Review of the CARTP Course by Altered Security

**DISCLAIMER** : This text has been polished with IA for readability. ### Introduction Since last year, I’ve been following a path focused on Azure. My goal is to dive deeper into the intricacies of Azure and Entra ID. I started with the Microsoft SC-900 certification, then moved on to the SC-300. Microsoft certifications are interesting, but they’re from the vendor’s perspective — a kind of "happy path" approach. But if you want to truly understand a product, you need to explore its flaws, poor implementations (or at least deviations from RFC specs), and possible misconfigurations. --- #### Why Altered Security CARTP ? I’ve been following Altered Security for a long time, especially since Nikhil is a well-known security researcher. Back when the CARTP wasn’t even released, I had already purchased the CRTP. I know the quality of their content. --- #### What is CARTP in short ? **CARTP (Certified Azure Red Team Professional)** is the beginner hands-on certification offered by Altered Security. It focuses on offensive security techniques in Azure environments, including post-exploitation, privilege escalation, persistence, and bypassing security controls within Entra ID. The course teaches real world attack scenarios and culminates in a 24-hour practical exam. You can find the full course details here: [https://www.alteredsecurity.com/azureadlab](https://www.alteredsecurity.com/azureadlab) ### Content Altered Security now uses their [EnterpriseSecurity.io](https://www.enterprisesecurity.io/) platform to host all the course material. In my case,I chose the 60-day lab access + on-demand content. Within 24 hours of purchase, the lab support team contacted me via email to ask when I wanted to begin the lab. (In my case, I asked to started it 2 months later as I bought it during the Diwali discount period and needed time to finish preparing for the SC-300 and reviewing all the material.) The course includes: - A comprehensive slide deck. - A lab manual. - Videos covering the slide content. - Videos covering all the learning objectives. - Kill chain diagrams and a threat matrix. - Tools used during the labs and the exam. The slides are very complete, but as Nikhil says in the intro video — not everything is in them. Personally, I really like Nikhil’s tone and style in the videos. **My recommendation:** Follow *all* the videos, even if you already have experience with Azure. You’ll still discover things you might not know. I watched all the course and kill chain videos to get the full context. Then I reviewed the slides, took notes, and dove deeper into the topics using the links provided in the slides. I read the lab manual alongside the diagrams and the threat matrix. In my case, I used **Obsidian** for note-taking and **Microsoft Whiteboard** to map notes onto diagrams and link learning objectives to points on the kill chain diagrams. --- ## Lab You can access a “Student VM” via a browser or connect directly through VPN from your own machine. Some resources are only accessible from inside the lab environment. Everything ran smoothly for me. The lab allows you to test all the attacks covered in the course. You can validate flags on the [EnterpriseSecurity.io](https://www.enterprisesecurity.io/) platform after completing each learning objective. After finishing the lab and experimenting with a few extra things in my tenant, I decided to take the exam. --- ## Exam You can launch the exam yourself from the platform. It takes around 15 minutes to be ready, and Altered Security compensates for that by giving you an extra hour. The exam is a **24-hour hands-on challenge**, featuring multiple Azure tenants and resources. The goal: abuse and compromise all the tenants and resources. After that, you have **48 hours** to write and submit a report explaining how you compromised the environment, along with practical recommendations. **Tip:** During the lab phase, take screenshots and document everything — it will help a lot when writing the report. --- ## Conclusion I really enjoyed this course. I believe it’s suitable for junior pentesters, seasoned red teamers, and cloud security engineers alike. A quick word about support: The team is **super available and proactive**, and the **Discord community** is active — there’s almost always someone to help or share insights.