HackTricks ARTE Review
Back again with the “All you need to know series”, but this time to talk about the new HackTricks Certification ARTE (AWS Red Team Expert).
In this post I’m going to review the overall course and exam experience, covering the most common questions about this new cloud certification.
HackTricks Training & ARTE Course
The well known HackTricks, has launched their first certification, Im saying first cause they are more on the way, you can find all the information related to their courses on the official website Hacktricks Training.
ARTE is aimed at Red Team profesionals looking to learn how to audit AWS environments, so yes, you need to know at least how to use the terminal and have some pentesting knowledge.
Compared with other certifications, ARTE won’t only teach you about service exploitation, it also covers White and Black Box Methodology giving you all the requirements needed to perform an AWS Red Team Exercise in real life.
At the moment of writing this post, the course covers the 19 most popular services on AWS plus Detection Bypass techniques of common AWS security solutions, if this isn’t enough for you, the course material is lifetime access, so you will be getting the new updates if more services are added in the future, which is awesome.
The course material is composed of slides and videos explaining the different services and performing additional exploitations.
For each service you will be learning:
- How the service works and what it is used for
- Specific service features
- Manual and Automated Enumeration tools if exists
- Privilege Escalation
- Post Exploitation
- Persistence
- 1-5 Labs to practice what you have learned
The course voucher gives you access to the full course, 45 days of Lab time (can’t be paused) and one certification exam attempt.
You may be thinking that is not too much Lab time, but trust me, is more than enough if you study 4 days a week. I studied every day and had 20 days left over, so you can make an idea. Anyway, you can always buy extra Lab time if needed.
Talking with the HackTricks team, told me that they were implementing Start/Stop functionality for the users to manage the Lab, so in the future you will be able to pause it when desired, however, it’s worth noting that the remaining access days counter will not stop, instead, they will increase the amount of days available to more than 45.
And this is one of the strengths of this certification, the labs, by having more than 50 hands-on labs, you will gain a lot of experience using the AWSCLI and there’s no better way of learning how to exploit services on AWS than doing it by yourself, right?.
The quality of the different lab scenarios is amazing, way more focused on real life situations than CTFs, and I’m pretty sure you can’t find anything similar in other AWS certifications.
ARTE EXAM
The exam is a 100% hands-on exam in which you will need to retrieve 3 Flags by exploiting different AWS services covered in the ARTE course.
Everything needed to pass the exam is at least mentioned in the course, so you won’t need more practice in other CTFs platforms if you have completed all the labs.
You have 12 hours to find those 3 flags, so don’t be nervous, like always, enumeration is the key.
If you discover any new AWS vulnerability during the course by researching and you submit a PR to HackTricks Cloud, you will be granted with a Flag for the exam, which is pretty cool also.
Something interesting to mention is that the exam lab is non-linear, so you might not get the flags in order, but again, don’t worry, because you will get a little hint per flag, helping you to know where to look at.
Once you upload the 3 flags to the HackTricks Dashboard, the exam ends and your certificate will be generated. The certificate contains a QR code that can be used to verify its authenticity in training.hacktricks.xyz so fake diplomas can’t be created.
Is very usefull to take notes of every content and lab you solve during the course, having good cheat sheets and notes will speed up your exam and lead you to succeed, if you have completed all the course and took notes as mentioned, I’m pretty sure you will pass.
Hope this post helps you to become certified soon!.
ARTA the ARTE Lite?
If you think ARTE is too much for you, the HackTricks Training Team, has released ARTA, which is focused on concepts like access controls, introductory data protection techniques, network security essentials and how to detect and exploit common misconfigurations in the most used AWS services as learning how to perform proper hardening of AWS organizations to spot and fix complex security issues in the most common AWS services.
By completing ARTA, you will get a 25% off voucher for ARTE, so you might find it interesting as is a less expensive and technical way of starting your AWS Red Team training.
ARTA doesn’t have a certification exam and you will be getting 30 days of lab access in which practice as in ARTE but with less services.
Once completed all the hands on labs, a PDF diploma with your name is provided. The diploma contains a QR code that can be used to verify its authenticity like the ARTE one.
Slayer 04/17/2024