Goal: become comfortable operating in a Windows/AD environment with a C2 framework, not just pass a cert.

Baseline

  • 10+ years: AWS, Linux, infra/ops
  • Offensive: eJPT, Amazon Cloud Red Team Professional (Pwnedlabs)

Gaps I’m closing before CRTO

  • Windows + Active Directory offensive tradecraft
  • Initial access and phishing workflows
  • C2 operator basics and OPSEC

Prep steps

  1. Active Directory & Windows attacks

    • TryHackMe rooms: Attacktive Directory, Windows PrivEsc, Kerberoasting
    • HackTheBox Windows domain machines

  2. Web foothold skills

    • TryHackMe Web Pentesting paths, focused on SSRF, SSTI, auth/session issues and API attacks

  3. Operator skills

    • Lab: basic C2 setup, beacons, staging, redirectors

I’ll keep this post updated as I progress and link to detailed lab write-ups.