These are my personal opinions based on my background and training experience.
The course reviewed is the On-Demand version.
This course materials included physical copies of the course slides and the course labs, inside the Rogue Arena there is access to digital course slides and course labs, and there are videos to go with the course inside Rogue Arena.
The videos, digital content and printed materials are just for you.
The lab environment is NOT* shared with other students by default. *Per the Rogue Arena website: "Tired of training alone? Users can share their scenario with others allowing them to execute Red Team attack scenarios, operating side by side with other operators."
At the time of this review, the course prices were listed as follows (Check the web site for actual prices!)
Standard $,1997.00 USD
Premium $2,997.00 USD
Enterprise [contact them for more information]
I have taken some of Nick's other training classes, where there was always something new to learn, so when ROPS-RT1 was announced, I signed up on the website and waited patiently for the On-Demand class to be released.
Disclaimer: I have personally known Nick since around 2018. I have taken a number of courses/videos/books/etc that Nick has created over the years to include the RTFMv2 and the RTFMv2 Video Library, so I had a pretty good idea of what to expect from him. (I also remember sitting next to him in our old OPs room answering Cobalt Strike questions for my apprentice qualifications.) Plus, I have worked on another cyber range that Nick created, and I had watched his videos on LinkedIn of Rogue Labs.... so I did not enter this blindly. But even as prepared as I was, everything surpassed what I expected and left me very impressed. With all that being said, it is an honor to be able to review this course and provide my opinion of it online for you to read.
As a Communication Arts major, I was always told Presentation is Everything, and while that is initially true, for me, the content has to hold up its end of the deal when it comes to training. To start, I will go over my first impressions of the material when it arrived at my house, my initial reaction to the course, the swag, and then the content of the course as well as my end-user experience using the Rogue Area range. Feel free to skip ahead to read just the review of the course materials if you aren't as interested in the marketing stuff as I was.
First impressions. I received an email with a tracking number, but I never got a chance to use it because the package arrived via UPS the next day. What arrived was a normal brown shipping box with Rogue Labs tape sealing the box shut (which was a neat touch because you could see the logo without having to read the label.) First photo below shows the tape. When I opened the box, there was a smaller box inside and the Rogue Labs logo was staring back at me. Second photo below shows the box inside the box. Opening the smaller box, I noticed "YOUR ADVENTURE AWAITS" on the lid, then my eyes dropped to the Rogue Labs logo and the backpack nestled inside. Third photo below shows the inner box after opening. When I lifted the backpack out, I noticed some text on the bottom of the box (which I won't spoil here but if you sign up and take the course and get your own box, figure out the surprise on your own as it shouldn't be too difficult.) Attached to the bag was a tag that had writing on both sides which was a Welcome message. Photo four and five below each show the bag with one side of the tag displayed. Inside the backpack was a Yeti with ROPS RT1 on it, and inside the Yeti was a lanyard, and four stickers. There was a t-shirt, two spiral bound binders (course slides and course labs) and a pen tucked inside one of the spiral bindings. Photo six below is all of it together. Photo seven below is the pen that was tucked in one of the spiral bound notebook spines.
I loved the presentation, which was at this point simply amazing, and I will always love swag (except I now have so much red team type swag that I am starting to question how much more I can collect). I messaged Nick and let him know my package arrived, and shortly afterwards, I received an email inviting me to login to Rogue Arena and create my account. That process was really easy, and I was able to log in with no issues, set my own password, and get started. Having watched some of the videos on LinkedIn, once logged in I noticed the starting screen looked exactly like I had expected, and the responsiveness of the site made me smile.
This part won't make sense until you sign up and log in, but Lifetime Metrics were on the upper left (hacking time, scenarios completed, and flags captured.) The bottom of the screen showed the number of VMs Running, the Environment deployed, the Uptime, Guest Users, and Hours of training along with a Deployment Manager button. The Virtual Machines section showed Windows Attack, Kali Attack and a View All Environment VM's button (which mine started with only the attack systems and a note telling me to "Complete all scenario tasks to reveal every backend virtual machine). What caught my eye on that screen was the OS logos, the status, and some metrics for each VM. Finally, the ROPS-RT1 side of that bottom bar shows the Unlocks left, Last Viewed, % Completed and then a button to View Course and an All Curriculums button. The VMs opened so smoothly as did the View Course area. The View Course button has both digital slides and videos. The videos are good quality and were very smooth. I realized after I logged in that a whole lot of time, effort and love had been placed into everything from the physical materials to the digital materials (videos and lab) and it looked and felt amazing. I'll say it again... this blew past any expectations I had and to say I was very impressed is an understatement.
The format I am reviewing is the On-Demand course. I got the materials listed above, but when I logged in, I also had digital materials in the environment. The older I have gotten, the more I prefer either live training or video training (I really like to hear and read the materials), so having physical copies to make notes on, and digital content to listen to was very nice. The videos can be adjusted for faster or slower speed, so if you want to blaze through the videos super-fast, you can speed it up (Nick already talks fairly fast so I ran at 1.25 and that was perfect for me because any faster and I was struggling to keep up), or you can slow it down to give yourself a little more time to ingest the materials. Another thing I like about videos is that I can watch the video segment, then restart it in the background and follow along in the environment.
Your experience may vary, so this review is from the December 2024/January 2025 time frame. I started the course, took a small break to visit family for the holidays and then had some family issues that sort of delayed me for a bit, and when I jumped back in there had been numerous updates to Rogue Arena as well as to the course materials. This is something you want because it means they are putting in a lot of effort to keep things updated and relevant.
0: Red Team
Introduction: An Introduction to ROPS-RT1
The course starts with an introduction, which contains information needed to get your started. You might be tempted to skip this section and jump into the actual materials, but Nick goes over information that you will probably find extremely helpful. This section has a Rogue Arena tour, giving you a solid overview of the system. The Red Team video goes over what a Red Team is and how it differs from a penetration test, Red Team Methodology, and many other important topics.
1: Planning & Infrastructure
This has the longest video in the series. It builds the foundation for what follows like planning and infrastructure, and so much more. This section has a lot of information on various C2 Frameworks as well as Cobalt Strike (which is the C2 that is used in this course). Other topics covered are redirectors, protocols, domain fronting, as well as the setup of infrastructure for the course. Speaking of super long videos, let me take a second to discuss my favorite thing about all these videos no matter how long or short that they are... I watched about 39 minutes of the Planning & Infrastructure video, and life happened, and I had to step away from my computer and I didn't make it to the materials until the next day. When I opened the video the next day, the video was ready and waiting at the exact time I had left off. So, there was no need to fast forward, or jot a note down about what time I stopped watching and then try to get it near enough to where I left off. This was for all videos I watched in the same browser. (I did switch browsers once and noticed the video started from the beginning, but as long as I stayed in the same browser I could pick up where I left off..
I opted to do the stretch labs at the same time I was doing the main labs, but only because I felt like my experience level was at the point of allowing me to do these without taking time away from the rest of the course. As a beginner, you may benefit from going through the course first, and then come back to these extra, more advanced, labs. Nick mentions this in the videos, and I think it is great advice, so I am adding it here as well.
2: Recon & Development
This section goes into scanning, OSINT, and Phishing.
Since the phishing steps are pretty complex, Nick breaks it down so that even new students can follow along and get their first successful phishing callback.
Once again, I jumped straight to the stretch lab and went the extra mile, which means that I did not get that "extra" callback that he talks about in the video. I'd recommend that you go through the main lab and get the extra callback and get used to going through all the steps described in the course. Get the practice in of checking each machine and making sure it is either in scope or out of scope so that in the real world you will already be conditioned to check and report off limit callbacks to your team lead.
3: Initial Access & Interrogation
In that last section I mentioned in scope and out of scope callbacks. This is the section that teaches you how to make sure each machine is either in scope or out of scope. It starts with some old school commands to get you started on performing situational awareness (SA), but keep in mind that you probably won't use these in the real world*.
Next, you learn to run Beacon Object Files (BOF) to perform your SA, and Nick will explain the differences between running commands the old way vs the BOF way.
*We used to joke about off-limits commands and how they were never ever to be run. Until the situation reached a point where one of the commands had to be run. When asked about running the off-limits commands, we were told, 'you never run them until you do' or something similar to that. Knowing how to run these commands is good, even if you never use them in the real world. If you don't learn them before your event, your customer may have a requirement to run them. Better prepared than caught unaware
4: Initial Access & Interrogation
Ok, I reached the end of section 3 and I noticed there were only two sections left. On the start screen, I noticed 11% Completed 3/26, but wasn't thinking much about that. Then I opened section 4, and watched the data flow off my screen. It goes from Lab 07 to Lab 23, so this is the heart of the entire course. Section 1 may have the longest video, but Section 4 has the most labs.
I will also say that when Nick talks about red team things, like having people ready to persist a box after a successful phishing campaign, take note. He has the experience and the background to throw tips out there like this, that are critical things some teams don't think about. And my two cents on that topic... You might get a beacon back from a phish and the user takes the time to open the email and click the link, but it is nearing the end of the day, and the user is getting ready to go home so after clicking the link, and looking at whatever content is displayed, they then power their machine off. Having a playbook ready to set up user level persistence is a really smart move. Get the callback, quick SA, then run the playbook commands and get persistence. If luck is on your side and you are fast enough, you may be able to persist the box before the user logs out. If not, you may have to wait for another user to click the link or worse yet, get permission and send the phish again.
I have noticed that several times in the videos, Nick mentions learning certain things so that if you have never been on a red team, and you take this class and then get your first job, you will already have some insight into common things that a red team might do. Like using loaders for your shellcode. You will probably be using different shellcode loaders (maybe a different C2 and different tools), but in my opinion, having the experience with multiple tools makes for a well-rounded red teamer.
Nick also draws on his years of training experience and seeing the mistakes that many students make over and over again, and he brings these up throughout the videos as things to watch for and what the correct path is. He draws attention to these areas in an effort to make things as easy for the student as possible, and so if you are a new student, when he talks about things to watch out for, jot down notes in your slides so these little things won't bite you during the exam or on a real OP.
One of my favorite modules was the DLL Proxy section. This is always fun, and Nick does a great job of simplifying the process for all students. In another class that Nick developed, he had students learn to make C# code from almost scratch, and that rekindled my desire in programming that had mostly been dormant since college (I never stopped 'scripting' with batch and bash so I never lost that love, but now I program in C#, C++ and other languages....often with the help of ChatGPT but I was in college a long time ago so I am rusty and need the help to get back up to speed).
I won't go into a lot of details for this section, but you can look at the ROPS-RT1 OUTLINE at the following page and get an idea of all the different modules in this section. https://www.roguelabs.io/rops-rt1
5: Impact
This section starts with "Impact / Pass The Ticket" and "SSH Key / Tunneling". I love the focus on Kerberos, and Tunneling is always fun. I will say that as long as the last section appeared, it passed really quickly. I was starting to get a little sad here seeing my % complete at over 80% meaning the class was nearing the end.
It was in this section, nearing the end, when I clicked play on the next video, and I heard Nick's intro and did a double take. I was like, "WHAT????" No spoilers here, but that was a super neat twist that I really liked. Nick makes the training fun, and little twists help keep students engaged.
I wasn't going to talk about it, but I changed my mind. Logging and cleaning up. Not the most fun things in red teaming, but such a critical skill that you must learn. As long as everyone on the OP has logged properly, if you are ever called to cleanup after an event the clean up goes so much smoother. Just understand that I can't stress enough how important logging is.
One of the things I think is neat, and often overlooked in other training, is teaching the student to compile stuff on Linux like is done in the Phishing Payload section. And while I have never done this on an actual OP (we had other options), I have used this so many times on CTFs, and in numerous tests in my home lab environment, with great success. I've even used it to get around A/V when other methods failed. Your experience may vary, but learning the technique is pretty cool.
During my time taking the on-demand course, Nick was constantly posting to the Discord channel and interacting with students. He posts updates and keeps everyone informed about what is going on. There was a power outage that shut the servers down during my time taking the class, and Nick went in and stood up everyone's teamserver and ensured they had a callback and could pick up where they left off. That was an amazing level of service.
I have not attempted the exam.
I loved everything about the training. I would highly recommend this training to anyone interested in entering the red team world, or anyone already working as a red team member.
If you read this review and end up signing up for ROPS-RT1 based off my recommendation, please tell Nick that you heard about it from the Red Team Training Review's website.