HTB Certified Active Directory Pentesting Expert
HTB's advanced Active Directory exploitation certification covering Kerberos and NTLM attacks, ADCS misconfigurations (ESC1-ESC11), WSUS, Exchange, and Domain Trust attack paths. Designed for senior red-teamers and pentesters operating in enterprise AD environments. Closest hands-on equivalent to CRTO/CRTM specifically for AD. Practical exam with realistic enterprise AD lab and full report submission.
What you'll prove
- Execute advanced Kerberos and NTLM attack chains in enterprise AD environments
- Identify and exploit ADCS misconfigurations including ESC1 through ESC11 patterns
- Compromise WSUS and Exchange infrastructures for lateral movement and privilege escalation
- Abuse Domain Trust relationships to pivot across forest boundaries
- Apply detection-aware tradecraft to operate against monitored AD environments
- Write enterprise-grade AD pentest reports with attack path documentation
Frequently asked
How much does HTB CAPE cost?
$1,260 USD via the Gold Annual HTB Academy subscription, which includes the exam voucher and the full AD Penetration Tester job-role path.
HTB CAPE vs CRTP/CRTE — which AD cert?
CRTP and CRTE (Pentester Academy / Altered Security) have strong community recognition and lower price points but the platform is older. CAPE covers the most current AD attack paths (ADCS ESC chains, modern Exchange/WSUS abuse) with HTB's polished training. CRTP for affordability and breadth; CAPE for currency and depth on modern enterprise AD.