Certified Red Team Professional (CRTP) - Security Professionals & Red Teamers

Duration: 5 Days

Modes: In-Person, Live Online, On-Site

Think like an adversary. Operate like a professional. This intensive, 100% hands-on programme immerses you in a simulated enterprise environment where you plan, execute, and report red team operations using the same tactics, techniques, and procedures (TTPs) as real-world threat actors. No slides, no theory, pure offensive tradecraft.

Speak to a Training Advisor

Course Objectives

Understand the MITRE ATT&CK Framework with detailed knowledge of techniques, tactics, and procedures used by threat actors

Learn the core concepts of adversary simulation, command and control, and red team engagement planning

Master each stage of the attack lifecycle from initial compromise to full domain takeover, data hunting, and exfiltration

Develop the offensive hacker mindset to identify new attack vectors and unconventional approaches

Discover and exploit vulnerabilities across Windows and Linux environments without automated tools

Learn post-exploitation techniques including host and network reconnaissance, pivoting, and persistence

Perform Active Directory attacks including Kerberoasting, ASREP roasting, delegation abuse, and ACL exploitation

Understand how to run a successful end-to-end engagement with a focus on operational security and risk

Expected Outcomes

Plan and execute professional red team operations aligned to the MITRE ATT&CK Framework

Perform host exploitation on both Windows and Linux systems using manual techniques

Escalate privileges locally and across networked environments

Execute advanced lateral movement and break out of beachhead systems

Exploit Active Directory misconfigurations for domain privilege escalation and persistence

Perform advanced Kerberos attacks including Golden Ticket and Pass the Hash

Pivot through multi-tiered networks and establish covert persistence

Conduct comprehensive red team assessments from reconnaissance to data exfiltration

Advise defensive teams on detection and mitigation strategies based on red team findings

Training Modules

1. Introduction to Red Teaming and Understanding of Attack DNA

1. Introduction to red teaming and its role in organisational security
2. Red team vs. blue team operations
3. Red team assessment phases and methodology
4. Planning red team operations and attack lab infrastructure
5. Threat Intelligence: Frameworks, Platforms, and Feeds
6. MITRE ATT&CK Framework deep dive
7. Tactics, Techniques, and Procedures (TTPs)
8. Indicators of Compromise (IoC) and Indicators of Attack (IoA)
9. Mapping to ATT&CK from raw data: 2 hands-on labs on real-world attack logs

2. Host Exploitation: Windows and Linux

1. Reconnaissance (OSINT)
2. Weaponisation and delivery
3. Exploitation techniques
4. Establishing backdoors and command & control (C&C)
5. Installing multiple utilities
6. Privilege escalation, lateral movement, and data exfiltration
7. Maintaining persistence
8. 35 hands-on exercises across 4 real-world scenarios (no automated exploitation tools): Microsoft Windows Server exploitation with persistence; Web application and FTP exploitation with Linux privilege escalation, brute force, hash cracking, shell injection, and C&C; Content Management System and LFI exploitation with GTFOBins privilege escalation and network enumeration; Jenkins open-source server exploitation with Windows privilege escalation and network traffic pivoting

3. Active Directory Exploitation

1. Real-world simulation: non-admin user account to enterprise admin
2. Exploiting overlooked domain features (not just software vulnerabilities)
3. Proving that a single machine compromise can lead to full organisational compromise
4. 9 hands-on labs covering: AD enumeration and trusts mapping, LLMNR Poisoning, SMB Relay with interactive shell, IPv6 attacks, Pass the Hash/Password, Token Impersonation, Kerberoasting attack, Golden Ticket attack, Domain privilege escalation, persistence, ACL issues, and SQL server trusts, Defences and bypasses of defences

Certification & Accreditation

Certification Path 1: GlobalACE Certification

The GlobalACE certification is designed to align with internationally recognised Knowledge, Skills, and Attitudes (KSA) standards for Information Security Professionals. Candidates are assessed through a combination of multiple choice questions, practical assessments, assignments, and case studies. Examinations are conducted at authorised centres across participating member countries, and successful candidates are eligible to apply as Associate or Professional Members under the GlobalACE framework, recognised in 64+ countries.

Certification Path 2: CyberKnights Certification

100% Hands-on Capture the Flag (CTF) Exam. Exam Duration: 2 Hours. Pass Mark: 70% (Minimum 7 flags to be captured). The CRTP exam is a fully practical, CTF-style assessment. Candidates must demonstrate their ability to exploit vulnerabilities across a simulated enterprise environment, capture flags as proof of compromise, and demonstrate red team tradecraft. Exam fees are inclusive in the course fees. All certified candidates receive complimentary membership access to the KALAM Cybersecurity Collaboration and Community Skills Validation Platform.

Frequently Asked Questions

How is CRTP different from the CPT (Certified Penetration Tester) course?

CPT teaches you how to find and exploit vulnerabilities. CRTP takes you further into adversary simulation, teaching you to operate like a real threat actor across an enterprise environment. CRTP focuses on red team methodology, Active Directory exploitation, and operational security, going well beyond standard penetration testing.

Do I need the CPT certification before attending CRTP?

CPT or an equivalent penetration testing certification is strongly recommended. You should have solid hands-on experience with exploitation, privilege escalation, and network pivoting before attempting CRTP. Knowledge of Active Directory is also required.

Can this training be delivered on-site for our red team?

Yes. We offer private on-site delivery where the lab environment can be customised to simulate scenarios relevant to your organisation's infrastructure, Active Directory topology, and threat landscape.

What makes the exam format unique?

The CRTP exam is a 2-hour Capture the Flag (CTF) style assessment. You must capture a minimum of 7 flags by exploiting vulnerabilities across a simulated enterprise environment. There are no multiple choice questions. It tests real-world offensive capability.

What tools and frameworks will I work with during the course?

You will work without automated exploitation tools, relying on manual techniques. The course covers MITRE ATT&CK mapping, OSINT reconnaissance, C&C setup, PowerShell exploitation, Kerberos attacks, and more, all within a realistic virtualised enterprise lab.

Will this course help our blue team as well?

Absolutely. Understanding how attackers operate is essential for building effective defences. The course covers defences and defence bypass techniques, making it valuable for both offensive and defensive security teams. Many organisations send red and blue team members together.

Ready to get started?

Train your team. Strengthen your defence.

Fill in the form and our training advisors will get back to you within 24 hours with a tailored programme recommendation for your team.

20,000+ professionals trained across enterprise and government sectors

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.