{ JSON:SEC }

Cyber Security Training, Career and Tech

recent posts

Link Tree

CRTO2 Review: A Deep Dive into Red Team Ops Part 2

CRTO2 Review: A Deep Dive into Red Team Ops Part 2

In the ever-evolving world of cybersecurity, advancing your skills often means investing more time and money into courses that promise high-quality training but come with gruelling conditions—both during the course and the exam. However, there are industry challengers striving to offer excellent education at a more accessible price point, focusing on learning rather than just surviving the process. Zero Point Security’s Red Team Ops Part 2 is one such course, and in this review, we’ll explore the syllabus, lab, and exam to determine whether it’s a good step for you in your red teaming journey.

Course Overview

I completed Red Team Ops Part 1 about 18 months ago, and I loved it so much that I always planned to take Part 2 when I had the time. Luckily, Daniel from Zero Point Security reached out and provided me with free access to the course for this review. So, thanks, Dan!

Red Team Ops Part 2 covers several advanced topics:

  • Setting up your C2 infrastructure in a secure and OPSEC-safe way
  • A detailed look into how Windows internals work with the WinAPI
  • Performing process injections
  • Understanding defenses and how to evade them
  • Reducing your attack surface and additional evasion techniques

The course offers a linear progression in complexity, making it relatively easy to follow, though some sections—particularly the Windows API and process injection modules—can be challenging, especially if you don’t have a strong background in C++.

As with CRTO1, this course is heavily focused on Cobalt Strike, which emphasizes the complexity of command and control (C2) frameworks. While many of these concepts can be adapted to other frameworks, some content is specifically tailored to Cobalt Strike, making it slightly less transferable.

Prerequisites

Before diving into this course, it’s essential to have:

  • Completion of CRTO1 or a strong foundation in Red Team operations
  • Experience with Cobalt Strike (from RTO1 or other sources)
  • Strong programming skills in C# or C++

Course Delivery

The course content is delivered through text-based material and a lab environment. The material itself is concise—84 pages of text on a learning platform—but the concepts are deep, meaning you’ll spend a significant amount of time working through them.

The lab environment is a sandbox where you can apply the concepts learned in the course. It’s similar to the CRTO1 lab but even less sequential, allowing for more exploration and experimentation. The lab is hosted via Apache Guacamole, so it’s ready to use as soon as you start, and I experienced no latency issues accessing it from Australia.

One of the standout features of Zero Point Security’s courses is that they frequently update the content over time, and your access to the material is perpetual—it won’t expire after a year or two.

I also inquired about the lack of video content in this course, and Dan provided a valid explanation:

“There are two main reasons why I prefer text over video. The first is from a creator perspective—they take much more time to produce, and they can’t be easily tweaked if you want to change something afterward. This makes providing course updates (for free) much less attractive. The second is from a consumer perspective—if I’m looking for a specific piece of information, I can just Ctrl+F and find it on a page. You can’t do that with video, which leaves you scrubbing backward and forward for ages. Given that course access is lifetime, the probability of people coming back to the content multiple times is quite high, and I personally feel that having majority text is more of a benefit than not. Obviously, I understand that people have different preferences, so I do try and provide videos where the effort makes sense to invest.”

After completing the course, I agree. While videos could help introduce some of the more complex concepts, the text-based format works well, especially when revisiting the material.

Exam Details

Although I haven’t completed the exam yet, the general consensus is that it’s tough. You’ll need to reference concepts from both RTO2 and RTO1. The exam runs over 8 hours or 96 hours of runtime, whichever elapses first, allowing you to work at your own pace. To pass, you need to capture 5 out of 6 flags, and the exam is designed to be sequential.

Your first exam attempt is included in the course cost, with additional attempts available for £99.

Industry Recognition

Zero Point Security is endorsed by several industry bodies, including:

  • CREST
  • Cobalt Strike
  • CBEST and CORIE frameworks for Red Teaming Financial Institutions

As a hiring manager familiar with the qualification landscape, I hold this certification in high regard.

Price Point

The course offers several pricing options, depending on how long you need access to the lab:

  • £399 for the course only
  • £429 for the course + 30-day lab access
  • £459 for the course + 60-day lab access
  • £489 for the course + 90-day lab access

If you sign up using the link in the description, you’ll directly support the channel. Additional lab hours can be purchased at very reasonable rates.

My advice is to opt for the 60-hour bundle, which should give you ample time to complete the course. Additionally, setting up your own lab environment in parallel can help you dive deeper without worrying about running out of time.

Pros and Cons

Pros:

  • High-quality training materials that aren’t locked behind huge paywalls
  • Deepens a specific aspect of Red Team Ops significantly
  • Easy to get started and work through

Cons:

  • Some video content to explain higher-level concepts with analogies or basic animations would be beneficial
  • Clearer prerequisites on the course page would help students prepare better before enrolling

The Bottom Line

Red Team Ops Part 2 is an excellent deep dive into C2 infrastructure and defense evasion. The course has a narrow focus but offers impressive depth. Completing this course will equip students with the skills needed to handle the C2 element within Red Teaming at a high level. These concepts are taught in great detail, and the price point is reasonable, making it a valuable investment for those serious about advancing in this field.

If you enjoyed this review, please leave a comment, and feel free to share your thoughts or questions below. Stay tuned for more content, and I’ll see you in the next post!

Posted in

Leave a comment