The Unofficial CRTE Notes: The Advanced Red Team Blueprint

The Unofficial CRTE Notes: The Advanced Red Team Blueprint

If you are preparing for the Certified Red Team Expert (CRTE) exam, you already know that the basics of Active Directory won't save you. This is a grueling 48-hour assault on a multi-forest environment that demands deep knowledge of Kerberos internals, trust abuse, and stealthy persistence. 

These CRTE Notes are the definitive companion, meticulously distilling over 250 pages of advanced tradecraft, command-line syntax, and evasion methodologies into one lethal resource.

Unlike generic pentesting guides that stop at Domain Admin, this book teaches you how to cross forest boundaries, weaponize SQL Servers, and live off the land without triggering every alarm in the SOC.

Mastering Kerberos & Delegation Attacks

The heart of the CRTE is Kerberos abuse, and these notes ensure you understand the mechanics, not just the tools. The guide provides a deep dive into Kerberos Delegation, the most critical concept for the exam.

You will find step-by-step kill chains for Unconstrained Delegation (using the "Printer Bug" to capture TGTs), Constrained Delegation (abusing S4U2Self and S4U2Proxy), and the complex Resource-Based Constrained Delegation (RBCD).

It explains exactly how to identify these misconfigurations using PowerView and how to weaponize them using Rubeus and Kekeo to pivot from a compromised web server to a Domain Controller.

Cross-Forest Domination & Trust Abuse

Breaking out of a single domain is where many candidates fail. These CRTE Notes provide a no-fail roadmap for Cross-Forest Attacks. You will learn how to dump inter-forest trust keys and forge Inter-Realm TGTs to jump between forests.

The guide details the devastating SID History Injection attack, showing you how to insert an Enterprise Admin SID into a forged ticket to gain instant administrative access in a trusting forest. It also covers PAM Trust Abuse, teaching you how to enumerate and exploit Shadow Principals to map privileges from a bastion forest back to production.

MSSQL Server Abuse

SQL Servers are often the path of least resistance in complex networks, and this guide turns them into your secret weapon. The notes offer an exhaustive section on MSSQL Link Exploitation, explaining how to chain queries across multiple linked servers to execute OS commands deep inside a network.

You will learn to use PowerUpSQL to discover links that cross forest boundaries, effectively bypassing firewall rules and trust restrictions to execute xp_cmdshell on servers you can't even ping directly.

Defense Evasion & Persistence

In a Red Team engagement, getting caught is failing. These notes emphasize Defense Evasion, providing working payloads for AMSI Bypass (including obfuscation techniques like base64 and string reversal) and ETW (Event Tracing for Windows) Patching to blind defensive tools.

For persistence, it moves beyond simple user creation, teaching you stealthy techniques like DCShadow to modify AD objects without logging events, Diamond Tickets for forging valid TGTs that look legitimate, and AdminSDHolder abuse to maintain rights even after password resets.

Start Below

The CRTE is a test of endurance and expertise. Don't go in relying on scattered blog posts. Equip yourself with the notes that turn advanced theory into actionable flags.

Click Below to Buy the Full CRTE Notes Book Now

https://shop.motasem-notes.net/products/crte-study-notes-guide-unofficial

0 comments

Leave a comment

Our Best Pick of Cyber Security Notes
Certified Security Blue Team Level 2 (BTL2) Study Notes (Unofficial)

Cyber Security Certification Notes

The Kali Linux Pentesting Cheat Sheet

Cyber Security Study Guides

Master AI for Content Creation, Business & Marketing

AI & ML Study Guides

The Definitive Networking Cheat Sheet (Tools)

IT Study Guides

Cybersecurity · Offensive & Defensive · Practitioner-First

Stop reading docs.
Start thinking like an attacker.

Field-ready notes, methodology breakdowns, and certification cheat sheets built by a practitioner for practitioners.

Browse Free Notes Unlock Premium →
62K+YouTube Subscribers
20K+Web Visitors
4K+Students and Professionals Using The Notes

What's in the vault

Two tiers.
One clear mission.

Whether you're just getting started or deep in the trenches, there's a tier built for where you are right now. Free notes cover the essentials — premium unlocks the full playbook.

Free Access

The essentials,
on the house.

A curated library of beginner and intermediate notes you can access right now — no signup, no friction.

  • Introductory walkthroughs on core concepts
  • Tool overviews: Nmap, Burp Suite, Metasploit & more
  • Selected HTB writeup summaries
  • Foundational blue team methodology notes
  • YouTube companion write-ups
Start Reading Free
Premium

The full
practitioner playbook.

Every note, every cheat sheet, every methodology breakdown — structured the way a senior analyst actually thinks.

  • Full OSCP, CPTS, OSWE, HTB CDSA prep DISCOUNTS
  • Complete HTB machine writeups (Guardian, Expressway & more)
  • AI Red Teaming tooling comparison notes
  • SOC analyst learning roadmaps & playbooks
  • Threat intelligence methodology guides
  • Malware analysis case studies (NotPetya & more)
  • New content added continuously
Become a Member →

Coverage

What you'll actually use.

Notes built around real engagements, real exam objectives, and real SOC workflows — not a rehash of vendor documentation.

#Penetration TestingOSCP · CPTS · HTB
#Web App SecurityOSWE · Bug Bounty
#SOC & Blue TeamCDSA · SIEM · IR
#Threat IntelligenceTAXII · YARA · MITRE
#Malware AnalysisReverse Engineering
#AI Red TeamingGarak · PyRIT · LLM Sec
#Network SecurityActive Directory · Pivoting
#Tooling & AutomationScripts · Integrations

Cert Coverage

OSCP CPTS OSWE HTB CDSA CEH CompTIA Sec+ eJPT

The author

Motasem Hamdan

I'm a cybersecurity practitioner, technical writer, and content creator who got tired of resources that treat readers like beginners forever.

My notes are built the way I wish someone had built them when I was grinding through certs and CTFs — methodology-first, practitioner-grade, and structured for how analysts actually think on the job.

Over 62,000 people on YouTube follow along. Thousands more read on the site every month. These aren't notes for passing an exam and forgetting everything — they're references you'll keep coming back to.

YouTube Channel @MotasemHamdan · 62K+ subscribers Main Site motasem-notes.net Store shop.motasem-notes.net
motasem_notes — practitioner.sh
whoami
motasem_hamdan — cybersec_practitioner

cat expertise.txt
offensive_security: advanced
blue_team_soc:      advanced
threat_intel:       advanced
technical_writing:  practitioner-grade

ls content/
htb_writeups/  cert_cheatsheets/
ai_red_team/   soc_methodology/
threat_intel/  malware_analysis/

cat philosophy.txt
"teach how to think,
 not just what to type."

_

Membership

One subscription.
Everything unlocked.

Skip the hours lost searching fragmented resources. One membership gives you the full library, updated continuously as the threat landscape evolves.

Free $0 forever
  • Foundational notes library
  • Selected HTB summaries
  • YouTube companion write-ups
  • Tool overview guides
Start Reading
Most Popular Premium Member $15 / month · cancel anytime
  • Full notes library (100+ resources)
  • Cert prep DISCOUNTS: OSCP, CPTS, OSWE, CDSA
  • Complete HTB machine writeups
  • SOC analyst methodology playbooks
  • AI Red Teaming notes
  • Threat intelligence guides
  • New content every week
  • Priority access to new releases
Become a Member →
Store : One-Time Pay What You Want
  • Buy individual cheat sheets
  • Downloadable PDFs & guides
  • No recurring commitment
  • Yours to keep permanently
Browse Store

FAQ

Good questions.


The free tier has solid foundational content. Premium notes are written for intermediate-to-advanced practitioners — they assume you know the basics and want to go deeper. If you're grinding toward OSCP or working in a SOC, you'll feel right at home.
Continuously. New walkthroughs, methodology updates, and cheat sheets drop regularly — aligned with new HTB machines, cert updates, and emerging threat topics. As a member, you get access to everything as it lands.
Yes, absolutely. Membership is managed through Buy Me a Coffee — you can cancel any time directly from your account. No long-term lock-in, no awkward cancellation flows.
The membership gives you ongoing access to the full library for a monthly fee. The store lets you buy individual resources once and own them permanently — good if you just need one specific cert pack.
Definitely. Head to @MotasemHamdan on YouTube — over 62K subscribers and a large back-catalogue of walkthroughs, tool demos, and methodology breakdowns. Best way to see if the teaching style clicks for you before committing to anything.
motasem-notes.net Practitioner-grade cybersecurity notes & resources.
Site Store YouTube Membership