HackTricks AzRTE Review

The cloud… A technology that has completely changed the paradigm of enterprise technological infrastructure; a few years ago, we all debated its viability, however, its adoption has been massive. Any company, regardless of its size, uses its services today, whether in a hybrid or fully model in business concepts like startups.

This reason is what led me in 2024 to begin my offensive training in Cloud through the certifications of HackTricks Training, the educational branch of the renowned HackTricks, with which I have gone from Zero to Hero. That’s why, when the HackTricks team announced their new certification, AzRTE (Azure Red Team Expert), I jumped headfirst into the shopping cart.

After completing the AzRTE, I hold all the cloud certifications available from HackTricks (AzRTE, GRTE, and ARTE), so I hope that this review will serve as a reference to all of you who are thinking about taking your first steps in Azure or want to expand your knowledge for carrying out Cloud Red Team exercises.

During this review, we will cover the following points:

Context

The question that we all usually ask ourselves before starting a certification is:

  • Do I need prior knowledge in order to take and pass the certification?

And the answer is simple: no. When I started with HackTricks certifications, I had no previous experience beyond what anyone introduced to the cybersecurity sector might have.

All the concepts you need to know are explained during the course, which makes it an ideal option to start from almost zero (if you work in IT) and acquire the skills required to perform Cloud audits.

Course and Laboratory

Once you have purchased your certification voucher, you will gain access to the course and the lab. It is important to note that access to the materials is permanent, so if in the future the course undergoes any updates, whether they include new materials or revisions, you will always be able to consult them and refresh your knowledge.

The lab is available for practice for 60 days from the moment you redeem the voucher, and it includes more than 80 labs, which you should complete throughout the course. If you are concerned about time, in my experience it is more than enough; I have always had leftover days of lab access in each of the certifications I have taken.

However, it is possible to purchase additional days of lab access at any time if you need them.

At the time of writing this review, the course covers 23 of the most common Azure and Entra ID services, plus 3 defensive security services, making it the certification par excellence in terms of the number of services covered and the number of labs in which to practice.

For each of these services, you will learn:

  • How the service works and what it is used for
  • Specific characteristics of that service
  • Manual/automated enumeration of it
  • Privilege escalations
  • Post-exploitation actions
  • Persistence
  • From 1 to 9 labs in which to practice what you have learned

With the number of labs this certification offers, it’s impossible not to end up mastering Microsoft’s tools for interacting with Azure and Entra ID, such as Azure CLI or Azure PowerShell among others, and that is something I really like about HackTricks certifications in general.

The quality of the various labs is very good, aiming to maintain a realistic approach in the explanations and exploitations of the services.

AzRTE Exam

The exam consists of a 100% practical lab in which you will have to find 3 flags through exploitation, privilege escalation, and pivoting in an Azure tenant.

You have 12 hours to find the 3 flags; if at any point you feel stuck, remember that in this type of exam, enumeration plays a fundamental role, so review all your findings again.

It is very useful to take notes on all the course content and labs you complete; making your own cheat sheets will allow you to perform with greater confidence during the exam. If you have completed the entire course and taken notes, I am quite sure you will pass.

The exam is not easy, and I really liked it, since it puts your acquired knowledge and methodology to the test.

Pro Tips

  • Don’t trust the output of a single tool
  • Enumerate continuously until you identify a clear exploitation vector
  • Stay calm, there is more than enough time to complete the exam
  • Think outside the box and don’t overcomplicate things; everything you need to know is in the course

Extra Points (PR)

Finally, I would like to mention the Extra Points system: in any of the HackTricks certifications, if you submit a PR to the official GitHub repository in which you explain a new technique you have discovered through research, you will earn an extra point. This extra point will allow you to skip submitting a flag in the exam, enabling you to pass with just 2 flags, which encourages students to research and share knowledge related to new exploitation vectors in Azure.

I hope to see you certified soon!

Conclusions

My opinion regarding this certification is clear: first of all, I would like to mention that I have paid for all the certifications in full, I have not received any kind of discounts from the HackTricks team, and my opinion is not biased.

AzRTE is without a doubt the best Azure certification you will find; the number of labs and content is unmatched, and something that is very important to me is the delivery and explanations, a clear and minimalist platform through which it is very easy to extract content and take notes efficiently.

Another aspect that I consider fundamental about this certification is that, unlike others, it is focused on applying knowledge to a real environment; in the certification, the process of executing a Blackbox and Withebox exercise is covered, discussing the requirements that you must request from the client in order to carry them out, which adds great value, at the end of the day, this is what we all want to know for the development of our profession.

The courses and labs are updated with relative frequency; reviewing the platform, I can see that in the two certifications I completed previously (ARTE and GRTE) there are new labs and lessons that were not available at the time.

AzRTA - AzRTE Lite

If you consider that AzRTE is too much for you, the HackTricks Training team is planning to launch AzRTA, which is a simpler version of the original AzRTE. In it, you will also be able to learn the fundamental concepts of Azure and explore a reduced number of services.

After completing AzRTA, you will receive a 25% discount to take AzRTE, so it also seems like an interesting option to me, since it is a cheaper and easier way to get into the world of Cloud Red Teaming.

AzRTA will not have a certification exam, and you will have 30 days of lab access, in which you can practice just like in AzRTE but with fewer services.

Once you have completed all the labs, you will receive a certificate. The diploma contains a QR code that can be used to verify its authenticity, just like the rest of the certifications.

Discount

You can get a 10% discount on any HackTricks certification, including the one in this very review, using the following code:

SLAYER-HTTRAINING

I’m not taking any profit, so enjoy it! Link.

With that said, I hope this review has been usefull four you, your colleague bids you farewell.

Slayer 06/01/2025