Certified Azure Red Team Professional (CARTP) Exam and Course Review

## My Experience I recently passed my CARTP Exam, and wanted to provide some tips and my thoughts on the course as a whole. Overall I think the course has good content at a pretty good value. As I was a few days from the end of my lab time, Microsoft began enforcing MFA on all the things, so I had to go back through the updated material. ### Notes on the exam - I spent around 8 hours on the exam including around 40 minutes for deployment and a redeployment that I didn't really need. It also includes around 4 I spent stuck on one step. I had overlooked something minor in an enumeration phase 🤷 - Report took me maybe an hour, I had very detailed notes so it was mostly done at that point - My exam was very linear, with no rabbit holes (apart from ones i dug myself haha) - If you make tangible progress in a direction, it's probably intentional - chrome ran out of memory/chrome crashed a few times, limit your tabs i guess? - Disconnected and seemingly rebooted/lost my open windows a few times. - Entra Groups weren't cleaned up, some of the names caused a bit of confusion (One was like StuckOnResourceNameIWasAlsoStuckOn). - Had me thinking the resource I had compromised was created by another user or something. - got stuck for about 4 hours at that part, I ignored some of the progress I made (didn't enumerate enough). ## Advice for preparing Be sure to use the search on discord if you get stuck in the labs. Chances are someone else has had a similar issue. It also gives some additional insight to the exam: ![[Pasted image 20241229160609.png]] ![[Pasted image 20240901225146.png]] ![[Pasted image 20241007215354.png]] And tips on the CTF: ![[Screenshot_20241114_012414_Discord.jpg]] Do all the things! Take notes, then reorganize them into cheat sheets for various phases (initial access, authenticated enumeration, privesc, enumeration on a compromised host, etc). ## Thoughts I mostly wrote down bad things as I took the course, it's easier to complain lol. Despite all this, the course still gets a recommendation from me for folks new to Azure pentesting. Things I'd like to see improve: - Production - Discord notifications in the background throughout my course drove me a little crazy lol - I wish Nikhil had a better mic - I sometimes have issues understanding some accents but he was fairly easy to understand overall. - PowerPoint slides as PDF - makes it hard to copy and paste code blocks, newlines don't exist, so double check your notes. The lab manual may have been the same way, but this was either fixed during the course or i didn't notice the .docx in the course share. - Phishing simulation/Running word macros - besides being outdated (though I think it was updated after my lab time expired) I had issues. Staff said simulation was working properly and despite being able to reverse shell myself with the macro, The target wouldn't run it. Possible this has changed with the recent updates regarding azure mfa enforcement - Lab team (or at least AltSec-Admin) have weird hours tend to be on late at night or early in the morning EST. You can email them directly too (check the FAQ for the address and a lot of other important information) - Limited outbound access on VMs, things like pip seem to fail. Wish I could have experimented a bit more in that regard. - Wish the ctf were a full, separate environment, but it was overall good. Neutral thing: - prerecorded sessions have a lot of pausing for questions - often times helpful questions that provide additional context, but sometimes it was a bit much for my personal preferences. Good Things: - Solid foundation. - Material is pretty good.