Published on July 26, 2025

CRTO Review (Newest version)

Table of Contents

Introduction

The CRTO is a Red-Team oriented certification, when you’ll mainly use Cobal Strike as a C2 for every steps of the engagement. It’s nice because as a student and as a person who don’t work in a red team environment, I don’t have the opportunity to use CS (Cobalt Strike) as a C2. It’s one of the most used C2 for real engagement, meaning the cert prepare us for the real world.
During this review, I’ll explain the certification, what you’ll learn, the exam and my feedbacks about it.

Certification Overview

In 2025, Rasta decided to migrate the course to a new plateform and changed how the certification was organized. I did the RTO (Red Team Operator) course and exam on this new plateform, so I can’t say anything about the old course.
All the content of the course is text based, there are no videos available to explain each concept but sometimes there are videos for lab Walkthrough. The course is divided in “Chapter”, where each one explain a general concept, the organizaton is well done. At the end of each course, you have a lab which is not a challenge but a path to follow to practice the concept you learnt before, and it’s important to note that the lab are included in the price of the course, it means you can access the labs with no expiration.

What you’ll learn

The course is divided as I said, in Chapter which are :

- Getting Started : Rasta explain how the course is organized and how it works. 
- Law & Compliance : You'll have an overview of the difference law 
- Malware Essential : An introduction about how malware works
- Cobalt Strike Primer : An introduction to Cobalt Strike
- Initial Access : Techniques that will help you to gain an access to a machine
- Persistence : Techniques that will help you to stay on the machine, even after a reboot
- Post-Exploitation : Cobalt Strike modules that will help you to collect more juicy datas
- Privilege Escalation : Techniques that will help you to become a privilegied user on the machine
- Elevated Persistence : Persistence techniques, but for privileged users
- Credential Access : Techniques to retrieve credentials stored in the machine
- User Impersonation : Techniques to impersonate other users
- Discovery : Techniques to collect informations about the domain
- Lateral Movement : Techniques to move on other machines in the domain
- Pivoting : Techniques to pivot in the network, with Socks for example
- Kerberos : A really good explanation about how Kerberos works, and the different exploitation with it
- Microsoft SQL Server : Techniques to enumerate and exploit a MSSQL Server
- Domain Dominance : Techniques for persistence in the domain
- Forest & Domain Trusts : Techniques about Trusts in the domain
- Defence Evasion : Techniques to bypass Windows Defender

It’s important to note that every concept are oriented to work with Cobalt Strike And there is a lot of OPSEC advice.

Exam

I’ll not talk a lot about the exam itself because it’s better if you keep the surprise.
Honestly, if you are confident with every contept taught in the course, everything should be fine. Even if I had some background with Active Directory, Cobalt Strike was completely new for me, and I feel confident with the course.
To pass, you need 80 points out of 100. You have an objective to perform, there is no flag to hunt (which is really nice, it feels like a real engagement). If you success the objective, you gain 50 points, but it’s not enough because I told you that you nee to have at least 80 points to pass. The other 50 points are about the OPSEC. It means you have to be stealthy during the exam, you should not trigger a Windows Defender alert. Keep in mind that the OPSEC is not only about Windows defender, and in case you failed your attempt you’ll have a summary about your OPSEC.
At the time I write this article, you have unlimited attempt with a cooldown of 7 days beteweens each attempt. Rasta is really a good guy for doing this, so be grateful about his works.

Some tips for you :

The last lab is oriented for defense evasion, use it to test your profile.
Make sure your profile and your artifact kits are good enough to bypass Defender.
Every exploit you have to do during the exam are in the course. You’ll not have to do something that was not in the course.
Create a cheat sheet of Cobalt Strike commands, you’ll gain a lot of time.
For lateral movement, use ScShell instead of psexec.

Almost forgot it, but there’s no report to do, you’ll directly have your score once you send your attempt.

My feedbacks

It tooks me 1 month between purchasing the course and the exam, and I can now say with pleasure that I’m Certified Red Team Operator ! It was the best certification I have ever taken, everything went fine, no problem with the plateform, no problem with the labs, no problem with the exam. The quality of the course is amazing, especially the part about Kerberos that I loved the most. I highly recommend you the exam if you want to test Cobalt Strike or if you are interested in beggining a journey as a red teamer !