It's been a minute, folks. I recently wrapped up the ACRTP certification from PwnedLabs, and I wanted to share my experience about the bootcamp and exam experience.
Motivation & Background: Why Pwnedlabs?
I was looking to beef up my skills in cloud pentesting. A coworker suggested PwnedLabs & the ACRTP, and after messing around with a free lab on their platform, it just clicked. It felt right, especially after checking out options like CloudBreach and HackTricks.
I'm a senior pentester, so I wasn't totally new to the cloud game. I'd even taken the MCRTA from CWL, but honestly, it left me feeling like I needed more. My AWS experience was shallow at best, and I wanted a certification that would give me real competence.
My goal was simple: become a halfway decent cloud pentester. I wanted to be able to spot and exploit those "low-hanging" misconfigurations in AWS. Not to be the best, but to be a solid support during an actual cloud pentest at work. And hey, I have to admit, cloud pentesting can actually be pretty fun.
Course & Learning Experience: The On-Demand Grind
I went for the on-demand version because I found out about the live bootcamp super late. At first, I thought just hitting the "homework" labs would be enough. I was wrong. You need the bootcamp. Seriously, if you want to pass, opt for the live sessions and take tons of notes.
I spent about two months grinding, juggling a vacation, leading assessments, and some sick days. The first month was intense—I aimed for a lab a day, averaging an hour or two on the platform. Once the labs were done, I tackled Electra, their cyber range that mimics a real cloud pentest scenario.
The hardest part was absorbing the sheer volume of information and remembering all those finicky AWS commands. Seriously, AWS makes everything complicated.
whoami works everywhere else, but in AWS? You gotta use sts get-caller-identity.Tools-wise, the AWS CLI was the main player. I feel super comfortable with it now. CloudFox and Pacu were also useful, though Pacu had its moments where it was either amazing or completely useless.
Exam Experience: Tricky but Passable
My prep was solid: all the recommended labs and the Electra range. This gave me everything I needed to build a cheat sheet for the exam.The difficulty? If you follow the bootcamp and do the labs, you're practically set to pass. The exam is tricky, though, so stay sharp.
Did I hit a rabbit hole? Absolutely. It was tough trying to figure my way out, but I eventually did and came out a better pentester because of it.
Key Takeaways & Career Impact: Worth the Hype
The best part? I was able to apply what I learned mid-assessment at my job. That was an awesome moment, and I'm looking forward to using these skills more often.I’d recommend the ACRTP and Pwnedlabs to anyone interested in cloud security. It’s probably the best platform out there for learning cloud pentesting.
What's next for me? The MCRTP. Hopefully, I'll be reviewing that in a few weeks!