Certified Red Team Operator

Intermediate Practical C2/red-team operation exam + report Pass: Provider-defined objective threshold; verify late… $399

CRTO focuses on practical operator workflows using C2 tradecraft and offensive execution in monitored environments. 2026 preparation should include OPSEC decisions, C2 hygiene, and reportable objective completion.

Official Page

IssuerAltered Security

FormatPractical C2/red-team operation exam + report

Duration~24h practical + reporting window (indicative)

Pass ScoreProvider-defined objective threshold; verify late…

Overview Syllabus (5) Tools (7) Cheat Sheets (2) Labs (3)

Recommended Tools

BloodHound CE Essential

AD Mapping

Visualize Active Directory attack paths.

installdocker compose up -d # bloodhound stack

usagebloodhound-python -d <domain> -u <user> -p <pass> -ns <dc_ip> -c all

NetExec Essential

Enumeration

SMB/WinRM/RDP/LDAP assessment and credential checks.

installpipx install netexec

usagenetexec smb <target> -u <user> -p <pass>

Nmap Essential

Recon

Network discovery and service fingerprinting.

installsudo apt install -y nmap

usagenmap -sC -sV -Pn <target>

Rubeus/Mimikatz toolkit awareness

C2/AD

Understand credential material handling and AD abuse paths in controlled labs.

usageUse in sanctioned lab scope only

Hashcat

Credential Attacks

Password cracking for recovered hashes.

installsudo apt install -y hashcat

usagehashcat -m <mode> <hashes> <wordlist>

Metasploit Framework

Exploitation

Exploit/proof-of-concept and post modules.

installsudo apt install -y metasploit-framework

usagemsfconsole

Ligolo-ng

Tunneling/Pivoting

Userland pivoting and tunnel setup.

installgo install github.com/nicocha30/ligolo-ng/cmd/...@latest

usageligolo-proxy -selfcert