The Course 🔥

The Red Teaming Operator course takes an established penetration tester and gives them a portal into the world of Red Teaming. Starting with Malware basics for Windows, it unveils the practical steps and things to consider when you need to go undetected in a network. The course is focused on the use of Cobalt Strike as a C2 framework for Red Teaming, but the concepts and techniques taught are transferable to other C2's and to a manual workflow. Understanding processes, threads, Windows internals, Kerberos, initial access vectors, pivoting techniques, privilege escalation, and more gives you the tools to tackle an engagement with confidence (not perfection, but confidence because you aren't completely lost and if you don't know something, you can figure it out).

The course content prepares you thoroughly for the exam, that includes the text modules, videos, and the labs. Here are a few highlights from the course:

• Several process injection techniques.

• Deep-dive into Kerberos authentication and delegation attacks.

• AppLocker and Defender bypass methodology which enables you to bypass it yourself without someone else's code snippets - (a video I made about this topic: https://youtu.be/0j-JeJoILOE)

• Stealthy Active Directory enumeration so you don't have to nuke the domain controller with a Bloodhound collector.

• Persistence techniques that will give you endless ideas for future engagements.

• Phishing and initial access content which takes a look at how APT's have successfully used phishing as a way to breach the perimeter.

There is a lot more in the course, but those were the things I enjoyed most and look forward to using in my work.

The Exam 😅

The exam is no walk in the park. Thankfully, the course allows you to take the exam as many times as you want without paying more. The only restriction is that you can't spam exam attempts, you need to wait 7 days between them.

After finishing most of the course content, I started my first attempt. You are given 24 hours of exam lab time which you can spread over 7 days (pause the lab and start it again whenever you want).

I stood at my desk for 24 hours, with a mere 4 hours of sleep inbetween solid hacking sessions. With an hour to spare I cracked the exam objective and submitted the attempt. The results are returned right after the exam. I was crushed to see 79/100. I missed it by 6 points (you need 85 to pass). The reason I failed is because I wasn't OPSEC-safe enough. I made a mistake in the Cobalt Strike configuration, I didn't check a payload against Defender before deploying it, and I hooked into LSASS to dump credentials. All of which combined to give me a failing mark.

After that first attempt, I made a flow chart of the exam lab, made notes of where I went wrong, and waited 7 days. On the next Friday I spun up the exam and crushed it in just under 4 hours. I finished with 95 points.

The exam was difficult and the OPSEC element pushed it over the edge. I'm convinced it is harder than OSCP (don't be mad). The exam isn't a CTF, it's a simulation of a realistic kill chain through an AD environment with multiple domains and VLANs.

Conclusions

I'd recommend the CRTO to anyone who has graduated from the OSCP grind. It takes you away from the CTF mindset and shows you that there is more to hacking than a flag. There is more to Counter Strike than flashing onto site with a P90 in hand (hard to believe, but it's true).

I bought the CRTSv2 course from CyberWarfare Labs during their Christmas sale at the end of 2025 for a mere $50. I was looking for something that was a good step back into advanced hacking techniques without breaking the bank. I considered the ZeroPointSecurity courses, the Altered Security courses, and a bunch of others, but for $50, nothing could beat CRTSv2. The purchase comes with the course content (videos and PDF slides), 30 days of access to a really cool lab (though I had some issues), and 2 exam attempts.

The Course

I really enjoyed the course material. It included a lot of subjects which I’ve never touched. Linux AD, gMSA, Sapphire Tickets, and FSPs. There was also some great information about ADCS, but I already had experience with it, so it wasn’t a highlight for me. The content was broken up into two major sections: Initial Access and Advanced AD Attacks.

Initial Access focused on Web compromise, Phishing with MFA bypass, malicious VS Code extensions, exploiting GitLab, and DLL hijacking to backdoor Zoom. The Advanced AD Attacks section included Kerberos exploitation, Linux AD, gMSA, ADCS, and a few other specific AD attacks.

I loved the level of technical details in the videos. It dives deep, but not so deep that you’re drowning in network protocol sequence diagrams. All the details included in the course were practically applicable to exploitation, which is rare. There was no fluff, which I really appreciate. I couldn’t recommend the course content enough.

The Lab

A major selling point for the CRTSv2 course is the lab. It is a rather large enterprise environment with multiple domains, firewalls and a variety of services. It gives you the opportunity to practice all of the techniques taught in the course.

There are two documented paths to compromise the lab, one focuses on the initial access vectors and the other emphasises the AD-relevant vulnerabilities. The walkthroughs are awesome. They not only show you how to use the tools and techniques, but they often go the long way around just to demonstrate new techniques, even though there is an easier path forward. Working through the walkthroughs and taking detailed notes was the most effective part of my preparation for the exam.

I only have one complaint about the lab. It’s a shared lab, so a lot of the exploitation paths were already executed on the environment. I found DCSYNC rights on a user account that was meant to be low-priv. I found specific tools, certificates and keytabs on the servers which weren’t meant to be there yet (in my exploitation process). It’s not a huge issue, but it did ruin the immersion. I was still able to use the lab to learn, I just had to ignore the artefacts left behind by other students.

Overall, the course and the lab were amazing 🔥

The Exam

I was really excited for the exam. Ever since I did OSCP near the end of 2022, I felt I hadn’t been challenged in an exam. The exam is a 24-hour practical lab and another 24 hours for reporting your exploitation path. After my experience in the lab, I had high hopes for the exam environment.

You can schedule your exam in the online portal. When I looked at the booking portal, I saw that the only available slot in the next 2 weeks was the next day at 11pm, so I booked it, thinking I could just log in, run some scans and go to bed.

When the time came (11pm UTC+2), I downloaded the VPN config, tested my connection, read the exam instructions, and started to attack the environment. At first, my nmap scans picked up nothing. After 10 minutes, I saw that my VPN tunnel interface didn’t have the exam network IP range as one of its routes. So I fixed that with:

sudo ip route add 192.168.88.0/24 dev tun0

Just keep that in mind if you can’t find anything with nmap. After adding the route, my nmap sweep found all the hosts, and I started exploiting. I can’t say much about the path or environment, but it was really fun. The course and lab overprepare you for the exam. If you work through the lab paths, you’ll be more than fine.

Ultimately, I fully compromised both domains and captured the flag in 2 hours. I took the next 45 minutes to write the report and format my screenshots in the document. My report was a simple walkthrough with a lot of screenshots showing the step-by-step exploitation path, similar to my OSCP report. I took screenshots of every important command and its output and downloaded a lot of data from the environment to ensure I could get screenshots of them later if I needed them during reporting. After about 7 working days, I received a notification to say I had passed the exam.

Conclusion

If you have a week to kill and want a really fun Red Team challenge, get CRTSv2; you won’t be disappointed. For anyone taking the course, here are my points of advice.

• Use the lab walkthroughs and take detailed notes as you work through them.

• Take as many screenshots as possible during the exam.

• As you go through the course, collect tools and keep them somewhere safe — so you can use them in the exam.

• Get bloodhound ready (netexec BH collector + Bloodhound CE docker).

• Don’t stress about the exam — it’s not that deep — 24 hours is waaaaay more than enough time.

Thanks, CyberWarfare Labs, for the course; it was great. Keep up the good work. From here, I’ll be finishing up my CWL journey with MCRTA and also take on CRTO+CRTL as I prepare for OSEP 🫡

Yesterday, I took on the CRTA exam and passed, but it was quite the ride. This short article will just reflect my thoughts on the course and exam.

TDLR; it’s an amazing network pentesting course for beginners, but the exam can be tricky for those of us who have spent some time in the industry (but maybe that was just me).

The Course

For the $9 dollars I paid during the Christmas sale, I received several hours of video instruction, a lengthy PDF of slides, 30 days of lab access, and 2 exam attempts. Unbeatable value for money.

The course covers a lot of ground. From the basics of offensive security (What is Red Teaming?) to Active Directory exploitation. The hacking content is broken up into 2 sections: External and Internal. There is also a great section of the course which gives detailed instructions for setting up a home lab for practising pentesting.

I started watching a few of the videos, but then I started speed-running them because it was rehashing a lot of the content I had already covered in my previous studies. The content is great. CRTA is one of CWL’s older courses, so the slides are not as polished as the other course slides, but the info is spot on.

At one point, I thought I could just read the slides, but after watching some more of the videos, I realised the instructor goes into more detail in the videos and performs some demos which are really helpful (especially in the exam).

The lab environment is also excellent (something that has been a common theme with CWL in my experience). They are stable, and the attack chains are interesting. The CRTA lab is basic, but it hits the right notes to get you into the hacking mood. Although the attacks are basic, I can confirm that those vulnerabilities exist in the wild too.

As far as the CRTA course and lab goes, I give it an A+.

The Exam

The exam was designed for CTF players, not security analysts. That’s not a complaint, it’s just something I had to come to terms with as I reached the final hour of my exam time and a bead of sweat rolled down my face. But once I did realise that, it all clicked.

The exam was fun. I scheduled the 6 hour exam slot for 10am on the 2nd of January. I woke up at 10:05…great start. I proceeded to login and get the VPN setup, it worked brilliantly.

Phase 1 — I started my nmap scan on the wrong IP range. 10min later, I found the actual range in the exam portal, so I started scanning again with the top 1000 ports. I only saw 2 hosts. The one was marked as out of scope and the other only had port 22 open, SSH. My machine has SSH open, so I assumed that was my machine…it wasn’t. 2 hours later, I realised that the nmap scan results had all the info I needed and the machine I was looking at was not mine 😂

So, it’s time to start hacking. I did a full scan of the host and found what I needed. From here, it was quite simple, and it remained simple until I reached question 10. It was asking for a specific port number. I tried every port that I saw in my results (so I thought), but nothing was right. Eventually, I opened Burp Suite Pro, shoved the exam question request into Intruder, and sent 65535 exam answers 😂 I got the question right 😎

The next hiccup came with 2 hours left in the exam. I was fuzzing and fuzzing and fuzzing, but couldn’t find anything. 40min left on the clock, and I finally see something that I never would have thought to look at. It was so dumb, and yet so CTF. F12 level of hacking.

Anyway, as soon as I got past that, I finished the exam with NTDS.dit in 10min. It was a rollercoaster. I knew everything, and more, I just wasn’t looking in the right places because we don’t see things like that in real life very often.

The exam was perfect for the course and the target audience. I hope many people take advantage of the festive sale and get CRTA certified. Well done to CyberWarfare Labs, you killed it.

Certified :)

Thanks, CyberWarfare Labs. I thoroughly enjoyed CRTA. I’m looking forward to CRTSv2 and all the other courses.

TLDR: Just do the Burp Suite Certified Professional certification if you want to get better at web app hacking. If you want a shiny certificate that HR will smile upon, buy the eWPTX exam voucher and do the Portswigger labs as preparation — don’t worry about the eWPTX course (unless you’re a beginner).

Why eWPTX?

There were a few reasons that I chose the eWPTX. Firstly, it was listed on my career growth track plan (I need it if I want to move up the ranks at work). Secondly, it has a pretty good reputation. Thirdly, I did eJPT in 2021 and thought the content was decent and the exam process was nice, so INE was a safe bet. And finally, it’s for those who want to take web app security to the eXtreme (which I did).

The Course

In September of 2025, I got on a call with the company finance guy and he paid for my eWPTX course and exam voucher 🙂 I instantly dove into the content and quickly realised that it wasn’t what I was hoping for. Don’t get me wrong, the content is great, it just wasn’t the eXtreme hacking that I was promised. The course is very broad and covers all the important topics, but it doesn’t go as deep as I would have liked. There are hours and hours of videos and hundreds of slides, but I think the key info could be covered in 25% of the time. I understand that going slow and broad helps people patch any and all knowledge gaps that people have, but it just makes it difficult for slightly more experienced people to make it through the course content (because they would get bored).

The best part of the course is the labs (which is common in my experience). Finishing the labs will prepare you well for the exam. And taking the lab time to get used to the Guacamole browser testing environment helped me, since the exam is taken in the same in-browser testing environment.

The Exam

On the 29th of December 2025, I opened up the INE website and started the exam. The exam doesn’t need to be scheduled, you can just start it whenever you want. You are given 18 hours to finish 45 multiple-choice questions. Many of the questions require you to perform pentesting on the exam lab to find the answer, but other questions just need a quick Google search.

I can’t say too much about the exam lab, but I will say that it is CVE and PoC script heavy. Most of the exam is enumeration, Googling CVEs and scouring GitHub for exploit scripts. There wasn’t any eXtreme hacking required. I passed the exam with 77% within 5 hours (including a trip to the grocery store).

Overall, I enjoyed the exam. It was a chilled and fun experience — just hacking some web apps and pasting some flags, passwords, and keys into the exam question textboxes. Thanks, INE.

My Advice

Do the Portswigger labs (and read the content). The Portswigger course content is amazing and the labs are awesome. In preparation for the eWPTX exam, I suggest the following Portswigger topics and labs.

• API testing

• Insecure deserialization

• SQL injection

• Authentication

• JWT

Specifically focus on the SQL injection, JWT hacking, and API testing. If you do those labs, and you have Google, the exam will be a piece of cake and you’ll add a really nice certification to your name.

However, if you actually want to learn to perform great pentests on web applications, I’d suggest doing absolutely everything on the Portswigger academy and then taking on the BSCP exam. I haven’t done it yet, but it’s on my list for 2026.

Look At My Shiny Certificate

I hope this review helps someone or gives them the confidence to try the eWPTX exam. Anyway, look at my certificate 😎 and have a great day.