My Review
Difficulty: ★★☆☆☆ | |
Price: ★★★☆☆ | $449 |
Material: ★★★☆☆ | |
Real-World Scenario: ★★★☆☆ | |
Worth it?: Yes, as a Intro to Azure Pentesting | |
Official Site: CARTP by Altered Security |
Lab
It’s a nice practical intro to Azure Pentesting. The lab has four cyber kill chains, which is the right amount to learn a lot of things. I had two minor problems with the labs, and that was solved in less than 24 hours by the Altered Security support team.
- Labs in Cloud environment are always tricky, cause (it this case) Microsoft could change something and affect the labs
- For example, now in July Azure there is an “update” for reinforced MFA, so it may affect some type of attacks displayed in the labs, idk
I always study certifications in 3 steps:
- Watch the videos first and try to focus fully on the explanations
- Do the labs with the help of the materials
- Revise the material, its when I start to do my notes to future usage and to help in the exam too
- [EXTRA] If I have enough time, I try to do the lab without any help
Exam
For me, there is no easy practical exams, because there is always something that you forget and get stuck. But it was not hard. I mean, its really the same level of CRTP but in Azure
- There is only one cyber kill chain, with 5 resources and two tenants
I had no problems with the exam, no lags and no bugs whatsoever
All that’s in the materials is enough to pass
I got stuck for 2 hours in one resource, cause I forgot a dumb Detail.
I took a total of 7 hours to complete and 1 or 2 hours with the report
Conclusion
I dont have a comparison, cause It’s my first certification on Cloud Pentesting.
Honest opinion: I enjoyed the whole process but …
I didnt like the way they split the content
Look, its 4 paths with different attacks. But they dont teach the paths in sequence.
- You start with the first attack of the first path… its usually Initial Access Attacks
- Then you go to the first attack of the second path, and so on
When u are in the middle of the paths, you don’t remember how the hell you got that access!
My opinion: Explain the attacks first without any path. After explaining the attacks, do the videos of explanation in sequence with the PATHS.
SO, Instead of spliting the content by Learning Objects: 1,2,3,4,5.. etc
Split the content by Cyber kill Chain
FOR EXAMPLE:
- ATTACKS EXPLANATION (Intro, How to attack, when is possible to attack, possible defenses that you can encounter)
- PATH 1
- PATH 2
- PATH 3
- PATH 4
Besides that, good job Altered Security. Amazing content!