[Bnshsysjab]

Does knowing some obscure nmap flag really make you a good baseline candidate? Aptitude tests are hard, but CRT was silly things like ‘what normally runs on port 1433’. I don’t care. I have 2 devices that can google on my person at anytime when the question is relevant. I’d prefer to see MCS*, OSCP, OSCE, hell even pentesterlabs stuff. Anything that runs at or near actual cost of development.

I also don’t take financial reports as gospel. I’m no finance guru but assume it’s possible / easy to hide money, or it gets reinvested into marketing the notion that crest actually matters, the former at which doesn’t make the thing a giant scam at least.

[rtempaccount1]

Any multiple choice exam is going to not necessarily mimic the real world, but doing exams that do is pretty tricky, and I can't think of one in the pentest world that gets it right (e.g. OSCP can't think of any time I've had a 24 hour window for a pentest, whilst sitting in a single room with no assistance and someone watching me from a webcam).

CRT has a practical element which demonstrates knowledge of tools, and the CCT bumps that up quite a bit.

On the second point, I think accusing CREST of financial shenanigans is a bit of a stretch given you think they should make more money than their public accounts show they do.