Introduction
I have been working in offensive security since 2015, but cloud penetration testing was a new area for me. Before starting CARTE, I had done a lot of self-study and completed several cloud red team labs from different platforms, which helped me build confidence. I had also passed CHMRTS from CyberWarFare Labs, so I decided to go for CARTE.
In my opinion, if you do not have enough cloud security experience, it is better to start with CARTP first. Understanding the core concepts and building strong reconnaissance skills is very important, because recon is one of the main keys to succeeding in the CARTE exam.
I will not go into the full details of the course content here, as you can find the official information on the Altered Security website.
The CARTE Journey
I purchased CARTE during Black Friday with a 20% discount and selected the 30-day lab access option. At that time, I did not know exactly what to expect.
Once I started the course, I had access to the lab environment and the course videos by Nikhil Mittal and Keanu Nys. I downloaded the latest version of the material and went through the videos. The course was explained very well and with enough detail. Everything required to pass the exam is covered in the videos and labs.
Since I had already done some self-study before starting CARTE, most of the concepts were familiar to me, so I did not have major difficulties understanding the material.
Practice LAB
The lab can be accessed either through the web interface or by connecting through VPN. During my lab time, I did not experience any major performance issues. There were a few small technical issues, but the support team responded quickly and resolved them.
Overall, the lab experience was very good, and the level of support was better than what I had experienced in some other training platforms.
Exam Experience
Make sure to carefully read the exam description. The exam duration is 48 hours, followed by an additional 48 hours to prepare and submit the report.
The report is very important. You need to include enough screenshots, clearly explain what you did, why you did it, how you exploited each issue, and also provide defensive recommendations. All of these expectations are covered in the course.
I started the exam during the Iranian weekend at around 10 AM. It took about 15 minutes for the lab to be ready and to get RDP access to the exam machine. After that, it took me a few more minutes to set up my tools.
One important point is that, unlike the practice lab, you need to set up your own red team infrastructure and tools during the exam. Do not expect the exam machine to already have everything prepared for you.
The first steps were straightforward and did not take much time for me. However, in the middle of the exam, I faced some rabbit holes, which I had expected. I was stuck for a while until I reviewed my previous steps carefully.
Another important tip is to start writing your report during the exam. I documented each step, explained what I was doing, and saved my commands as I went. This helped a lot later when preparing the final report.
All the techniques required to complete the exam are included in the course materials, so I do not want to link to any external blog posts or YouTube videos. My main advice is this: reconnaissance is the key. If you get stuck at any step, go back and review your previous enumeration. Most of the time, you have probably missed something important.
Overall, CARTE was a challenging but very rewarding experience. It pushed me to think carefully, enumerate properly, and chain different concepts together in a realistic cloud environment.
https://www.credential.net/b9f7a6e2-2b30-4ff2-8da9-ca8d0477c059#acc.kZIQet51
