Hey all, back with another certification perspective. I recently cleared the CARTP certification from Altered Security. I’ll avoid getting into the details right away because that’s what this entire blog is about.
This is mostly going to be about why I picked the certification, how the course was, how I approached the learning process, what the exam experience looked like, and how much it ended up costing me. By the end, you should have a fair idea of whether CARTP is something worth considering for yourself.
Let’s dig in!
Chapter 1:
What is CARTP and Why Did I Take It?
CARTP (Cloud Red Team Tactics for Attacking & Defending Azure) is a certification focused on attacking Azure environments. It’s a beginner-friendly course and is very suitable for someone learning Azure for the first time. I was one of those people, and maybe you are too.
Why did I pick this certification? Primarily because I’m someone who does internal network pentesting on a day-to-day basis. I encounter Active Directory very often, and after compromising an AD domain, one of the next things you can do is move towards the cloud and compromise that infrastructure as well, assuming it’s in scope. That gives you extended impact during an assessment.
The problem was that after compromising AD, I didn’t really know how to proceed with compromising cloud environments. So yeah, I had heard very good things about this course from some close friends in the field, and I decided to go for it.
Chapter 2:
How Was the Course?
There are two ways to take this course.
The first is through the bootcamp. You’ll get to attend the course live, where Nikhil takes you through the content. It’s usually structured over 4 weeks, with 4-hour sessions every Friday. If you keep up with the pace, you’ll finish the course in about a month. After that, you get lifetime access to the course content and videos (the same videos you watched live), along with one-time lab access and an exam attempt.
The second option gives you the course content, lab access, and exam attempt, but without the live sessions.
I went with the second option because it costs less, and since the videos are the same, it was good enough for me. I didn’t really want to sit through the entire live session. That’s just me being lazy when it comes to concentrating for long hours. But Nikhil takes the course really well, trust me.
Cost matters of the certification, and I’ll talk about that at the end.
After purchasing the course, I got access to the course content, including the latest and previous bootcamp recordings, slides, tools used during the course, lab walkthrough videos, 30 days of lab access, and one exam attempt.
The course takes you through how Azure works and covers the fundamentals. It explains how Entra ID and Azure resources work. It doesn’t cover every type of Azure resource, but it does cover the most commonly encountered ones. For beginners, I think the coverage is pretty good. It also includes some interesting concepts around moving from cloud to on-prem and on-prem to cloud, which was one of the main reasons I picked the course in the first place.
Overall, it was a good starting point. This is just the first look, though. I’ll get into more details in the next chapter when I talk about my learning process.
Chapter 3:
How Was My Learning Process?
The learning process has a bit of backstory. I had previously taken the CRTE certification from the same company, which is another good course. However, I didn’t make proper use of the lab access back then because it was my first time, and I wasn’t able to get the most out of it. So this time, I approached things a little differently.
I watched all the course videos, took notes, referred to the blogs written for CARTP, and then started the lab access. I was only able to complete around 80% of the labs due to other commitments, but doing it this way was definitely useful.
After finishing the labs, whenever I thought about Azure, it still felt like I knew nothing about it. There was just a lot of content to digest, and I had to go through things multiple times.
This is where I felt the course structure had a small issue. The kill chains in the labs jump across different topics and later come back to something you had touched before. At times, I found myself wondering, “Wait, when did I get access to this resource?”. I wouldn’t exactly call it a problem because some of those concepts needed to be explained before the later attacks made sense. But if the learning path was a bit more sequential, it would have been easier to approach the kill chains during the learning phase.
Then I rewatched the course videos. While I was going through the course, another bootcamp had taken place, so I wanted to see if there was anything new or updated.
And then, the very next day, I took the exam :)
Chapter 4:
How Was My Exam Experience?
So, exam day. Nothing special about it. By that point, I had already spent around 6 months with the course content, so I just decided to take it up as a challenge.
I started the exam at 3 PM. The lab takes around 15 minutes to set up, and then you’re good to go. The kill chain in the exam was pretty straightforward. I got the final flag by the 3rd hour and then spent around 5 hours writing the report.
You’ll mostly be doing what you’ve already learned throughout the course. I can’t reveal much about the exam itself, but if your concepts are clear, that should be enough to get through it.
Chapter 5:
How Much Did I Really Spend?
I bought the course in November. With 30 days of lab access, it cost me around ₹33.5k INR. I think I got it at a discounted price. You’ll very often find discounts in the range of 10-20%, so I’d suggest waiting for one before purchasing. Nothing more, nothing less. After that, it’s all on your learning.
Chapter 6:
Closing thoughts!
As a student of this course, I would honestly say it fulfilled the purpose I took it for, and the content is really good, even though it has a few rough edges. Would I take another certification from Altered Security? Yes, if it’s something I want to learn. For beginners, or really anyone looking to get started with Azure security, I’d say go for it.
These are just my opinions based on my experience with the course
Timeline:
[Nov 21, 2025] - Bought the course!
[May 29, 2026] - Finished going through the course content
[May 30, 2026] - Took the examination
[Jun 04, 2024] - Received certificate!
