Active Directory Security ...
21 July 22

Active Directory Security: Start Your Red Team Journey with CRTP, CRTE, PACES certifications

Posted byPentester Academy

Want to know more about Red Teaming, Active Directory security, and Pentester Academy's CRTP, CARTP, CRTE and PACES cybersecurity certifications? Read on to learn what they are, how you can earn them and more!

Securing Enterprise Environments: Red Teaming vs Penetration Testing

There are multiple methods of assessing security of an enterprise environment using active engagements. The two most popular methods are Red Teaming and Penetration Testing. Red Teaming focuses on finding the most efficient and silent path to achieve a goal, such as access to key information. In contrast, a penetration test focuses on discovering as many issues in the allotted time without attempting to stay silent. Overall, Red Teaming is very targeted and penetration testing is more general. While both differ in approach, scope and final goal, there is a large overlap in the required skill set.

When assessing enterprises, aspiring red teamers and penetration testers must know the components used in the enterprise. It is also imperative to use tools already present on foothold or beachhead machines. As long as possible, built-in or trusted tools, scripting languages and remote administration protocols on target machines are to be used to avoid detection.


Unlike penetration testing, Red Teaming is targeted and focuses on avoiding detection. Photo by Charles Deluvio on Unsplash

Red Teamers and penetration testers are more successful in achieving assessment objectives when they use TTPs (tactics, techniques and procedures) that rely on feature abuse and misconfigurations. The idea is to “live off the land” and not introduce new tools which may raise an alarm.

What is Windows Active Directory, and how is it related to Red Teaming?

One of the most common components used by large enterprises is Active Directory (AD). Used for identity management and protection, AD provides a centralized system for security, interoperability and manageability between various types of resources that may be spread across the globe. AD is thus critical in protecting resources accessed by employees, vendors and guests.

In fact, over 90% of Fortune 1000 companies use Active Directory as the backbone of their Enterprise Identity infrastructure. This infrastructure needs to be secured, and thus red teamers and penetration testers are required.


Active Directory is widely used in large enterprises. Photo by Arlington Research on Unsplash

The upshot: knowing AD security sets you up for a Red Teamer/pentester career in a large enterprise — one of the most lucrative careers in the infosec industry. If you want to move from a system or network administrator role to Red Teamer or penetration tester, or you wish to improve your skills as a Blue Teamer, knowing AD security is a must.

I’m interested in learning more about Active Directory Security and Red Teaming. What next?

Embarking on a Red Teaming or penetration testing career requires both skills and certifications. Companies hiring Red Teamers often require certifications to ensure a certain skill level.


Left to right: CRTP, CRTE, PACES certifications. Read on to learn more!

The best place to start are our Enterprise Security Labs (formerly known as Red Team Labs) — a lab platform for security professionals to understand, analyze and practice threats/attacks against a modern Windows network infrastructure. They are completely focused on Active Directory, teach you skills, and include a certification exam.

In specific, completing Red Team Labs will earn you a CRTP/CRTE/PACES cybersecurity certification — very popular and listed as job requirements by companies and government agencies. Here’s the breakdown:

In addition, we also offer Attacking Active Directory with Linux, our elementary level course for attacking AD using a Linux machine. You’ll earn a certificate of completion.

To put it pictorially:


I’m ready to start! What do I do?

We have 3 learning paths for your journey to becoming a Red Teamer:

  1. Get certified directly with our Enterprise Security Labs (formerly known as Red Team Labs)
  2. Attend our AD Bootcamps, then get certified
  3. Take individual courses without the certification

Let’s run through each path:

1. Get certified with Enterprise Security Labs directly

The most straightforward choice. Head to our Enterprise Security Labs info page, purchase lab time, complete the exam and submit your report. If you pass, you’ll be awarded your certification.

We recommend this option to experienced professionals. Although security experience is not compulsory for CRTP, you’ll have a much higher chance of passing if you have a background in information security basics or Active Directory administration.

2. Attend a bootcamp, then get certified

We also run AD bootcamps — live online classes — which include a certification attempt. Currently, our basic, advanced and Azure AD bootcamps include CRTP, CRTE and CARTP (more on CARTP below) attempts respectively.

Active Directory Sec Beginner Bootcamp.png

Stay tuned to our bootcamps page to check out the latest available bootcamps.

We recommend this path for those without security experience. Under the guidance of an experienced instructor, it’s much easier to learn and best of all, you’ll have a community of fellow students to support you!

Note: our bootcamps run for 4-6 weeks and are intense. We’ll prepare you well for the exam, but hard work is required.

3. Take individual courses without the certification (subscribers only)

We also offer an Attacking and Defending Active Directory course as part of our subscriptions.

We recommend this path only for our subscribers who already have access to our courses — use this as an opportunity to evaluate whether a bootcamp or direct lab access is more suitable for you.

Attacking and Defending Active Directory Lab (our CRTP lab) also includes access to this course.

I want to be certified directly with Enterprise Security Labs. What are the details?

Here’s how it works:

  • You can purchase different periods of lab access — 30, 60 or 90 days. Thereafter, you can start your lab access anytime within 90 days.
  • One Certification Exam attempt is included in the pricing.
  • You’ll also be provided with video course material with each lab, which will cover important concepts required to begin with the lab.
  • For CRTP and LinuxAD, you’ll also be given access to video walkthrough and lab manual in addition to the course videos. For CRTE and GCB, there is no walkthrough or lab manual but you can ask for hints in case you are stuck.
  • At the end of the exam, students need to submit the detailed solutions to challenges along with practical mitigations.

Our recommendation for the amount of lab time you should purchase, depending on your security experience and which certification you’re aiming for.

I want to attend a bootcamp — how do I start?

Check out our bootcamps page for the latest available bootcamps, dates and other details.

I’ve heard about the CARTP and CAWASP Certifications. What is that about?

The CARTP (Certified Az AD Red Team Professional) certification focuses on Azure Active Directory. Similar to CRTP, CARTP is a completely hands-on certification that and declares your expertise in Azure pentesting, Red Teaming and defense in multiple live Azure tenants and hybrid infrastructure.

In contrast, the Certified Azure Web Application Security Professional (CAWASP) certification proves your proficiency in assessing security of Azure web application technologies and understands security controls used for defense.

Currently, both CARTP and CAWASP are only obtainable via our Azure AD and Azure AppSec bootcamps respectively. Again, view the bootcamps page to know the latest bootcamp dates.


With CARTP certification, you’re adding to your CV one of the most coveted Cloud skills — Azure Active Directory (AD) Security.

What’s the Pentester Academy experience like?

Our Enterprise Security Labs have received excellent reviews — check out students’ experience below!

Also, check out thehackerish’s reviews on the CRTP, CRTE and PACES certifications:

Beyond Active Directory, how can I boost my Red Team career?

Although Active Directory is a salient part of Red Teaming, it is by no means the only aspect of it. We encourage you to learn other useful topics like abusing web applications, Databases, WiFi security, reverse engineering, password cracking, cloud and container security. For these topics, we recommend our subscriptions which provide you unlimited lab access.

Credit: Special thanks to Nikhil Mittal, author of our Red Team Labs and AD bootcamp instructor, for contributing to this article.

Need training for your entire team?

Schedule a Demo

Hey! Don’t miss anything - subscribe to our newsletter!

© 2022 INE. All Rights Reserved. All logos, trademarks and registered trademarks are the property of their respective owners.
instagram Logofacebook Logotwitter Logolinkedin Logoyoutube Logo