ARTE Course Review

I took and passed my Hacktricks AWS Red Team Expert (ARTE) exam on 01/10/2026. ## My background I have been doing cloud pentests for around 3-4 years now, so I'm no stranger to a lot of the concepts presented in the course, but i definitely learned at least one thing in nearly every module. The course is accessible for people new to the space, but some foundational knowledge in AWS/pentesting in general are helpful. ## Course Feedback/Notes - Sometimes the video was too cropped, would rather have a fullscreen demo. - Building my own tools was fun, not a ton of handholding and very doable with a little help from AI when I got stuck. - Carlos is an excellent instructor, you can see his passion in his teaching style. There were a couple moments in the course where he would go off and investigate something, and report what he found. It was very enjoyable. - Some of the links were dead, but the resources were easy to find on hacktricks, and you might as well get used to looking through it, it's a great resource! - In the labs, you are permitted access to 5 flag writeups. I used one writeup when i got stuck over a typo i made, and 3 for the black box exam flags because my (30 day) lab time expired before I had time to finish the course. I don't mind the limit personally, but it would be cool to have access to the writeups for flags you have submitted, as I found them helpful. In some cases, they took a slightly different approach than I would have. ## Exam 3 flag CTF, no report required. My timeline: - 12:00pm - exam started, I was able to start immediately (after refreshing the page) - 12:48pm - Flag1 (and lunch while scripts ran) - 1:32pm - Flag2 - 1:48pm - Flag3 This included a bit of time pulling tools, I had run out of time for the black box testing labs so I didn't quite have everything ready. I also had some issues with some of my tooling, not sure if it was my broken WSL instance. You shouldn't have issues on the exam if your tools work in the black box labs. ## Tips - As many others have said in their reviews, enumerate EVERYTHING. - Test your tooling beforehand in the black box labs. I didn't complete them, but from reading the writeups, they have a similar structure to the exam. - I found a webhook handler (I use a fork of https://github.com/defektive/xodbox) helpful for quickly exfiltrating credentials/data throughout the course. - Some light coding experience helped me a ton throughout the course, though you can definitely get by without using example payloads provided on the hacktricks site. A few notes on the exam I found from the hacktricks team on discord: - No stealth/bypassing detections required - Make sure you understand all the services you have seen during the course. Have in hand the bruteforce tools showed in the blackbox exercises.