I’m excited to share that I passed the Certified Red Team Operator (CRTO) exam from Zero-Point Security on August 11, 2025.
I started the course in June, spent July preparing, and took the exam in August.
The Course
This course focuses on using Cobalt Strike to perform common security operations such as Active Directory attacks, MSSQL exploitation, lateral movement, and antivirus (AV) evasion. More importantly, it emphasizes OPSEC-focused techniques — executing these tasks in a stealthy manner that makes detection by AV much more difficult.
One of the best aspects of the training is that it comes with its own dedicated lab environment, so there’s no need to purchase a lab extension, unlike some other courses I’ve taken. While the material is high quality, there are sections where you might get stuck. My advice is to join the Zero-Point Security Discord group (you’ll get access once you purchase the course). Networking and exchanging tips with others there is both helpful and enjoyable.
The Exam
The exam directly reflects the course material — if you’ve studied thoroughly, you should be well prepared. My biggest tip is to focus on the Defense Evasion module. Practice it repeatedly until the techniques become second nature.
I learned this the hard way: I failed my first attempt because I didn’t spend enough time mastering Defense Evasion. After going back and practicing it extensively, I passed on my second try.
Unlike many other certifications, there are no “flags” to capture in this exam. It’s objective-based, meaning you must complete tasks without triggering detections. Even if you meet all technical objectives, repeated AV detections will result in failure.
Final Thoughts
The CRTO is a challenging yet rewarding certification. It tests not only your technical skills but also your ability to operate like a true red teamer — quietly, efficiently, and effectively.
Good luck, and have fun with your journey!