Passed Zero-Point Security CRTL
CRTL Certified
At the beginning of the year, I shared a post outlining my goals for courses and exams I intended to pursue.
However, just a month in, I was contacted by a new employer and offered a position—an opportunity that brought significant changes and a lot of new learning, which understandably delayed my exam plans a bit.
Now, I’m proud to say that I’ve taken—and passed—the exam!
Course Review
I began the course in the summer of 2024, and when I first started going through the material, I was pretty overwhelmed by the number of new concepts and the depth of information.
The course introduces many foundational topics in modern Windows red teaming, as reflected in the core modules:
- C2 Infrastructure
- Windows APIs
- Process Injection
- Defense Evasion
- Attack Surface Reduction
- Windows Defender Application Control
- Protected Processes
- EDR Evasion
Now that I’ve passed the exam, did I master all of these concepts? Far from it.
But I can confidently say that the course has moved me a step further in my journey toward understanding Windows internals and red teaming tradecraft—knowledge I can apply directly in my daily work.
The exam expects you to be comfortable enough to implement your own loader (largely based on provided example code) and to understand EDR behavior from a practical perspective in order to complete the required tasks.
That alone can be a daunting challenge, but through a well-curated experience, RastaMouse has managed to make it manageable—even for those approaching it with limited prior experience.
I won’t go into more detail for now, but as always, feel free to reach out via my listed socials if you have any questions or just want to connect.