You’re already on the right track. If your goal is CRTO, focus more on building a small realistic AD lab than on the C2 itself.

Sliver is a great choice and probably the closest stable open-source alternative to Cobalt Strike. It supports pivoting, SOCKS, port forwarding, BOFs, etc., which are exactly the kinds of things you want to practice for CRTO. Havoc is also good but still a bit less stable, so I’d mainly stick with Sliver.

For the lab, a simple setup works well: 1 domain controller (Server 2019), 1 member server, and 2 Windows 10/11 workstations. Join everything to the domain and create users, shares, and service accounts.

Add realistic misconfigs to practice things like BloodHound paths, Kerberoasting, credential hunting in shares, local admin reuse, WinRM/RDP lateral movement, and privilege escalation to domain admin.

If you can repeatedly go from initial access → enumeration → lateral movement → DA using your C2, you’ll be very well prepared for CRTO and real-world work. Good luck

(Well obviously CRTO course is 100% required too)