SecProve
ExpertVendor-neutralAltered Security· issued from IN

CRTE

Certified Red Team Expert

Multi-forest AD compromise — cross-trust abuse, advanced delegation, and persistence in hardened enterprise environments.

Official page at Altered Security↔ Compare with another cert
Exam fee
$699
Ongoing
$0/yr AMF
Study time
120–200 hrs
Delivery
Hands-on practical lab
Validity
Lifetime

› Quality score

31.0 / 40

Four-axis SecProve rubric, each 0–10. SecProve editorial assessment — each axis carries a written justification so you can push back on any single call without dismissing the whole score.

Blueprint rigor
How well-defined and rigorous the exam blueprint is.
Builds on CRTP with cross-forest, ADCS, exchange, and SQL-server attacks. Outline is detailed but lacks a formal exam-weight document.
7.5/10
Practical evidence
Hands-on labs / written reports vs pure MCQ.
48-hour lab against a hardened multi-forest network with logging/EDR-style telemetry. One of the more demanding AD-focused lab exams available.
9.5/10
Currency & upkeep
How aggressively content is kept current with the field.
Updated with newer techniques (ADCS ESC1-ESC11, RBCD, shadow credentials) as they hit mainstream.
7.0/10
Market recognition
How often this signal actually moves a hiring decision.
Respected in red-team circles but a tier below OSEP/CRTO in raw hiring weight. Often referenced for senior AD-focused roles. [Holders: vendor doesn't publish]
7.0/10

› Market signals

public, citable inputs to the recognition score
Holders worldwide
4,000
as of 2024-12 · source

Vendor doesn't publish exact counts; conservative estimate from community cohort signals.

› Built for these roles

Senior Red Team OperatorAdversary Simulation LeadPrincipal Penetration Tester

› Exam format

48-hour hands-on lab exam against a multi-forest enterprise environment with EDR-style controls. Report submission within 48 hours of lab close. Multiple flags across forest trusts and tier-0 compromise required.

› Recertification

Credential is permanent — no recertification or AMF.

› NICE Framework work roles

The NIST NICE work-role IDs this cert maps to. NICCS lookup.

PD-WRL-001PD-WRL-007
Recognition
GlobalUSEUUK
Exam languages
en

› Core domains covered

The 2 domains this cert is centrally about. Passing the exam demonstrates working knowledge of each.

A9Penetration Testing & Red Teaming

Methodology (OSSTMM, PTES), web/network/mobile pentesting, social engineering, purple teaming.

A6Identity & Access Management

AuthN/AuthZ, SSO, MFA, PAM, RBAC/ABAC, identity governance, FIDO2/passkeys, plus non-human identity: service accounts, workload identity, agent / plugin identities.

› Also touched

Present in the blueprint but not the primary focus — you’ll be introduced but shouldn’t expect depth.

A2Network Security

Firewalls, IDS/IPS, network segmentation, DNS security, SD-WAN, VPN, traffic analysis, wireless security.

A11Detection Engineering & Threat Hunting

SIGMA/YARA/Suricata rule writing, hypothesis-driven hunting, log deep-dives, detection gap analysis.

B4AI in Offensive Security

AI-assisted pentesting, automated recon, AI-generated phishing/social engineering, deepfake attacks.

› Prerequisites

Experience

Solid AD-attack fundamentals — CRTP-level knowledge or equivalent operational experience. Familiarity with multiple C2 frameworks helpful.

Knowledge assumed
  • Active Directory trusts, ADCS, and delegation
  • Lateral movement and persistence techniques
  • Bypassing common Windows security controls (AMSI, AppLocker)

› Progression

requiredrecommended

Where this cert fits in the typical learning path. Required edges are vendor-gated; recommended edges reflect de facto industry progression.

Required prereqs (0)

No vendor-gated prereqs.

Recommended priors (2)
CRTPAltered SecurityOSCPOffSec
CRTE
Altered Security
Required by (0)

No certs require this one.

Recommended next (0)

No follow-on certs reference this one yet.

See this cert’s domains highlighted on the interactive map, or compare it against the rest of the catalog.

Highlight on the domain mapBrowse all certifications