Red team work in India has matured fast. What used to be 'OSCP and figure it out' is now a stratified profession with EDR-aware tradecraft, mature C2 ops, and AD specialisation. If you're already past OSCP and wondering which red team cert to take next, here's the honest 2026 ranking — based on the operators we've actually placed into top BFSI red teams over the past two years.
The five certifications that matter
| Cert | Cost (₹) | Time | Focus | Recognition |
|---|---|---|---|---|
| OSEP | 1,55,000 | 200–300 h | AV/EDR evasion · advanced AD | Top tier |
| CRTO | 60,000 | 150–200 h | Cobalt Strike · adversary sim | Highly respected |
| CRTP | 20,000 | 60–80 h | AD foundations | Strong |
| CRTE | 35,000 | 80–120 h | Multi-forest AD | Specialist |
| OSCE3 (bundle) | 3,50,000 | 1,000+ h | Web · evasion · ROP | Elite (Top 5%) |
Cost in INR · time investment · what you actually learn
OSEP — the EDR-evasion cert
OSEP teaches AV/EDR evasion and advanced Active Directory tradecraft. The course content is hands-down the best paid material on AMSI/ETW patching, custom shellcode loaders, and modern AD lateral movement past Defender for Endpoint. The 48-hour exam is brutal in a good way — you'll need every technique the course covered.
CRTO — the C2 operator cert
CRTO is built around Cobalt Strike. You learn opsec, BOF development, malleable C2 profiles, and how to operate persistent implants the way real adversary simulators do. The course is half the price of OSEP and arguably more practical for actual red team engagements (where you'll be using Cobalt Strike, Brute Ratel, or a custom C2 anyway).
CRTP — the cheap AD entry
CRTP is the fastest path to credible AD depth on a résumé. ₹20,000, 30 days, single-forest AD environment with all the bread-and-butter techniques: Kerberoasting, AS-REP, ACL abuse, GPO abuse, basic lateral movement. We send our junior consultants here as their first add-on after OSCP.
- Cost ₹1,55,000
- EDR evasion deep-dive
- Custom loaders + AMSI/ETW patching
- 48h hands-on exam, no Cobalt Strike
- Better for AppSec-leaning red teamers
- Cost ₹60,000
- Cobalt Strike opsec
- BOF dev + malleable C2 profiles
- 48h hands-on exam, full C2 environment
- Better for adversary simulation roles
What Indian red teams actually look for
- OSCP as the baseline (90% of red team JDs)
- Either OSEP or CRTO as the differentiator (95% of senior JDs)
- AD depth — CRTP at minimum, CRTE preferred for senior
- Sample reports — sanitized engagement narratives, not just bug write-ups
- Opsec discipline — knowing what NOT to do is half the job
Salary & role landscape
| Profile | Salary range |
|---|---|
| OSCP only · 1-2y | ₹8–14 LPA |
| OSCP + CRTP/CRTO · 2-4y | ₹15–25 LPA |
| OSCP + OSEP · 3-5y | ₹22–35 LPA |
| OSCE3 holder · 5+y | ₹40–60 LPA + bonus |
| GCC red team · UAE | AED 25–40k / mo |
Macksofy's OSCP + AD red team bootcamp is one of several hands-on tracks Macksofy delivers across India and the UAE. CERT-In empanelled, OffSec/EC-Council authorized, with weekend cohorts and corporate batches.