Over the past couple of months, I have been busy working through two courses. Last month, I completed the Attacking and Defending Active Directory course in preparation for the Certified Red Team Professional (CRTP) exam. Additionally, I have been working my way through HTB’s new Certified Penetration Testing Specialist course.
The Active Directory labs provided information on attacking AD using PowerShell and PowerSploit scripts, as well as Bloodhound and other tools. The scenario involved being dropped into a company as a user without administrator privileges. I watched videos and read PDFs to grasp the concepts and then applied them in a lab. Along the way, I found flags and entered them into my online account. This course taught me a lot about attacking Active Directory.
The HTB Certified Penetration Testing Specialist (HTB CPTS) course consists of 28 modules and includes an exam voucher. While the course claims to be geared towards Junior Penetration Testers, I believe that someone with no previous experience would find it challenging to complete. Much of the information covered overlaps with what I learned in the OSCP and the eCPPTv2 courses. However, I did pick up some new tricks from the modules, so I don’t feel like I am wasting my time. Each module is rated as easy or medium difficulty. I work through the modules and then perform the labs in my own virtual machine using the VPN or their online machine running Parrot Linux.
I have been using the online instances without any issues. If the time limit expires, I simply spawn a new instance, which provides a fresh environment and causes any changes to be lost. So far, this has not been a problem for me, but as I proceed deeper in the modules it might be. At the end of each module there is a skills assessment section featuring problems categorized as easy, medium, and hard. Over the past month, I have completed approximately 38 percent of the course by working through the modules listed below.
The remaining modules are
I have been having a blast doing this course and would highly recommend it to anyone interested in learning penetration testing.
I also found some time this week to do a quick CTF during my lunch hour hosted by Black Hills Information Security called the Turkey Express Mini CTF 2022 and successfully completed it. The majority of the questions were not difficult, except for the last one. I had to look up how to complete the cypher online and then work through the problem. Cryptography questions have never been my strong suit, but I was able to overcome it.
Now I am going to prepare to eat some turkey tomorrow and watch football with family.
Orville's Security Blog 