Skip to content

Certified by Altered Security Red Team Professional for Azure (CARTP)

[Date taken : October - December 2025] [Overall Rating : 4/5]

I took the course to better understand Azure (since it seems to be the main cloud for enterprises). Overall I'm glad that I took it, as it was interesting and contained some pretty useful information. It's also nice to see someone hate Microsoft more than me, especially if that someone is an expert in the field :)

Course & Lab

[Overall Rating : 4/5] [Homepage : alteredsecurity.com]

Approach

When I purchased the course I did not quite know where to start.

You get access to a slide deck, a lab manual and a collection of videos. As I thought there might be more, I activated my lab time immediately, which was a mistake. With the benefit of hindsight I would approach it like this next time:

  1. Watch the videos or if you are already familiar with certain topics skip through the slides until you find something new to you. The videos cover the slides in the presentation with some extra information and anecdotes by Nikhil.
  2. Once you finished the slides/videos activate the labs and walk through the exercises in the lab manual.

Using this approach, the 30 days of lab time should probably be enough. Though if you just want to pass the exam and are familiar with pentesting, you probably do not need to do the labs. The lab guide shows you pretty much what to do and what output to expect, so if you are short on time I'd skip the labs.

The labs were generally pretty stable and I liked that they can be accessed using VPN+RDP, so you can copy paste and transfer files. Sometimes I had weird issues like Monkey365 not running on the student VM (neither the pre-installed version nor the current one from GitHub) when the same version worked fine in my local Windows VM.

Content

What surprised me was how much of this course was about tokens. You'd think there would be not much to it, it's just a couple JWTs (an access token and refresh token), right? Nope, there are different kinds of tokens with different audiences (Graph API, ARM) and scopes. And sometimes your valid token may even get revoked for various reasons. It may sound pretty boring, but that part of the course was surprisingly interesting to me and the part that I found most useful.

I also liked that the course introduced many different ways of interacting with the Azure API (PowerShell, Azure CLI, specialized auditing tools and plain REST API calls). The information about how to get Azure tokens using an RCE is also pretty useful for standard web app pentests.

The second half of the course I mostly skipped through, since Q4 was pretty busy (as usually) and I spent the holidays with my family, so I can not say much about that content.

Exam

[Overall Rating : 3/5]

Coming from the OSCP, the exam experience was so refreshing:

  • You have no proctoring, so it is much more relaxed than knowing you are watched via your webcam all exam long
  • You have 25h to complete the exam
  • You have 2 days (48h) to complete your report and any template is fine

I took about 10 hours (including breaks) in the exam, but only because I got stuck at one point for a couple of hours. Due to me not finishing all the course material, I thought that maybe I had to use some technique or resource explained later on. That had me frantically checking course slides, the attack diagrams, cheat sheets on GitHub, but with no success. In hindsight, the solution was pretty obvious.

Overall it was surprisingly easy, especially considering that I did not manage to put as much time into the course and lab as I initially planned. That is also my major point of critique for the exam: In my opinion an exam should challenge most of what is taught in a course and not just the first half. But I liked that the exam can be beaten using mostly just Microsoft's own CLI tools and some logical thinking.

Reporting

The reporting took me way too long, as I did not have any proper template for it. After my bad experiences with LibreOffice during the OSCP I decided to just go with a Word in a Windows VM and building my own template roughly based on the OSCP one and some CARTP template JSON I found on the Internet.

Finishing the exam early meant that I could put the screenshots in the report and check if I missed screenshotting anything while the lab was still running. Given that this was just an exam, I probably also spent way too much time googling references and looking up ways to fix the problems in the report.

After sending the report, it took a week until I received the notice that I had passed and the next day I got my certificate.