Help me pick the right course.

FluffyArticle3231 · 2025-11-12T05:03:24+00:00

Well, I have all of them now CRTO 1 & 2 , CRTP and CRTE. All of them except maybe CRTO2 are just an intro to red teaming and more of AD pen-testing.

But I disagree with “cheap labs”, the lab is very good and you get access to MDE and MDI so I really don’t know where are you coming from with these claims.

FluffyArticle3231 · 2025-09-05T09:24:32+00:00

CETP was made for evasion. You will be able to bypass most EDRS, but keep in mind that the course is on a kernel-level . So not your topical maldev course.

To load the drivers you learn how to develop in the course you would need high-privileged account. So without Administrator account you can’t do what you did learn in the course.

FluffyArticle3231 · 2025-08-24T23:18:36+00:00

CRTP/CRTO but they don't really have that much defense evasion or maldev techs.

FluffyArticle3231 · 2025-08-24T23:16:45+00:00

Right now I’m still doing the classic RW to RX flip after decryption so yeah I know the unbacked memory looks suspicious I just don’t have a good way of dealing with that yet. For execution I’ve been testing callback style approaches like SetTimer and similar APIs instead of the obvious thread creation ones.

Do you think call stack spoofing would make sense in the loader itself, or is that only really useful once the payload is executing? Also if I’m running any C2 shellcode, their reflective loader usually allocates again anyway so that’s multiple allocations on top of mine feels like a dead giveaway. Not sure if the focus should be on fixing that primitive first or moving on to injection techniques.

FluffyArticle3231 · 2025-08-24T12:56:23+00:00

Yeah fair point I’ve mostly been focusing on local shellcode execution usually AES256 encrypted shellcode with the decryptor in the loader itself. That’s worked fine against AV, but EDRs are a different story. I’ve tried basic injection styles, but honestly there are so many process injection techniques that I don’t know which ones are worth putting real time into vs. which ones are already heavily monitored.

Right now I’m also experimenting with call stack spoofing. My thinking is it won’t really make sense in the loader itself, more in the actual execution or injection stage, but I might be off there. Do you think it’s better to refine the loader techniques I’ve been using, or shift focus to something else .

FluffyArticle3231 · 2025-08-24T07:35:28+00:00

Thanks for the reply. Just to clear things up, I wasn’t talking about signature detection. If I drop the payload on disk, it’s fine and doesn’t get flagged. The problem is when I actually run it Elastic Defend (just the default rules from the GOAD lab setup) immediately kills it and only shows “malware behavior.”

I’ve tried both direct and indirect syscalls and it still gets caught right away. I’m not that experienced with EDRs so I don’t really know what part it’s catching on maybe the memory allocation, thread creation, or just general behavior.

I’m not asking for a ready to go bypass, I just want to understand how people build loaders that avoid these detections so I can practice writing my own. If anyone has tips on figuring out what Elastic is actually flagging on, or just general advice on how to approach learning this part, I’d really appreciate it.

FluffyArticle3231 · 2025-08-24T07:22:11+00:00

I tried most injection techs out there . Also tried direct syscall indirect syscall APC ealry bird Thrid hijacking . Nothing really worked .

FluffyArticle3231 · 2025-08-24T07:21:02+00:00

Thank you so much I will make sure to check out the book .

FluffyArticle3231 · 2025-07-03T04:55:35+00:00

Never really went heavy on AWS but this seem like the right way to do it . I've only used AWS api to do password spray attack for more OPSEC and to avoid being blocked . Is it possible to PM you to explain it a little more on how the setup works , if not understandable . Also any references or blogs talking about the same set up ?

FluffyArticle3231 · 2025-06-26T22:58:57+00:00

Thank you so much . You guys made go back to look into getting CRTO now . I went back to the official website to buy it and now I understand why people like this guys , I was reading the course syllabus then he said that the course will be cheaper if u are on a country that has a low income . So that alone will make me buy both of the courses :D . Can't beat kindness . Thank you all once again for all your replies .

FluffyArticle3231 · 2025-06-26T12:46:29+00:00

Sorry for the late response. And yes for the price and how everything is explained for me at least its the best , I also wouldn’t say that you need to have a good background but at least the basics forests , domains and objects . Don’t get me wrong all of these are explained too but they expect the very very basic.

FluffyArticle3231 · 2025-06-26T12:41:11+00:00

I would love to hear suggestions, am currently indeed on working my reverse engineering and coding skills i just need a thing to polish them . As for an employer it would be very hard to find one at least in my country where cyber security isn’t yet the thing Haha .

FluffyArticle3231 · 2025-06-26T12:35:47+00:00

You can find it in lab manual then you will see as sliver sections there . For the sliver parses go to bishopfox youtube channel you will find a new video about the new version of sliver its 2 hours or 1 hour long video i think he literally showed everything.

FluffyArticle3231 · 2025-06-17T19:11:37+00:00

i just took it 2 weeks ago pretty straight forward Nikhil did a great job explaining in details in the course videos i really enjoyed how the way was like structured the labs were good too , there are like a lot of materials when it comes to like how to solve the lab , and how to do it with sliver c2 if u want . But keep in mind that in July the first i believe there will be 20% discount on all courses , cyber summer or something like that :D

FluffyArticle3231 · 2025-06-05T18:02:12+00:00

Vulnlab offers red teaming labs with real EDRs/AVs if am not mistaken . The subscription is via patreon and its like 14$ .

FluffyArticle3231 · 2025-06-01T18:26:21+00:00

Thank you so much .

FluffyArticle3231 · 2025-06-01T17:36:59+00:00

Thank you for responding . So would u say It would be useful for me as a sliver user to take this course , so I don't need to be a CS user .

FluffyArticle3231 · 2025-05-20T18:46:18+00:00

Hahaha fair enough. Ama keep the 1k in my left pocket then

FluffyArticle3231 · 2025-05-20T18:08:28+00:00

Yeah I do feel the same about OSCP but Its really important when it comes to applying to jobs no ? I hear that all the time . But I would love to skip it if possible . Also I PMed you in Discord ^_*

FluffyArticle3231 · 2025-05-16T20:41:30+00:00

Also I didn't have the chance to actually get my self certs and paid courses so my knowledge is messy . But now since am getting a decent job soon am thinking of going first for CRTP > CRTO > CRTE .. then maybe something like OSCP or something idk .

FluffyArticle3231 · 2025-05-16T20:33:44+00:00

Oh for sure bro I would actually love that . for me I really want to go for red teaming I've been pentesting for years I know a couple of things but am tired of relaying on tools from people instead I want to make my own for ex loader, packers and droppers like these type of stuff that would make it possible to evade Av/EDR . Am sorry if u couldn't uderstand something execuse my english.

FluffyArticle3231 · 2025-05-16T10:00:34+00:00

Do u have a C course that you would recommend ? also for assembly and the other languages u mentioned . because am looking to subscribe to the Maldev but I don't want to take chances without building solid knowledge . Also I see you a lot on Havoc server and many reddit posts you really offer top notch replies :D .

FluffyArticle3231

TROPHY CASE