HackTricks GRTE Review
Back again with the “All you need to know series”, but this time to talk about the new HackTricks Certification GRTE (Google Cloud Red Team Expert).
In this post I’m going to review the overall course and exam experience, covering the most common questions about this new cloud certification.
HackTricks Training & GRTE Course
HackTricks, has released their seccond cloud certification, this time focused on Google Cloud.
GRTE is aimed at Red Team professionals looking to learn how to audit Google Cloud environments, so yes, you need to know at least how to use the terminal and have some web application pentesting knowledge.
Compared to other certifications, GRTE won’t only teach you about service exploitation, it also covers White and Black Box Methodology and Google Cloud - Google Workspace pivoting, giving you all the requirements needed to perform a Google Cloud Red Team Exercise in real life.
At the moment of writing this post, the course covers the 16 most popular services on GCP plus 3 security services, if this isn’t enough for you, the course material is lifetime access, so you will be getting the new content updates if more services are added in the future, which is awesome.
The course material is composed of slides and videos explaining the different services and security solutions, how to configure services from the GCP GUI and performing additional exploitations.
For each service you will be learning:
- How the service works and what it is used for
- Specific service features
- Manual and Automated Enumeration tools if exists
- Privilege Escalation
- Post Exploitation
- Persistence
- 1-7 Labs to practice what you have learned
The course voucher gives you access to the full course, Lab environment (The access to the course Lab is granted at the same time as the Course Materials) and one certification exam attempt.
Like I mentioned in the ARTE Review, HackTricks has extended the LAB access from 45 days to 60, what makes it more than enough to complete the course. I studied every day and had 26 days left over, so you can make an idea. Anyway, you can always buy extra Lab time if needed.
And this is one of the strengths of this certification, the labs, by having more than 50 hands-on labs, you will gain a lot of experience using the GCloud CLI and there’s no better way of learning how to exploit services on GCP than doing it by yourself, right?.
The quality of the different lab scenarios is amazing, way more focused on real life situations than CTFs, and I’m pretty sure you can’t find anything similar in other GCP certifications.
After completing the certification, I can say that GCP has become my favourite Cloud Service by his simplicity and easy implementation.
GRTE EXAM
The exam is a 100% hands-on exam in which you will need to retrieve 3 Flags by exploiting a full GCP Kill Chain.
Everything needed to pass the exam is mentioned in the course, so you won’t be needing to practice in other CTFs platforms if you have completed all the labs.
You have 12 hours to find those 3 flags, so don’t be nervous, like always, enumeration is the key.
If you discover/reserach any new GCP vulnerability/service during the course and you submit a PR to HackTricks Cloud, you will be granted with a “Bonus” Flag for the exam, which is pretty cool also.
Something interesting to mention is that the exam lab is non-linear, so you might not get the flags in order, but again, don’t worry, because you will get a little hint per flag, helping you to know where to look at.
Once you upload the 3 flags to the HackTricks Dashboard, the exam ends and your certificate will be generated. The certificate contains a QR code that can be used to verify its authenticity in training.hacktricks.xyz so fake diplomas can’t be created.
Is very usefull to take notes of every content and lab you solve during the course, having good cheat sheets and notes will speed up your exam and lead you to succeed, if you have completed all the course and took notes as mentioned, I’m pretty sure you will pass.
Hope this post helps you to become certified soon!.
GRTA the GRTE Lite?
If you think GRTE is too much for you, the HackTricks Training Team, is planning to realease released GRTA, which is focused on concepts like access controls, introductory data protection techniques, network security essentials and how to detect and exploit common misconfigurations in the most used GCP services as learning how to perform proper hardening of GCP organizations to spot and fix complex security issues.
By completing GRTA, you will get a 25% off voucher for GRTE, so you might find it interesting as is a less expensive and technical way of starting your GCP Red Team training.
GRTA doesn’t have a certification exam and you will be getting 30 days of lab access in which practice as in GRTE but with less services.
Once completed all the hands on labs, a PDF diploma with your name is provided. The diploma contains a QR code that can be used to verify its authenticity like the GRTE one.
Slayer 09/17/2024