Purchase
You can buy the CRTA certification course from the following link: CRTA Certification Course
Recommendation
CWL Platform Overview
CWL has two portals:
LMS Portal: Contains lecture videos and PDF course materials.
Labs Portal: Includes labs, write-up documentation, and VPN files.
Before starting the labs, it is crucial to watch the course videos, especially the final section, which contains a case study related to the lab write-ups. Labs have a 30-day access limit and cannot be paused. To access them, simply download the OpenVPN file and connect.
One thing to note is that the lab environment is shared among all students. If someone misconfigures the lab, you may need to contact support via email and wait about a day for a reset.
Opinion on Course Content
The course content is fairly standard but highly useful for the exam. It explains lab exercises alongside lecture PDFs, making it easier to understand. The materials include a 170-page PDF and videos covering everything from initial access to data exfiltration. One unique feature is the Active Directory (AD) lab setup, which is well-explained.
However, one downside is that the videos have Indian accents, and subtitles are not available, making them slightly difficult to follow.
Exam Procedure
The exam lasts 48 hours:
First 24 hours: Lab access
Next 24 hours: Report submission
The exam report does not require remediation steps, risk scoring, or lengthy explanations like eCPPT. A simple write-up format is sufficient.
I received my OpenVPN file and credentials about 30 minutes before my scheduled exam time. Unlike eCPPT, there was no need to modify the VPN configuration—just download and connect.
The exam has only one flag, located on the final end host.
To schedule the exam, send an email to CWL support specifying your preferred date, time, and both your local timezone and India timezone. Below is an email template for reference.
Exam Experience
Since the exam has a validity period, I will avoid spoilers.
I started my exam at around 2:00 PM. Before beginning, I took a rest and had a meal to stay focused.
For Initial Access, after scanning all ports and services, there were multiple possible entry points. Nearly every service had an exploitation opportunity. After gaining initial access, carefully inspecting files is essential, as they often contain important information for moving forward.
It took me about 2–3 hours before I got stuck. Some of my usual methodologies and tools weren’t working as expected, so I took a break, did some research, and then resumed the exam with a fresh perspective. This helped me progress smoothly.
A notable aspect of the exam is the presence of rabbit holes—many machines appear in the network, but only a few are relevant.
How to Prepare?
If you have experienced with HTB and TryHackMe, you will be well-prepared. The exam includes:
Initial Access
Privilege Escalation
Pivoting
Active Directory Attacks
For pivoting, I recommend practicing on TryHackMe’s Wreath network, following their methodology, and experimenting with different tools such as Metasploitable.
For Active Directory, study:
Lateral movement techniques
Kerberos Ticketing (Golden Ticket/Silver Ticket), as this is highly relevant
Recommended practice labs:
Wreath (TryHackMe)
Attacktive Directory (TryHackMe)
Breaching AD (TryHackMe)
Vulnnet Roasted (TryHackMe)
Active Directory 101 (HTB)
Lastly, don’t forget to eat, sleep, and rest during the exam.
Conclusion
The CRTA exam lab is not as advanced as some other platforms, but considering the price-to-value ratio, it is worth it. This is my first review, so I apologize for any unclear points or mistakes. I hope this helps anyone preparing for the CRTA exam!