CARTP Course & Exam Review

 Certified Azure Red Team Professional (CARTP) Course & Exam Review

In this blogpost, I will write down my thoughts about both the course and the exam to obtain the Certified Azure Red Team Professional (CARTP) certification. Even though I don't usually write about the certification I obtain, this time I will make an exception to thank Nikhil Mittal.

The Course Material

The Course material provided by the Altered Security team consists of:
  • The Course Videos
    • The Course Videos are the Main resource if you take the self-paced version of the course. Those videos will cover both the theory and the Learning objectives that you can see as the practical section of the course. 
  • The Walkthrough Videos
    • The Walkthrough videos, a resource that I did not use. But I see why they exist and how a learner can rely on them to review his steps to understand what he is doing wrong.
  • The Lab Manual
    • In short, this is a well-written PDF where a learner can find the command used to solve the Learning objective. You can see it as a written version of the Walkthrough videos. I used them initially as a cheat sheet, then as a source to write down my personal cheat sheet. 
  • Lab Diagrams
    • Initially, I overlooked this resource, but later on, I found it as a valuable way to solve the lab using a different approach. This resource helped me complete the lab following 5 different paths. 
  • Tools 
    • An encrypted zip archive that contains all the tools used during the course. Really useful resource both during the preparation for the exam and during the exam itself.

The Course

Before I start talking about the CARTP course itself, I should point out that what I knew about Azure before starting this course was that Azure was the Cloud provided by Microsoft.
This course is structured on the Red Team approach to exploit Azure and its misconfiguration. I really enjoyed this course from the beginning to the end, because it's really well planned. Furthermore, Nikhil has exceptional teaching skills, which he uses to explain even the most complicated concepts simple and clearly understandable.
As I wrote above, the Diagrams called Kill Chains during the course put this course on another level.
The learner is provided with four Kill Chains. Provided that each step of a Kill Chain is a Learning objective, which is explained during the course by Nikhil, you can see a Kill Chain on how to properly use each topic explained in the course.
So, making a short recap, you have 5 ways to exploit the lab's misconfiguration
  • Completing each Learning Objective alone
  • Following Kill Chain 1
  • Following Kill Chain 2
  • Following Kill Chain 3
  • Following Kill Chain 4

The CTF

The CTF is basically a hidden Kill Chain that you have to figure out by yourself. It is totally optional,  but a great learning option.  Sadly, I had to skip this part since I chose to take the 30-day labs option, and because I had a few little issues with a thing called life, I had to opt into skipping the CTF to prepare myself for the exam.  

The Exam  

The Exam is very well planned, it covers the course topic, adding a little twist every now and then.
Taking the exam, you have to find the final flag exploiting a few Azure resources within 24 hrs. If you complete the exam, to obtain the CARTP certification, you have to send a full report that shows each step you took within 48 hrs.  
I completed both the exam and the report in 12 hours, though most of that time was due to a silly mistake that cost me 6–7 hours.
After sending the report, via email, to the Altered Security team, you will receive an email in which the team tells you that your report will be evaluated by them and that you will receive a response, PASS or FAIL, within 7 business days. 
After a few business days, I received the email with the CARTP certification.


 

Commenti

Posta un commento

Post popolari in questo blog

From SAST to CVE-2025-46337

Immagine
 From SAST to CVE-2025-46337 From the start of my career in cybersecurity, I have always worked as a black box pentester. Since I believe that learning new topics is always a good use of my time and that I should increase my knowledge of white box pen testing, I decided to explore the Static Analysis Security Testing (SAST) topic. I started my journey into SAST using the well-known tool SonarQube. To practice with the tool and to become familiar with the GUI and the mechanisms that are behind it, I decided to analyze the code of a few known projects. I chose two projects to analyze. The first one is "Moodle", a very well-known open-source project whose main purpose is to create websites for universities. The second is VtigerCRM, a familiar project on which I discovered several CVEs last summer. I started the SAST first against the source code of Moodle and then against the source code of VtigerCRM. Surprisingly, SonarQube found an SQL Injection on both projects! Since the sou...
Continua a leggere

CVE-2025-45878,CVE-2025-45879 and CVE-2025-45880 Showcase

CVE-2025-45878,CVE-2025-45879 and CVE-2025-45880 Showcase This blog post is written to showcase the three CVEs I discovered in the web application Amigdala 2.2.6 by Miliaris. For this time, I'll stick with the Mitre Template, and I will avoid releasing any sensitive information. CVE-2025-45878 ( Mitre ) ( NVD ) [Suggested description] A reflected cross-site scripting (XSS) vulnerability in the report manager function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload.
Continua a leggere

Case of Study : Hide PowerUp.ps1 from MS Defender

Immagine
Hide PowerUp.ps1 from MS Defender PowerUp.ps1 is a well-known script among pentesters for escalating local privileges. However, since it is fairly old and quite popular, Microsoft Defender detects it as malicious. To use it, we need to either create a custom version of the script or obfuscate the one available online. In this guide, we will use a minimal obfuscation approach. By making small changes to the script, we can bypass Microsoft Defender’s detection and use the script without any issues. What We need A Windows VM with the AV Signatures Updated The PowerUp.ps1 Script ( here ) The Tool DefenderCheck made by matterpreter ( here ) Notepad Let's Start The first step is to disable Microsoft Defender temporarily so we can download the PowerUp.ps1 script without interference. After disabling Windows Defender, go to the GitHub page that contains the raw version of PowerUp.ps1. Copy the content and save it in Notepad with a .ps1 extension. Once you have downloaded both the PowerUp ...
Continua a leggere