Skip to main content
HashnodeA Hacker's Journal

Command Palette

Search for a command to run...

CRTA  —  A review

Updated
4 min read
CRTA  —  A review
D
Daniel Scragg

In December 2025, CyberWarfare Labs had an amazing Christmas sale. Firstly, I saw that they had just released a new course, API-RTA, with a $9 launch price. So I picked that up and ran through it in 2 days and passed the exam. It was a great experience, so I invested around $150 into some of the courses that were on sale. I purchased the CRTA, CRTSv2, MCRTA, CEDP, CRT-ID, AD-RTA, and CRT-COI. I’ll be finishing them all in preparation for OSEP later this year.

Yesterday, I took on the CRTA exam and passed, but it was quite the ride. This short article will just reflect my thoughts on the course and exam.

TDLR; it’s an amazing network pentesting course for beginners, but the exam can be tricky for those of us who have spent some time in the industry (but maybe that was just me).

The Course

For the $9 dollars I paid during the Christmas sale, I received several hours of video instruction, a lengthy PDF of slides, 30 days of lab access, and 2 exam attempts. Unbeatable value for money.

The course covers a lot of ground. From the basics of offensive security (What is Red Teaming?) to Active Directory exploitation. The hacking content is broken up into 2 sections: External and Internal. There is also a great section of the course which gives detailed instructions for setting up a home lab for practising pentesting.

I started watching a few of the videos, but then I started speed-running them because it was rehashing a lot of the content I had already covered in my previous studies. The content is great. CRTA is one of CWL’s older courses, so the slides are not as polished as the other course slides, but the info is spot on.

At one point, I thought I could just read the slides, but after watching some more of the videos, I realised the instructor goes into more detail in the videos and performs some demos which are really helpful (especially in the exam).

The lab environment is also excellent (something that has been a common theme with CWL in my experience). They are stable, and the attack chains are interesting. The CRTA lab is basic, but it hits the right notes to get you into the hacking mood. Although the attacks are basic, I can confirm that those vulnerabilities exist in the wild too.

As far as the CRTA course and lab goes, I give it an A+.

The Exam

The exam was designed for CTF players, not security analysts. That’s not a complaint, it’s just something I had to come to terms with as I reached the final hour of my exam time and a bead of sweat rolled down my face. But once I did realise that, it all clicked.

The exam was fun. I scheduled the 6 hour exam slot for 10am on the 2nd of January. I woke up at 10:05…great start. I proceeded to login and get the VPN setup, it worked brilliantly.

Phase 1 — I started my nmap scan on the wrong IP range. 10min later, I found the actual range in the exam portal, so I started scanning again with the top 1000 ports. I only saw 2 hosts. The one was marked as out of scope and the other only had port 22 open, SSH. My machine has SSH open, so I assumed that was my machine…it wasn’t. 2 hours later, I realised that the nmap scan results had all the info I needed and the machine I was looking at was not mine 😂

So, it’s time to start hacking. I did a full scan of the host and found what I needed. From here, it was quite simple, and it remained simple until I reached question 10. It was asking for a specific port number. I tried every port that I saw in my results (so I thought), but nothing was right. Eventually, I opened Burp Suite Pro, shoved the exam question request into Intruder, and sent 65535 exam answers 😂 I got the question right 😎

The next hiccup came with 2 hours left in the exam. I was fuzzing and fuzzing and fuzzing, but couldn’t find anything. 40min left on the clock, and I finally see something that I never would have thought to look at. It was so dumb, and yet so CTF. F12 level of hacking.

Anyway, as soon as I got past that, I finished the exam with NTDS.dit in 10min. It was a rollercoaster. I knew everything, and more, I just wasn’t looking in the right places because we don’t see things like that in real life very often.

The exam was perfect for the course and the target audience. I hope many people take advantage of the festive sale and get CRTA certified. Well done to CyberWarfare Labs, you killed it.

Certified :)

Thanks, CyberWarfare Labs. I thoroughly enjoyed CRTA. I’m looking forward to CRTSv2 and all the other courses.

#crta#cyberwarfarelabs#red-team#certification
35 views

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

A

A Hacker's Journal

4 posts